VirtualBox

Ticket #15794: VBoxHardening.log

File VBoxHardening.log, 261.1 KB (added by luk3Z, 8 years ago)
Line 
123c.938: Log file opened: 5.1.2r108956 g_hStartupLog=00000010 g_uNtVerCombined=0x611db110
223c.938: \SystemRoot\System32\ntdll.dll:
323c.938: CreationTime: 2010-12-10T18:15:59.794693700Z
423c.938: LastWriteTime: 2010-12-10T18:15:59.794693700Z
523c.938: ChangeTime: 2015-11-19T22:32:45.384846400Z
623c.938: FileAttributes: 0x20
723c.938: Size: 0x13a928
823c.938: NT Headers: 0xd0
923c.938: Timestamp: 0x4ce7b96e
1023c.938: Machine: 0x14c - i386
1123c.938: Timestamp: 0x4ce7b96e
1223c.938: Image Version: 6.1
1323c.938: SizeOfImage: 0x13c000 (1294336)
1423c.938: Resource Dir: 0xe0000 LB 0x560d8
1523c.938: ProductName: Microsoft® Windows® Operating System
1623c.938: ProductVersion: 6.1.7601.17514
1723c.938: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
1823c.938: FileDescription: NT Layer DLL
1923c.938: \SystemRoot\System32\kernel32.dll:
2023c.938: CreationTime: 2010-12-10T18:16:02.041097700Z
2123c.938: LastWriteTime: 2010-12-10T18:16:02.041097700Z
2223c.938: ChangeTime: 2015-11-19T22:32:37.085631800Z
2323c.938: FileAttributes: 0x20
2423c.938: Size: 0xd1600
2523c.938: NT Headers: 0xf0
2623c.938: Timestamp: 0x4ce7b8ef
2723c.938: Machine: 0x14c - i386
2823c.938: Timestamp: 0x4ce7b8ef
2923c.938: Image Version: 6.1
3023c.938: SizeOfImage: 0xd4000 (868352)
3123c.938: Resource Dir: 0xc7000 LB 0x528
3223c.938: ProductName: Microsoft® Windows® Operating System
3323c.938: ProductVersion: 6.1.7601.17514
3423c.938: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
3523c.938: FileDescription: Windows NT BASE API Client DLL
3623c.938: \SystemRoot\System32\KernelBase.dll:
3723c.938: CreationTime: 2010-12-10T18:15:59.747893700Z
3823c.938: LastWriteTime: 2010-12-10T18:15:59.747893700Z
3923c.938: ChangeTime: 2015-11-19T22:32:37.148031900Z
4023c.938: FileAttributes: 0x20
4123c.938: Size: 0x46600
4223c.938: NT Headers: 0xe0
4323c.938: Timestamp: 0x4ce7b8f0
4423c.938: Machine: 0x14c - i386
4523c.938: Timestamp: 0x4ce7b8f0
4623c.938: Image Version: 6.1
4723c.938: SizeOfImage: 0x4a000 (303104)
4823c.938: Resource Dir: 0x46000 LB 0x530
4923c.938: ProductName: Microsoft® Windows® Operating System
5023c.938: ProductVersion: 6.1.7601.17514
5123c.938: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
5223c.938: FileDescription: Windows NT BASE API Client DLL
5323c.938: \SystemRoot\System32\apisetschema.dll:
5423c.938: CreationTime: 2010-04-02T02:39:32.166495800Z
5523c.938: LastWriteTime: 2010-04-02T03:07:02.217312800Z
5623c.938: ChangeTime: 2015-11-19T22:32:21.610404600Z
5723c.938: FileAttributes: 0x20
5823c.938: Size: 0x3168
5923c.938: NT Headers: 0xc0
6023c.938: Timestamp: 0x4a5bd9b5
6123c.938: Machine: 0x14c - i386
6223c.938: Timestamp: 0x4a5bd9b5
6323c.938: Image Version: 6.1
6423c.938: SizeOfImage: 0x50000 (327680)
6523c.938: Resource Dir: 0x30000 LB 0x3f0
6623c.938: ProductName: Microsoft® Windows® Operating System
6723c.938: ProductVersion: 6.1.7600.16385
6823c.938: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
6923c.938: FileDescription: ApiSet Schema DLL
7023c.938: supR3HardenedWinFindAdversaries: 0x0
7123c.938: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
7223c.938: Calling main()
7323c.938: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
7423c.938: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
7523c.938: SUPR3HardenedMain: Respawn #1
7623c.938: System32: \Device\HarddiskVolume2\Windows\System32
7723c.938: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
7823c.938: KnownDllPath: C:\Windows\system32
7923c.938: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
8023c.938: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
8123c.938: supR3HardNtEnableThreadCreation:
8223c.938: supR3HardNtDisableThreadCreation: pvLdrInitThunk=779d3653 pvNtTerminateThread=779b68d8
8323c.938: supR3HardenedWinDoReSpawn(1): New child 590.6c [kernel32].
8423c.938: supR3HardNtChildGatherData: PebBaseAddress=7ffdf000 cbPeb=0x248
8523c.938: supR3HardNtPuChFindNtdll: uNtDllParentAddr=77970000 uNtDllChildAddr=77970000
8623c.938: supR3HardenedWinSetupChildInit: uLdrInitThunk=779d3653
8723c.938: supR3HardenedWinSetupChildInit: Start child.
8823c.938: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
8923c.938: supR3HardNtChildPurify: Startup delay kludge #1/0: 265 ms, 0 sleeps
9023c.938: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
9123c.938: *00000000-fffeffff 0x0001/0x0000 0x0000000
9223c.938: *00010000-fffeffff 0x0004/0x0004 0x0020000
9323c.938: *00030000-0002bfff 0x0002/0x0002 0x0040000
9423c.938: 00034000-00027fff 0x0001/0x0000 0x0000000
9523c.938: *00040000-0003efff 0x0004/0x0004 0x0020000
9623c.938: 00041000-fff91fff 0x0001/0x0000 0x0000000
9723c.938: *000f0000-ffff2fff 0x0000/0x0004 0x0020000
9823c.938: 001ed000-001ebfff 0x0104/0x0004 0x0020000
9923c.938: 001ee000-001ebfff 0x0004/0x0004 0x0020000
10023c.938: 001f0000-ff18ffff 0x0001/0x0000 0x0000000
10123c.938: *01250000-01250fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
10223c.938: 01251000-012b5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
10323c.938: 012b6000-012b6fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
10423c.938: 012b7000-012effff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
10523c.938: 012f0000-012f0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
10623c.938: 012f1000-012f1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
10723c.938: 012f2000-012f2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
10823c.938: 012f3000-012f3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
10923c.938: 012f4000-012f8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
11023c.938: 012f9000-012fbfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
11123c.938: 012fc000-0133ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
11223c.938: 01340000-8ad0ffff 0x0001/0x0000 0x0000000
11323c.938: *77970000-77970fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
11423c.938: 77971000-77a46fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
11523c.938: 77a47000-77a4ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
11623c.938: 77a50000-77aabfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
11723c.938: 77aac000-779a7fff 0x0001/0x0000 0x0000000
11823c.938: *77bb0000-77bb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
11923c.938: 77bb1000-6f7b1fff 0x0001/0x0000 0x0000000
12023c.938: *7ffb0000-7ff8cfff 0x0002/0x0002 0x0040000
12123c.938: 7ffd3000-7ffc7fff 0x0001/0x0000 0x0000000
12223c.938: *7ffde000-7ffdcfff 0x0004/0x0004 0x0020000
12323c.938: *7ffdf000-7ffddfff 0x0004/0x0004 0x0020000
12423c.938: *7ffe0000-7ffdefff 0x0002/0x0002 0x0020000
12523c.938: 7ffe1000-7ffd1fff 0x0001/0x0002 0x0020000
12623c.938: apisetschema.dll: timestamp 0x4a5bd9b5 (rc=VINF_SUCCESS)
12723c.938: VirtualBox.exe: timestamp 0x5790f293 (rc=VINF_SUCCESS)
12823c.938: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
12923c.938: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
13023c.938: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
13123c.938: supR3HardNtChildPurify: Done after 343 ms and 0 fixes (loop #0).
132590.6c: Log file opened: 5.1.2r108956 g_hStartupLog=00000004 g_uNtVerCombined=0x611db100
133590.6c: supR3HardenedVmProcessInit: uNtDllAddr=77970000 g_uNtVerCombined=0x611db100
134590.6c: ntdll.dll: timestamp 0x4ce7b96e (rc=VINF_SUCCESS)
135590.6c: New simple heap: #1 002f0000 LB 0x400000 (for 1294336 allocation)
13623c.938: supR3HardNtEnableThreadCreation:
137590.6c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
138590.6c: System32: \Device\HarddiskVolume2\Windows\System32
139590.6c: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
140590.6c: KnownDllPath: C:\Windows\system32
141590.6c: supR3HardenedVmProcessInit: Opening vboxdrv stub...
142590.6c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
143590.6c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
144590.6c: Registered Dll notification callback with NTDLL.
145590.6c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
146590.6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
147590.6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000:<flags> [calling]
148590.6c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
149590.6c: supR3HardenedDllNotificationCallback: load 75fc0000 LB 0x000d4000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
150590.6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
151590.6c: supR3HardenedDllNotificationCallback: load 75b40000 LB 0x0004a000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
152590.6c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
153590.6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
154590.6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75fc0000 'C:\Windows\system32\kernel32.dll'
155590.6c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=779d3653 pvNtTerminateThread=779b68d8
15623c.938: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 78 ms.
157590.6c: \SystemRoot\System32\ntdll.dll:
158590.6c: CreationTime: 2010-12-10T18:15:59.794693700Z
159590.6c: LastWriteTime: 2010-12-10T18:15:59.794693700Z
160590.6c: ChangeTime: 2015-11-19T22:32:45.384846400Z
161590.6c: FileAttributes: 0x20
162590.6c: Size: 0x13a928
163590.6c: NT Headers: 0xd0
164590.6c: Timestamp: 0x4ce7b96e
165590.6c: Machine: 0x14c - i386
166590.6c: Timestamp: 0x4ce7b96e
167590.6c: Image Version: 6.1
168590.6c: SizeOfImage: 0x13c000 (1294336)
169590.6c: Resource Dir: 0xe0000 LB 0x560d8
170590.6c: ProductName: Microsoft® Windows® Operating System
171590.6c: ProductVersion: 6.1.7601.17514
172590.6c: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
173590.6c: FileDescription: NT Layer DLL
174590.6c: \SystemRoot\System32\kernel32.dll:
175590.6c: CreationTime: 2010-12-10T18:16:02.041097700Z
176590.6c: LastWriteTime: 2010-12-10T18:16:02.041097700Z
177590.6c: ChangeTime: 2015-11-19T22:32:37.085631800Z
178590.6c: FileAttributes: 0x20
179590.6c: Size: 0xd1600
180590.6c: NT Headers: 0xf0
181590.6c: Timestamp: 0x4ce7b8ef
182590.6c: Machine: 0x14c - i386
183590.6c: Timestamp: 0x4ce7b8ef
184590.6c: Image Version: 6.1
185590.6c: SizeOfImage: 0xd4000 (868352)
186590.6c: Resource Dir: 0xc7000 LB 0x528
187590.6c: ProductName: Microsoft® Windows® Operating System
188590.6c: ProductVersion: 6.1.7601.17514
189590.6c: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
190590.6c: FileDescription: Windows NT BASE API Client DLL
191590.6c: \SystemRoot\System32\KernelBase.dll:
192590.6c: CreationTime: 2010-12-10T18:15:59.747893700Z
193590.6c: LastWriteTime: 2010-12-10T18:15:59.747893700Z
194590.6c: ChangeTime: 2015-11-19T22:32:37.148031900Z
195590.6c: FileAttributes: 0x20
196590.6c: Size: 0x46600
197590.6c: NT Headers: 0xe0
198590.6c: Timestamp: 0x4ce7b8f0
199590.6c: Machine: 0x14c - i386
200590.6c: Timestamp: 0x4ce7b8f0
201590.6c: Image Version: 6.1
202590.6c: SizeOfImage: 0x4a000 (303104)
203590.6c: Resource Dir: 0x46000 LB 0x530
204590.6c: ProductName: Microsoft® Windows® Operating System
205590.6c: ProductVersion: 6.1.7601.17514
206590.6c: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
207590.6c: FileDescription: Windows NT BASE API Client DLL
208590.6c: \SystemRoot\System32\apisetschema.dll:
209590.6c: CreationTime: 2010-04-02T02:39:32.166495800Z
210590.6c: LastWriteTime: 2010-04-02T03:07:02.217312800Z
211590.6c: ChangeTime: 2015-11-19T22:32:21.610404600Z
212590.6c: FileAttributes: 0x20
213590.6c: Size: 0x3168
214590.6c: NT Headers: 0xc0
215590.6c: Timestamp: 0x4a5bd9b5
216590.6c: Machine: 0x14c - i386
217590.6c: Timestamp: 0x4a5bd9b5
218590.6c: Image Version: 6.1
219590.6c: SizeOfImage: 0x50000 (327680)
220590.6c: Resource Dir: 0x30000 LB 0x3f0
221590.6c: ProductName: Microsoft® Windows® Operating System
222590.6c: ProductVersion: 6.1.7600.16385
223590.6c: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
224590.6c: FileDescription: ApiSet Schema DLL
225590.6c: supR3HardenedWinFindAdversaries: 0x0
226590.6c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
227590.6c: Calling main()
228590.6c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
229590.6c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
230590.6c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
231590.6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
232590.6c: SUPR3HardenedMain: Respawn #2
233590.6c: supR3HardNtEnableThreadCreation:
234590.6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\embdtrst.dll)
235590.6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\embdtrst.dll
236590.6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\EmbdTrst.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00842b9c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
237590.6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\embdtrst.dll [lacks WinVerifyTrust]
238590.6c: supR3HardenedDllNotificationCallback: load 75860000 LB 0x00005000 C:\Windows\system32\EmbdTrst.DLL [fFlags=0x0]
239590.6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\embdtrst.dll [lacks WinVerifyTrust]
240590.6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75860000 'C:\Windows\system32\EmbdTrst.DLL'
241590.6c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
242590.6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
243590.6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000:<flags> [calling]
244590.6c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
245590.6c: supR3HardenedDllNotificationCallback: load 757a0000 LB 0x0004c000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
246590.6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
247590.6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=757a0000 'C:\Windows\system32\apphelp.dll'
248590.6c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=779d3653 pvNtTerminateThread=779b68d8
249590.6c: supR3HardenedWinDoReSpawn(2): New child ce8.460 [kernel32].
250590.6c: supR3HardNtChildGatherData: PebBaseAddress=7ffdf000 cbPeb=0x248
251590.6c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=77970000 uNtDllChildAddr=77970000
252590.6c: supR3HardenedWinSetupChildInit: uLdrInitThunk=779d3653
253590.6c: supR3HardenedWinSetupChildInit: Start child.
254590.6c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
255590.6c: supR3HardNtChildPurify: Startup delay kludge #1/0: 260 ms, 0 sleeps
256590.6c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
257590.6c: *00000000-fffeffff 0x0001/0x0000 0x0000000
258590.6c: *00010000-fffeffff 0x0004/0x0004 0x0020000
259590.6c: *00030000-0002bfff 0x0002/0x0002 0x0040000
260590.6c: 00034000-00027fff 0x0001/0x0000 0x0000000
261590.6c: *00040000-0003efff 0x0004/0x0004 0x0020000
262590.6c: 00041000-fffe1fff 0x0001/0x0000 0x0000000
263590.6c: *000a0000-fffa2fff 0x0000/0x0004 0x0020000
264590.6c: 0019d000-0019bfff 0x0104/0x0004 0x0020000
265590.6c: 0019e000-0019bfff 0x0004/0x0004 0x0020000
266590.6c: 001a0000-ff0effff 0x0001/0x0000 0x0000000
267590.6c: *01250000-01250fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
268590.6c: 01251000-012b5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
269590.6c: 012b6000-012b6fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
270590.6c: 012b7000-012effff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
271590.6c: 012f0000-012f0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
272590.6c: 012f1000-012f1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
273590.6c: 012f2000-012f2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
274590.6c: 012f3000-012f3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
275590.6c: 012f4000-012f8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
276590.6c: 012f9000-012fbfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
277590.6c: 012fc000-0133ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
278590.6c: 01340000-8ad0ffff 0x0001/0x0000 0x0000000
279590.6c: *77970000-77970fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
280590.6c: 77971000-77a46fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
281590.6c: 77a47000-77a4ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
282590.6c: 77a50000-77aabfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
283590.6c: 77aac000-779a7fff 0x0001/0x0000 0x0000000
284590.6c: *77bb0000-77bb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
285590.6c: 77bb1000-6f7b1fff 0x0001/0x0000 0x0000000
286590.6c: *7ffb0000-7ff8cfff 0x0002/0x0002 0x0040000
287590.6c: 7ffd3000-7ffc7fff 0x0001/0x0000 0x0000000
288590.6c: *7ffde000-7ffdcfff 0x0004/0x0004 0x0020000
289590.6c: *7ffdf000-7ffddfff 0x0004/0x0004 0x0020000
290590.6c: *7ffe0000-7ffdefff 0x0002/0x0002 0x0020000
291590.6c: 7ffe1000-7ffd1fff 0x0001/0x0002 0x0020000
292590.6c: apisetschema.dll: timestamp 0x4a5bd9b5 (rc=VINF_SUCCESS)
293590.6c: VirtualBox.exe: timestamp 0x5790f293 (rc=VINF_SUCCESS)
294590.6c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
295590.6c: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
296590.6c: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
297590.6c: supR3HardNtChildPurify: Done after 340 ms and 0 fixes (loop #0).
298ce8.460: Log file opened: 5.1.2r108956 g_hStartupLog=00000004 g_uNtVerCombined=0x611db100
299ce8.460: supR3HardenedVmProcessInit: uNtDllAddr=77970000 g_uNtVerCombined=0x611db100
300ce8.460: ntdll.dll: timestamp 0x4ce7b96e (rc=VINF_SUCCESS)
301ce8.460: New simple heap: #1 002a0000 LB 0x400000 (for 1294336 allocation)
302590.6c: supR3HardenedEarlyCompact: Removed heap 1 (0x2f0000 LB 0x400000)
303590.6c: supR3HardNtEnableThreadCreation:
304ce8.460: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
305ce8.460: System32: \Device\HarddiskVolume2\Windows\System32
306ce8.460: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
307ce8.460: KnownDllPath: C:\Windows\system32
308ce8.460: supR3HardenedVmProcessInit: Opening vboxdrv...
309ce8.460: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
310ce8.460: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
311ce8.460: Registered Dll notification callback with NTDLL.
312ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
313ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
314ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000:<flags> [calling]
315ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
316ce8.460: supR3HardenedDllNotificationCallback: load 75fc0000 LB 0x000d4000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
317ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
318ce8.460: supR3HardenedDllNotificationCallback: load 75b40000 LB 0x0004a000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
319ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
320ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
321ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75fc0000 'C:\Windows\system32\kernel32.dll'
322ce8.460: supR3HardNtDisableThreadCreation: pvLdrInitThunk=779d3653 pvNtTerminateThread=779b68d8
323590.6c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 89 ms.
324ce8.460: \SystemRoot\System32\ntdll.dll:
325ce8.460: CreationTime: 2010-12-10T18:15:59.794693700Z
326ce8.460: LastWriteTime: 2010-12-10T18:15:59.794693700Z
327ce8.460: ChangeTime: 2015-11-19T22:32:45.384846400Z
328ce8.460: FileAttributes: 0x20
329ce8.460: Size: 0x13a928
330ce8.460: NT Headers: 0xd0
331ce8.460: Timestamp: 0x4ce7b96e
332ce8.460: Machine: 0x14c - i386
333ce8.460: Timestamp: 0x4ce7b96e
334ce8.460: Image Version: 6.1
335ce8.460: SizeOfImage: 0x13c000 (1294336)
336ce8.460: Resource Dir: 0xe0000 LB 0x560d8
337ce8.460: ProductName: Microsoft® Windows® Operating System
338ce8.460: ProductVersion: 6.1.7601.17514
339ce8.460: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
340ce8.460: FileDescription: NT Layer DLL
341ce8.460: \SystemRoot\System32\kernel32.dll:
342ce8.460: CreationTime: 2010-12-10T18:16:02.041097700Z
343ce8.460: LastWriteTime: 2010-12-10T18:16:02.041097700Z
344ce8.460: ChangeTime: 2015-11-19T22:32:37.085631800Z
345ce8.460: FileAttributes: 0x20
346ce8.460: Size: 0xd1600
347ce8.460: NT Headers: 0xf0
348ce8.460: Timestamp: 0x4ce7b8ef
349ce8.460: Machine: 0x14c - i386
350ce8.460: Timestamp: 0x4ce7b8ef
351ce8.460: Image Version: 6.1
352ce8.460: SizeOfImage: 0xd4000 (868352)
353ce8.460: Resource Dir: 0xc7000 LB 0x528
354ce8.460: ProductName: Microsoft® Windows® Operating System
355ce8.460: ProductVersion: 6.1.7601.17514
356ce8.460: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
357ce8.460: FileDescription: Windows NT BASE API Client DLL
358ce8.460: \SystemRoot\System32\KernelBase.dll:
359ce8.460: CreationTime: 2010-12-10T18:15:59.747893700Z
360ce8.460: LastWriteTime: 2010-12-10T18:15:59.747893700Z
361ce8.460: ChangeTime: 2015-11-19T22:32:37.148031900Z
362ce8.460: FileAttributes: 0x20
363ce8.460: Size: 0x46600
364ce8.460: NT Headers: 0xe0
365ce8.460: Timestamp: 0x4ce7b8f0
366ce8.460: Machine: 0x14c - i386
367ce8.460: Timestamp: 0x4ce7b8f0
368ce8.460: Image Version: 6.1
369ce8.460: SizeOfImage: 0x4a000 (303104)
370ce8.460: Resource Dir: 0x46000 LB 0x530
371ce8.460: ProductName: Microsoft® Windows® Operating System
372ce8.460: ProductVersion: 6.1.7601.17514
373ce8.460: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
374ce8.460: FileDescription: Windows NT BASE API Client DLL
375ce8.460: \SystemRoot\System32\apisetschema.dll:
376ce8.460: CreationTime: 2010-04-02T02:39:32.166495800Z
377ce8.460: LastWriteTime: 2010-04-02T03:07:02.217312800Z
378ce8.460: ChangeTime: 2015-11-19T22:32:21.610404600Z
379ce8.460: FileAttributes: 0x20
380ce8.460: Size: 0x3168
381ce8.460: NT Headers: 0xc0
382ce8.460: Timestamp: 0x4a5bd9b5
383ce8.460: Machine: 0x14c - i386
384ce8.460: Timestamp: 0x4a5bd9b5
385ce8.460: Image Version: 6.1
386ce8.460: SizeOfImage: 0x50000 (327680)
387ce8.460: Resource Dir: 0x30000 LB 0x3f0
388ce8.460: ProductName: Microsoft® Windows® Operating System
389ce8.460: ProductVersion: 6.1.7600.16385
390ce8.460: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
391ce8.460: FileDescription: ApiSet Schema DLL
392ce8.460: supR3HardenedWinFindAdversaries: 0x0
393ce8.460: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
394ce8.460: Calling main()
395ce8.460: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
396ce8.460: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
397ce8.460: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
398ce8.460: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
399ce8.460: SUPR3HardenedMain: Final process, opening VBoxDrv...
400ce8.460: supR3HardenedEarlyCompact: Removed heap 1 (0x2a0000 LB 0x400000)
401ce8.460: supR3HardNtEnableThreadCreation:
402ce8.460: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
403ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
404ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
405ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
406ce8.460: supR3HardenedDllNotificationCallback: load 72400000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
407ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
408ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
409ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
410ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72400000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
411ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
412ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
413ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72400000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
414ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72400000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
415ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
416ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
417ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
418ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
419ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
420ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
421ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
422ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
423ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
424ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
425ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
426ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
427ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
428ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
429ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
430ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
431ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
432ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
433ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
434ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
435ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
436ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
437ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
438ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
439ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
440ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
441ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
442ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
443ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
444ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
445ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
446ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
447ce8.460: supR3HardenedDllNotificationCallback: load 75d90000 LB 0x0002d000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
448ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
449ce8.460: supR3HardenedDllNotificationCallback: load 778c0000 LB 0x000ac000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
450ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
451ce8.460: supR3HardenedDllNotificationCallback: load 75b90000 LB 0x0011d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
452ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
453ce8.460: supR3HardenedDllNotificationCallback: load 75b30000 LB 0x0000c000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
454ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
455ce8.460: supR3HardenedDllNotificationCallback: load 77ae0000 LB 0x000a1000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
456ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
457ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75d90000 'C:\Windows\system32\Wintrust.dll'
458ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
459ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
460ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
461ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
462ce8.460: supR3HardenedDllNotificationCallback: load 75450000 LB 0x00017000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
463ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
464ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75450000 'C:\Windows\system32\bcrypt.dll'
465ce8.460: bcrypt.dll loaded at 75450000, BCryptOpenAlgorithmProvider at 75452cda, preloading providers:
466ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
467ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
468ce8.460: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
469ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
470ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
471ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
472ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
473ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
474ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
475ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
476ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
477ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
478ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
479ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
480ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
481ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
482ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
483ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
484ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
485ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
486ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
487ce8.460: supR3HardenedDllNotificationCallback: load 75050000 LB 0x0003d000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
488ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
489ce8.460: supR3HardenedDllNotificationCallback: load 767b0000 LB 0x000a0000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
490ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
491ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
492ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'.
493ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
494ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
495ce8.460: supR3HardenedDllNotificationCallback: load 764a0000 LB 0x00019000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
496ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
497ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75050000 'C:\Windows\system32\bcryptprimitives.dll'
498ce8.460: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00880078)
499ce8.460: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=008806c8)
500ce8.460: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00881480)
501ce8.460: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0087ffd0)
502ce8.460: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=008815d0)
503ce8.460: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00881670)
504ce8.460: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00881520)
505ce8.460: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=008817e0)
506ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
507ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
508ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
509ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
510ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
511ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
512ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
513ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
514ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
515ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
516ce8.460: supR3HardenedDllNotificationCallback: load 75340000 LB 0x00016000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
517ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
518ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75340000 'C:\Windows\system32\CRYPTSP.dll'
519ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
520ce8.460: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
521ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
522ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
523ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
524ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
525ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
526ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
527ce8.460: supR3HardenedDllNotificationCallback: load 75110000 LB 0x0003b000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
528ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
529ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75110000 'C:\Windows\system32\rsaenh.dll'
530ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
531ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
532ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767b0000 'C:\Windows\system32\ADVAPI32.dll'
533ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
534ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
535ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
536ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
537ce8.460: supR3HardenedDllNotificationCallback: load 757f0000 LB 0x0000c000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
538ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
539ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=757f0000 'C:\Windows\system32\CRYPTBASE.dll'
540ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
541ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
542ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75fc0000 'C:\Windows\system32\kernel32.dll'
543ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
544ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
545ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75d90000 'C:\Windows\system32\WINTRUST.DLL'
546ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
547ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
548ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75b90000 'C:\Windows\system32\CRYPT32.dll'
549ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
550ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
551ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
552ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
553ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
554ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
555ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
556ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
557ce8.460: supR3HardenedDllNotificationCallback: load 77ab0000 LB 0x0002a000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
558ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
559ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77ab0000 'C:\Windows\system32\imagehlp.dll'
560ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
561ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
562ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75340000 'C:\Windows\system32\CRYPTSP.dll'
563ce8.460: \Device\HarddiskVolume2\Windows\System32\user32.dll: Owner is administrators group.
564ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
565ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
566ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
567ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
568ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
569ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
570ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
571ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
572ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
573ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
574ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
575ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
576ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
577ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
578ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
579ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
580ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
581ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
582ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
583ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
584ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
585ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
586ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
587ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
588ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
589ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
590ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
591ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
592ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
593ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
594ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
595ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
596ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
597ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
598ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
599ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
600ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
601ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
602ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
603ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
604ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
605ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
606ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
607ce8.460: supR3HardenedDllNotificationCallback: load 774a0000 LB 0x000c9000 C:\Windows\system32\USER32.dll [fFlags=0x0]
608ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
609ce8.460: supR3HardenedDllNotificationCallback: load 75f70000 LB 0x0004e000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
610ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
611ce8.460: supR3HardenedDllNotificationCallback: load 760a0000 LB 0x0000a000 C:\Windows\system32\LPK.dll [fFlags=0x0]
612ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
613ce8.460: supR3HardenedDllNotificationCallback: load 76210000 LB 0x0009d000 C:\Windows\system32\USP10.dll [fFlags=0x0]
614ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
615ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
616ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
617ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75f70000 'C:\Windows\system32\gdi32.dll'
618ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
619ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
620ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
621ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
622ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
623ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
624ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
625ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
626ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
627ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
628ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
629ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
630ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
631ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
632ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
633ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
634ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
635ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
636ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
637ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
638ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
639ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
640ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
641ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
642ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
643ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
644ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
645ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
646ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
647ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
648ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
649ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
650ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
651ce8.460: supR3HardenedDllNotificationCallback: load 76480000 LB 0x0001f000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
652ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
653ce8.460: supR3HardenedDllNotificationCallback: load 77570000 LB 0x000cc000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
654ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
655ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76480000 'C:\Windows\system32\IMM32.DLL'
656ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=774a0000 'C:\Windows\system32\USER32.dll'
657ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
658ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
659ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
660ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
661ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
662ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
663ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
664ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
665ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
666ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
667ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
668ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
669ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
670ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
671ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
672ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
673ce8.460: supR3HardenedDllNotificationCallback: load 75470000 LB 0x00038000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
674ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
675ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75470000 'C:\Windows\system32\ncrypt.dll'
676ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
677ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
678ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75450000 'C:\Windows\system32\bcrypt.dll'
679ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
680ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'.
681ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'profapi.dll'.
682ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
683ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
684ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
685ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
686ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
687ce8.460: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
688ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
689ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
690ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
691ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
692ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
693ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
694ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
695ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
696ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
697ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
698ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
699ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
700ce8.460: supR3HardenedDllNotificationCallback: load 759d0000 LB 0x00017000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
701ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
702ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
703ce8.460: supR3HardenedDllNotificationCallback: load 759c0000 LB 0x0000b000 C:\Windows\system32\profapi.dll [fFlags=0x0]
704ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
705ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=759d0000 'C:\Windows\system32\USERENV.dll'
706ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
707ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=764a0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
708ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
709ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=764a0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
710ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
711ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
712ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
713ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
714ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
715ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
716ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
717ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
718ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
719ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
720ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
721ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
722ce8.460: supR3HardenedDllNotificationCallback: load 74f20000 LB 0x00016000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
723ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
724ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74f20000 'C:\Windows\system32\GPAPI.dll'
725ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
726ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=764a0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
727ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
728ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
729ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77ae0000 'C:\Windows\system32\rpcrt4.dll'
730ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
731ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=764a0000 'API-MS-WIN-Service-Management-L2-1-0.dll'
732ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
733ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=764a0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
734ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
735ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
736ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'wldap32.dll'.
737ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
738ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
739ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
740ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
741ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
742ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
743ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
744ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
745ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
746ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
747ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
748ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
749ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
750ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
751ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
752ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
753ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
754ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
755ce8.460: supR3HardenedDllNotificationCallback: load 72730000 LB 0x0001c000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
756ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
757ce8.460: supR3HardenedDllNotificationCallback: load 76630000 LB 0x00045000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
758ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
759ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
760ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
761ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72730000 'C:\Windows\system32\cryptnet.dll'
762ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
763ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
764ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72730000 'C:\Windows\system32\cryptnet.dll'
765ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
766ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
767ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72730000 'C:\Windows\system32\cryptnet.dll'
768ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
769ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
770ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72730000 'C:\Windows\system32\cryptnet.dll'
771ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
772ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
773ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72730000 'C:\Windows\system32\cryptnet.dll'
774ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
775ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
776ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72730000 'C:\Windows\system32\cryptnet.dll'
777ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
778ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72730000 'C:\Windows\system32\cryptnet.dll'
779ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
780ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72730000 'C:\Windows\system32\cryptnet.dll'
781ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
782ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72730000 'C:\Windows\system32\cryptnet.dll'
783ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
784ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72730000 'C:\Windows\system32\cryptnet.dll'
785ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
786ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72730000 'C:\Windows\system32\cryptnet.dll'
787ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72730000 'C:\Windows\system32\cryptnet.dll'
788ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
789ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
790ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
791ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
792ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
793ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
794ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
795ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
796ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
797ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
798ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
799ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
800ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
801ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
802ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
803ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
804ce8.460: supR3HardenedDllNotificationCallback: load 764d0000 LB 0x00057000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
805ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
806ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=764d0000 'C:\Windows\system32\SHLWAPI.dll'
807ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
808ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=764a0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
809ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
810ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
811ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=759c0000 'C:\Windows\system32\profapi.dll'
812ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
813ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
814ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
815ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
816ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
817ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
818ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
819ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll)
820ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
821ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
822ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
823ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
824ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'cfgmgr32.dll'.
825ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devobj.dll)
826ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
827ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
828ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
829ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
830ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
831ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
832ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
833ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'gdi32.dll'.
834ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll)
835ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
836ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
837ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
838ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
839ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
840ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
841ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
842ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
843ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
844ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
845ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
846ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
847ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
848ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
849ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
850ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
851ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
852ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
853ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
854ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
855ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
856ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
857ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
858ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
859ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
860ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
861ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
862ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
863ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
864ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
865ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
866ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
867ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
868ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
869ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
870ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
871ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
872ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
873ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
874ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
875ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
876ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
877ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
878ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
879ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
880ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
881ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
882ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ole32.dll)
883ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
884ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
885ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
886ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
887ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
888ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
889ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
890ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
891ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
892ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
893ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
894ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
895ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
896ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
897ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
898ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
899ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
900ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
901ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
902ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\setupapi.dll (Input=setupapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
903ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [lacks WinVerifyTrust]
904ce8.460: supR3HardenedDllNotificationCallback: load 75dd0000 LB 0x0019d000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
905ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [lacks WinVerifyTrust]
906ce8.460: supR3HardenedDllNotificationCallback: load 75d60000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
907ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
908ce8.460: supR3HardenedDllNotificationCallback: load 76680000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
909ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll [lacks WinVerifyTrust]
910ce8.460: supR3HardenedDllNotificationCallback: load 760b0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [fFlags=0x0]
911ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ole32.dll [lacks WinVerifyTrust]
912ce8.460: supR3HardenedDllNotificationCallback: load 75cb0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
913ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [lacks WinVerifyTrust]
914ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
915ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75fc0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
916ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75dd0000 'C:\Windows\system32\setupapi.dll'
917ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
918ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cabinet.dll)
919ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cabinet.dll
920ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
921ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
922ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
923ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Cabinet.dll (Input=Cabinet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
924ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cabinet.dll [lacks WinVerifyTrust]
925ce8.460: supR3HardenedDllNotificationCallback: load 72700000 LB 0x00015000 C:\Windows\system32\Cabinet.dll [fFlags=0x0]
926ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cabinet.dll [lacks WinVerifyTrust]
927ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72700000 'C:\Windows\system32\Cabinet.dll'
928ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
929ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
930ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
931ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
932ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
933ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
934ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DEVRTL.dll (Input=DEVRTL.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
935ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [lacks WinVerifyTrust]
936ce8.460: supR3HardenedDllNotificationCallback: load 750b0000 LB 0x0000e000 C:\Windows\system32\DEVRTL.dll [fFlags=0x0]
937ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [lacks WinVerifyTrust]
938ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=750b0000 'C:\Windows\system32\DEVRTL.dll'
939ce8.460: supR3HardenedDllNotificationCallback: Unload 75dd0000 LB 0x0019d000 C:\Windows\system32\setupapi.dll [flags=0x0]
940ce8.460: supR3HardenedDllNotificationCallback: Unload 75cb0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
941ce8.460: supR3HardenedDllNotificationCallback: Unload 76680000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
942ce8.460: supR3HardenedDllNotificationCallback: Unload 760b0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [flags=0x0]
943ce8.460: supR3HardenedDllNotificationCallback: Unload 75d60000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [flags=0x0]
944ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
945ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=764a0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
946ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
947ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=764a0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
948ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
949ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77ae0000 'C:\Windows\system32\RPCRT4.dll'
950ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
951ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=764a0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
952ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
953ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=764a0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
954ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [lacks WinVerifyTrust]
955ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\setupapi.dll (Input=setupapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
956ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [lacks WinVerifyTrust]
957ce8.460: supR3HardenedDllNotificationCallback: load 75dd0000 LB 0x0019d000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
958ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [lacks WinVerifyTrust]
959ce8.460: supR3HardenedDllNotificationCallback: load 75d60000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
960ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
961ce8.460: supR3HardenedDllNotificationCallback: load 76680000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
962ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll [lacks WinVerifyTrust]
963ce8.460: supR3HardenedDllNotificationCallback: load 760b0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [fFlags=0x0]
964ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ole32.dll [lacks WinVerifyTrust]
965ce8.460: supR3HardenedDllNotificationCallback: load 75cb0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
966ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [lacks WinVerifyTrust]
967ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
968ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75fc0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
969ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75dd0000 'C:\Windows\system32\setupapi.dll'
970ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cabinet.dll [lacks WinVerifyTrust]
971ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Cabinet.dll (Input=Cabinet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
972ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72700000 'C:\Windows\system32\Cabinet.dll'
973ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [lacks WinVerifyTrust]
974ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DEVRTL.dll (Input=DEVRTL.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
975ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=750b0000 'C:\Windows\system32\DEVRTL.dll'
976ce8.460: supR3HardenedDllNotificationCallback: Unload 75dd0000 LB 0x0019d000 C:\Windows\system32\setupapi.dll [flags=0x0]
977ce8.460: supR3HardenedDllNotificationCallback: Unload 75cb0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
978ce8.460: supR3HardenedDllNotificationCallback: Unload 76680000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
979ce8.460: supR3HardenedDllNotificationCallback: Unload 760b0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [flags=0x0]
980ce8.460: supR3HardenedDllNotificationCallback: Unload 75d60000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [flags=0x0]
981ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
982ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72730000 'C:\Windows\system32\cryptnet.dll'
983ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000 pwszName=\SystemRoot\System32\ntdll.dll
984ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: New context 0087bbf0
985ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
986ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C1F405DE11D8896E06F00AC33D96E6B2B7688D6D
987ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
988ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=764a0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
989ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
990ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=764a0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
991ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
992ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=764a0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
993ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
994ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
995ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767b0000 'C:\Windows\system32\ADVAPI32.dll'
996ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
997ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=764a0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
998ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\SystemRoot\System32\ntdll.dll'
999ce8.460: g_pfnWinVerifyTrust=75d92674
1000ce8.460: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
1001ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
1002ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1003ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1004ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A7A2A8BA225636E41D4A990A4D527D2BC1993AB7
1005ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1006ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1007ce8.460: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1008ce8.460: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
1009ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
1010ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1011ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1012ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AAFC6FF018C72268F70F327089713FA62B6A6CAC
1013ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1014ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1015ce8.460: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1016ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000003e0 pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
1017ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1018ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1019ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CD89866352298A7134AB5603177CD257C074D584
1020ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
1021ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1022ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
1023ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000003d4 pwszName=\Device\HarddiskVolume2\Windows\System32\cabinet.dll
1024ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1025ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1026ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=86A3214FF22CE214819131AA9D9FD5145ACECD0C
1027ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cabinet.dll'
1028ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1029ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cabinet.dll'
1030ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000398 pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
1031ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1032ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1033ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=07C15DE99041924EC7DED2E27632443249973ECA
1034ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
1035ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1036ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ole32.dll'
1037ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000394 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1038ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1039ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1040ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A2D26C675A9F5FB0ABA919E9F71726151CB174F1
1041ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
1042ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1043ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
1044ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000390 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1045ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1046ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1047ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=670D97F5DC29234BF188E6E1EBC8A3A9D4EDA114
1048ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
1049ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1050ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
1051ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000038c pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
1052ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1053ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1054ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EE1631BE6E86D9131380E981EC05320E6DF3FD3A
1055ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
1056ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1057ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devobj.dll'
1058ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000388 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
1059ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1060ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1061ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=07B90F6FCFF3E079727E8F6884115307C6E5BA41
1062ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
1063ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1064ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
1065ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000037c pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1066ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1067ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1068ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A97620B38393821964747185BD0CFB4FF244F0A
1069ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1070ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1071ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1072ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000370 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
1073ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1074ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1075ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4274E678F4A09F0955B304F45CFA0547B0F86BC7
1076ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1077ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1078ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1079ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000036c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1080ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1081ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1082ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C52865414241F58CAC9EEBC4EC3F3B16CC08EAEE
1083ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1084ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1085ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1086ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000258 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
1087ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1088ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1089ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BD66D8D7C0A43466AD80C34E81C083C3C69E195B
1090ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1091ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1092ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1093ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1094ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001c0 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
1095ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1096ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1097ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=21925C895DA97CB66CCC5FBA910D9ABD265AA276
1098ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1099ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1100ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1101ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001ac pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
1102ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1103ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1104ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CE0ECE66FA0266873DB2E9FEEF903A73BDC5376
1105ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1106ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1107ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1108ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000190 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
1109ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1110ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1111ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=64F08BBBD276BF0D30DC1EB035E557AB0D981A25
1112ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1113ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1114ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1115ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000018c pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
1116ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1117ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1118ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB8862BB29C3F539B9BF3A9E49EBC509A515AC5C
1119ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1120ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1121ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1122ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000188 pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
1123ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1124ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1125ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A2FDEE6777EE1392CEB3E98C6B38CE7EA30C9F31
1126ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1127ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1128ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1129ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000184 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
1130ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1131ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1132ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3AB0DC60D51A0053E75090F639D8517BE8BC74AD
1133ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1134ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1135ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1136ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000180 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
1137ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1138ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1139ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41DED5EF02BD22C4EC0CA99DF7F18E78EE9F1CB1
1140ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1141ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1142ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1143ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000017c pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
1144ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1145ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1146ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=101AE68E1E29A940EF9BED15EC5E0632B9A99B45
1147ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
1148ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: New context 0087bbf0
1149ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1150ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=101AE68E1E29A940EF9BED15EC5E0632B9A99B45
1151ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
1152ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1153ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
1154ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000178 pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
1155ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1156ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1157ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3E987531CA5DDB46DA0288B32D60D692350E2A63
1158ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1159ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1160ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1161ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000134 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1162ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1163ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1164ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7E0CBD7D0C7F18B4CDC624EAFFFE29E8644EB2D5
1165ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1166ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1167ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1168ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
1169ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
1170ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1171ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1172ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCDD93573F63B6F37F01E3BC42D7CB8A7C6AD119
1173ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1174ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1175ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1176ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000124 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
1177ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1178ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1179ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=78E9ABD813B4175EBA8EBD16ACB465E0E2FBF7F8
1180ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1181ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1182ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1183ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000120 pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
1184ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1185ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1186ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=76BF46A4D0BED8B301F5D228535A6F40D8114FB4
1187ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1188ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1189ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1190ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
1191ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000108 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
1192ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1193ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1194ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F0BAB1EFD5C685AC53B020519B5A6984B19E5071
1195ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1196ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1197ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1198ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000e8 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1199ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1200ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1201ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F316018CBA12E77998A5FA21A14EB469FA6A1904
1202ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1203ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1204ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1205ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
1206ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1207ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1208ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7068F2E1634BBD478D1FBCF4C463626913EA7285
1209ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1210ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1211ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1212ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1213ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1214ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1215ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3D25D5DCD0ECE76AD56254FBC21654977069634D
1216ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1217ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1218ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1219ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1220ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\setupapi.dll (Input=setupapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1221ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1222ce8.460: supR3HardenedDllNotificationCallback: load 75dd0000 LB 0x0019d000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
1223ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1224ce8.460: supR3HardenedDllNotificationCallback: load 75d60000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1225ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1226ce8.460: supR3HardenedDllNotificationCallback: load 76680000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1227ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1228ce8.460: supR3HardenedDllNotificationCallback: load 760b0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1229ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1230ce8.460: supR3HardenedDllNotificationCallback: load 75cb0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1231ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
1232ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1233ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75fc0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
1234ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75dd0000 'C:\Windows\system32\setupapi.dll'
1235ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cabinet.dll
1236ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Cabinet.dll (Input=Cabinet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1237ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72700000 'C:\Windows\system32\Cabinet.dll'
1238ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll
1239ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DEVRTL.dll (Input=DEVRTL.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1240ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=750b0000 'C:\Windows\system32\DEVRTL.dll'
1241ce8.460: supR3HardenedDllNotificationCallback: Unload 75dd0000 LB 0x0019d000 C:\Windows\system32\setupapi.dll [flags=0x0]
1242ce8.460: supR3HardenedDllNotificationCallback: Unload 75cb0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
1243ce8.460: supR3HardenedDllNotificationCallback: Unload 76680000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
1244ce8.460: supR3HardenedDllNotificationCallback: Unload 760b0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [flags=0x0]
1245ce8.460: supR3HardenedDllNotificationCallback: Unload 75d60000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [flags=0x0]
1246ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1247ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000024 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1248ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1249ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1250ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A60573263725F79AE77ADE81984B8A071324B54F
1251ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1252ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1253ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1254ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000001c pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
1255ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1256ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1257ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3B009C0C97D579419546E7A3B420C757D994DCFB
1258ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1259ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1260ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1261ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1262ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1263ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75b90000 'C:\Windows\system32\crypt32.dll'
1264ce8.460: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1265ce8.460: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1266ce8.460: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1267ce8.460: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1268ce8.460: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1269ce8.460: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1270ce8.460: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
1271ce8.460: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1272ce8.460: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1273ce8.460: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1274ce8.460: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1275ce8.460: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1276ce8.460: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1277ce8.460: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1278ce8.460: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=14
1279ce8.460: SUPR3HardenedMain: Load Runtime...
1280ce8.460: supR3HardenedDllNotificationCallback: load 75dd0000 LB 0x0019d000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
1281ce8.460: supR3HardenedDllNotificationCallback: load 75d60000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1282ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1283ce8.460: supR3HardenedDllNotificationCallback: load 76680000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1284ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1285ce8.460: supR3HardenedDllNotificationCallback: load 760b0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1286ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1287ce8.460: supR3HardenedDllNotificationCallback: load 75cb0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1288ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
1289ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1290ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75fc0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
1291ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75dd0000 'C:\Windows\system32\setupapi.dll'
1292ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cabinet.dll
1293ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Cabinet.dll (Input=Cabinet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1294ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72700000 'C:\Windows\system32\Cabinet.dll'
1295ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll
1296ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DEVRTL.dll (Input=DEVRTL.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1297ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=750b0000 'C:\Windows\system32\DEVRTL.dll'
1298ce8.460: supR3HardenedDllNotificationCallback: Unload 75dd0000 LB 0x0019d000 C:\Windows\system32\setupapi.dll [flags=0x0]
1299ce8.460: supR3HardenedDllNotificationCallback: Unload 75cb0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
1300ce8.460: supR3HardenedDllNotificationCallback: Unload 76680000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
1301ce8.460: supR3HardenedDllNotificationCallback: Unload 760b0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [flags=0x0]
1302ce8.460: supR3HardenedDllNotificationCallback: Unload 75d60000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [flags=0x0]
1303ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1304ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1305ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1306ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1307ce8.460: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1308ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1309ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1310ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1311ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1312ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1313ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000003b8 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1314ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1315ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1316ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2535224DB54945234E1A0C452639FCBB02F5F364
1317ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
1318ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1319ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1320ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
1321ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'nsi.dll'.
1322ce8.460: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
1323ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1324ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1325ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1326ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1327ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1328ce8.460: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\nsi.dll'.
1329ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)
1330ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
1331ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1332ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1333ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1334ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1335ce8.460: supR3HardenedDllNotificationCallback: load 75dd0000 LB 0x0019d000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
1336ce8.460: supR3HardenedDllNotificationCallback: load 75d60000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1337ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1338ce8.460: supR3HardenedDllNotificationCallback: load 76680000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1339ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1340ce8.460: supR3HardenedDllNotificationCallback: load 760b0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1341ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1342ce8.460: supR3HardenedDllNotificationCallback: load 75cb0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1343ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
1344ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1345ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75fc0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
1346ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75dd0000 'C:\Windows\system32\setupapi.dll'
1347ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cabinet.dll
1348ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Cabinet.dll (Input=Cabinet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1349ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72700000 'C:\Windows\system32\Cabinet.dll'
1350ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll
1351ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DEVRTL.dll (Input=DEVRTL.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1352ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=750b0000 'C:\Windows\system32\DEVRTL.dll'
1353ce8.460: supR3HardenedDllNotificationCallback: Unload 75dd0000 LB 0x0019d000 C:\Windows\system32\setupapi.dll [flags=0x0]
1354ce8.460: supR3HardenedDllNotificationCallback: Unload 75cb0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
1355ce8.460: supR3HardenedDllNotificationCallback: Unload 76680000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
1356ce8.460: supR3HardenedDllNotificationCallback: Unload 760b0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [flags=0x0]
1357ce8.460: supR3HardenedDllNotificationCallback: Unload 75d60000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [flags=0x0]
1358ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1359ce8.460: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1360ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1361ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1362ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1363ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1364ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1365ce8.460: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1366ce8.460: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)
1367ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1368ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1369ce8.460: supR3HardenedDllNotificationCallback: load 75dd0000 LB 0x0019d000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
1370ce8.460: supR3HardenedDllNotificationCallback: load 75d60000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1371ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1372ce8.460: supR3HardenedDllNotificationCallback: load 76680000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1373ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1374ce8.460: supR3HardenedDllNotificationCallback: load 760b0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1375ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1376ce8.460: supR3HardenedDllNotificationCallback: load 75cb0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1377ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
1378ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1379ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75fc0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
1380ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75dd0000 'C:\Windows\system32\setupapi.dll'
1381ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cabinet.dll
1382ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Cabinet.dll (Input=Cabinet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1383ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72700000 'C:\Windows\system32\Cabinet.dll'
1384ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll
1385ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DEVRTL.dll (Input=DEVRTL.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1386ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=750b0000 'C:\Windows\system32\DEVRTL.dll'
1387ce8.460: supR3HardenedDllNotificationCallback: Unload 75dd0000 LB 0x0019d000 C:\Windows\system32\setupapi.dll [flags=0x0]
1388ce8.460: supR3HardenedDllNotificationCallback: Unload 75cb0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
1389ce8.460: supR3HardenedDllNotificationCallback: Unload 76680000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
1390ce8.460: supR3HardenedDllNotificationCallback: Unload 760b0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [flags=0x0]
1391ce8.460: supR3HardenedDllNotificationCallback: Unload 75d60000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [flags=0x0]
1392ce8.460: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1393ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1394ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1395ce8.460: supR3HardenedDllNotificationCallback: load 6d660000 LB 0x00422000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1396ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1397ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1398ce8.460: supR3HardenedDllNotificationCallback: load 6e4f0000 LB 0x000bf000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1399ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1400ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1401ce8.460: supR3HardenedDllNotificationCallback: load 721c0000 LB 0x00069000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1402ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1403ce8.460: supR3HardenedDllNotificationCallback: load 76770000 LB 0x00035000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
1404ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1405ce8.460: supR3HardenedDllNotificationCallback: load 764c0000 LB 0x00006000 C:\Windows\system32\NSI.dll [fFlags=0x0]
1406ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
1407ce8.460: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1408ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1409ce8.460: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\nsi.dll'.
1410ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rescheduled]
1411ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1412ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1413ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1414ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1415ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1416ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1417ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1418ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1419ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1420ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1421ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1422ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1423ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1424ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1425ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1426ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1427ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1428ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1429ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1430ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1431ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1432ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1433ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1434ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1435ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1436ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1437ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1438ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1439ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1440ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1441ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1442ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1443ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1444ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1445ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1446ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1447ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1448ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1449ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1450ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1451ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1452ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1453ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1454ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1455ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1456ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1457ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1458ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1459ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d660000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1460ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1461ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1462ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75d90000 'C:\Windows\system32\Wintrust.dll'
1463ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1464ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1465ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75b90000 'C:\Windows\system32\crypt32.dll'
1466ce8.460: SUPR3HardenedMain: Load TrustedMain...
1467ce8.460: supR3HardenedDllNotificationCallback: load 75dd0000 LB 0x0019d000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
1468ce8.460: supR3HardenedDllNotificationCallback: load 75d60000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1469ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1470ce8.460: supR3HardenedDllNotificationCallback: load 76680000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1471ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1472ce8.460: supR3HardenedDllNotificationCallback: load 760b0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1473ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1474ce8.460: supR3HardenedDllNotificationCallback: load 75cb0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1475ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
1476ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1477ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75fc0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
1478ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75dd0000 'C:\Windows\system32\setupapi.dll'
1479ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cabinet.dll
1480ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Cabinet.dll (Input=Cabinet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1481ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72700000 'C:\Windows\system32\Cabinet.dll'
1482ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll
1483ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DEVRTL.dll (Input=DEVRTL.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1484ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=750b0000 'C:\Windows\system32\DEVRTL.dll'
1485ce8.460: supR3HardenedDllNotificationCallback: Unload 75dd0000 LB 0x0019d000 C:\Windows\system32\setupapi.dll [flags=0x0]
1486ce8.460: supR3HardenedDllNotificationCallback: Unload 75cb0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
1487ce8.460: supR3HardenedDllNotificationCallback: Unload 76680000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
1488ce8.460: supR3HardenedDllNotificationCallback: Unload 760b0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [flags=0x0]
1489ce8.460: supR3HardenedDllNotificationCallback: Unload 75d60000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [flags=0x0]
1490ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1491ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1492ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
1493ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
1494ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
1495ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
1496ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
1497ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
1498ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5printsupportvbox.dll'.
1499ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5openglvbox.dll'.
1500ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'user32.dll'.
1501ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'advapi32.dll'.
1502ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'shell32.dll'.
1503ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'ole32.dll'.
1504ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
1505ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
1506ce8.460: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
1507ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1508ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1509ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1510ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000440 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
1511ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1512ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1513ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0907A64D7756C59C69C1DFBD06460EC89D3A8FBD
1514ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
1515ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1516ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1517ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1518ce8.460: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
1519ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1520ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1521ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1522ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1523ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1524ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1525ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1526ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1527ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1528ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000414 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
1529ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1530ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1531ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8BEFE2D8EC7EF34FCC6A62BE11D1AAE6597F4884
1532ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
1533ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1534ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1535ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
1536ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1537ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1538ce8.460: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
1539ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1540ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1541ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1542ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1543ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1544ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1545ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
1546ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
1547ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1548ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1549ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1550ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1551ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1552ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1553ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1554ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1555ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1556ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1557ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1558ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1559ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1560ce8.460: supR3HardenedDllNotificationCallback: load 75dd0000 LB 0x0019d000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
1561ce8.460: supR3HardenedDllNotificationCallback: load 75d60000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1562ce8.460: supR3HardenedDllNotificationCallback: load 76680000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1563ce8.460: supR3HardenedDllNotificationCallback: load 760b0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1564ce8.460: supR3HardenedDllNotificationCallback: load 75cb0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1565ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
1566ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1567ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75fc0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
1568ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75dd0000 'C:\Windows\system32\setupapi.dll'
1569ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72700000 'C:\Windows\system32\Cabinet.dll'
1570ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=750b0000 'C:\Windows\system32\DEVRTL.dll'
1571ce8.460: supR3HardenedDllNotificationCallback: Unload 75dd0000 LB 0x0019d000 C:\Windows\system32\setupapi.dll [flags=0x0]
1572ce8.460: supR3HardenedDllNotificationCallback: Unload 75cb0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
1573ce8.460: supR3HardenedDllNotificationCallback: Unload 76680000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
1574ce8.460: supR3HardenedDllNotificationCallback: Unload 760b0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [flags=0x0]
1575ce8.460: supR3HardenedDllNotificationCallback: Unload 75d60000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [flags=0x0]
1576ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
1577ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
1578ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1579ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1580ce8.460: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
1581ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1582ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
1583ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
1584ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1585ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1586ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1587ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1588ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1589ce8.460: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
1590ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1591ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
1592ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
1593ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1594ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1595ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
1596ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
1597ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
1598ce8.460: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
1599ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1600ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1601ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1602ce8.460: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
1603ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1604ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1605ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1606ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1607ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcp100.dll'.
1608ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1609ce8.460: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
1610ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1611ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1612ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1613ce8.460: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1614ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1615ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1616ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1617ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1618ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1619ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1620ce8.460: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
1621ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1622ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1623ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1624ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1625ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1626ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1627ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1628ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1629ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1630ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1631ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1632ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1633ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1634ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1635ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1636ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1637ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1638ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1639ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1640ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1641ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1642ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1643ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1644ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1645ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1646ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1647ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1648ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1649ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1650ce8.460: Error (rc=0):
1651ce8.460: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=16 \Device\HarddiskVolume2\Windows\System32\user32.dll
1652ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1653ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1654ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1655ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1656ce8.460: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'.
1657ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1658ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1659ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1660ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1661ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1662ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1663ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)
1664ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1665ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1666ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1667ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1668ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1669ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1670ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1671ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
1672ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
1673ce8.460: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
1674ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\mpr.dll)
1675ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
1676ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1677ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1678ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1679ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1680ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1681ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1682ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1683ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1684ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1685ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1686ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1687ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1688ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1689ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1690ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1691ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1692ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1693ce8.460: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\ddraw.dll'.
1694ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1695ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1696ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1697ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1698ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1699ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1700ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll)
1701ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1702ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1703ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1704ce8.460: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1705ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1706ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1707ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1708ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)
1709ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1710ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1711ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1712ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1713ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1714ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1715ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1716ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1717ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1718ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1719ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1720ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1721ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
1722ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1723ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1724ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
1725ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
1726ce8.460: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'.
1727ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1728ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1729ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1730ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)
1731ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1732ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1733ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1734ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1735ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1736ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1737ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1738ce8.460: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\dciman32.dll'.
1739ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1740ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1741ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1742ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll)
1743ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1744ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1745ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1746ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1747ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1748ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1749ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1750ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1751ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1752ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1753ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1754ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1755ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1756ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1757ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1758ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1759ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1760ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1761ce8.460: supR3HardenedDllNotificationCallback: load 75dd0000 LB 0x0019d000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
1762ce8.460: supR3HardenedDllNotificationCallback: load 75d60000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1763ce8.460: supR3HardenedDllNotificationCallback: load 76680000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1764ce8.460: supR3HardenedDllNotificationCallback: load 760b0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1765ce8.460: supR3HardenedDllNotificationCallback: load 75cb0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1766ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1767ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75fc0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
1768ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75dd0000 'C:\Windows\system32\setupapi.dll'
1769ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72700000 'C:\Windows\system32\Cabinet.dll'
1770ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=750b0000 'C:\Windows\system32\DEVRTL.dll'
1771ce8.460: supR3HardenedDllNotificationCallback: Unload 75dd0000 LB 0x0019d000 C:\Windows\system32\setupapi.dll [flags=0x0]
1772ce8.460: supR3HardenedDllNotificationCallback: Unload 75cb0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
1773ce8.460: supR3HardenedDllNotificationCallback: Unload 76680000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
1774ce8.460: supR3HardenedDllNotificationCallback: Unload 760b0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [flags=0x0]
1775ce8.460: supR3HardenedDllNotificationCallback: Unload 75d60000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [flags=0x0]
1776ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1777ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1778ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
1779ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
1780ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1781ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1782ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
1783ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
1784ce8.460: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
1785ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1786ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1787ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1788ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
1789ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1790ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1791ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1792ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1793ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1794ce8.460: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'.
1795ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1796ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1797ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1798ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1799ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1800ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1801ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll)
1802ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1803ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1804ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1805ce8.460: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
1806ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1807ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1808ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1809ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)
1810ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
1811ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1812ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1813ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1814ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1815ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1816ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1817ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1818ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1819ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
1820ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1821ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1822ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1823ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1824ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1825ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1826ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1827ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1828ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1829ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1830ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1831ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1832ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1833ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1834ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1835ce8.460: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
1836ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1837ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1838ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1839ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)
1840ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
1841ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1842ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1843ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1844ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1845ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1846ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1847ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1848ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1849ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1850ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1851ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1852ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1853ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1854ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1855ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1856ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1857ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1858ce8.460: supR3HardenedDllNotificationCallback: load 75dd0000 LB 0x0019d000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
1859ce8.460: supR3HardenedDllNotificationCallback: load 75d60000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1860ce8.460: supR3HardenedDllNotificationCallback: load 76680000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1861ce8.460: supR3HardenedDllNotificationCallback: load 760b0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1862ce8.460: supR3HardenedDllNotificationCallback: load 75cb0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1863ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1864ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75fc0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
1865ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75dd0000 'C:\Windows\system32\setupapi.dll'
1866ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72700000 'C:\Windows\system32\Cabinet.dll'
1867ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=750b0000 'C:\Windows\system32\DEVRTL.dll'
1868ce8.460: supR3HardenedDllNotificationCallback: Unload 75dd0000 LB 0x0019d000 C:\Windows\system32\setupapi.dll [flags=0x0]
1869ce8.460: supR3HardenedDllNotificationCallback: Unload 75cb0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
1870ce8.460: supR3HardenedDllNotificationCallback: Unload 76680000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
1871ce8.460: supR3HardenedDllNotificationCallback: Unload 760b0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [flags=0x0]
1872ce8.460: supR3HardenedDllNotificationCallback: Unload 75d60000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [flags=0x0]
1873ce8.460: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
1874ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1875ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1876ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
1877ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1878ce8.460: supR3HardenedDllNotificationCallback: load 75dd0000 LB 0x0019d000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
1879ce8.460: supR3HardenedDllNotificationCallback: load 75d60000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1880ce8.460: supR3HardenedDllNotificationCallback: load 76680000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1881ce8.460: supR3HardenedDllNotificationCallback: load 760b0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1882ce8.460: supR3HardenedDllNotificationCallback: load 75cb0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1883ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1884ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75fc0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
1885ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75dd0000 'C:\Windows\system32\setupapi.dll'
1886ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72700000 'C:\Windows\system32\Cabinet.dll'
1887ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=750b0000 'C:\Windows\system32\DEVRTL.dll'
1888ce8.460: supR3HardenedDllNotificationCallback: Unload 75dd0000 LB 0x0019d000 C:\Windows\system32\setupapi.dll [flags=0x0]
1889ce8.460: supR3HardenedDllNotificationCallback: Unload 75cb0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
1890ce8.460: supR3HardenedDllNotificationCallback: Unload 76680000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
1891ce8.460: supR3HardenedDllNotificationCallback: Unload 760b0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [flags=0x0]
1892ce8.460: supR3HardenedDllNotificationCallback: Unload 75d60000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [flags=0x0]
1893ce8.460: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
1894ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1895ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1896ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
1897ce8.460: supR3HardenedDllNotificationCallback: load 75dd0000 LB 0x0019d000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
1898ce8.460: supR3HardenedDllNotificationCallback: load 75d60000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1899ce8.460: supR3HardenedDllNotificationCallback: load 76680000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1900ce8.460: supR3HardenedDllNotificationCallback: load 760b0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1901ce8.460: supR3HardenedDllNotificationCallback: load 75cb0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1902ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1903ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75fc0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
1904ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75dd0000 'C:\Windows\system32\setupapi.dll'
1905ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72700000 'C:\Windows\system32\Cabinet.dll'
1906ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=750b0000 'C:\Windows\system32\DEVRTL.dll'
1907ce8.460: supR3HardenedDllNotificationCallback: Unload 75dd0000 LB 0x0019d000 C:\Windows\system32\setupapi.dll [flags=0x0]
1908ce8.460: supR3HardenedDllNotificationCallback: Unload 75cb0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
1909ce8.460: supR3HardenedDllNotificationCallback: Unload 76680000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
1910ce8.460: supR3HardenedDllNotificationCallback: Unload 760b0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [flags=0x0]
1911ce8.460: supR3HardenedDllNotificationCallback: Unload 75d60000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [flags=0x0]
1912ce8.460: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
1913ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1914ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1915ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
1916ce8.460: supR3HardenedDllNotificationCallback: load 75dd0000 LB 0x0019d000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
1917ce8.460: supR3HardenedDllNotificationCallback: load 75d60000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1918ce8.460: supR3HardenedDllNotificationCallback: load 76680000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1919ce8.460: supR3HardenedDllNotificationCallback: load 760b0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1920ce8.460: supR3HardenedDllNotificationCallback: load 75cb0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1921ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1922ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75fc0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
1923ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75dd0000 'C:\Windows\system32\setupapi.dll'
1924ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72700000 'C:\Windows\system32\Cabinet.dll'
1925ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=750b0000 'C:\Windows\system32\DEVRTL.dll'
1926ce8.460: supR3HardenedDllNotificationCallback: Unload 75dd0000 LB 0x0019d000 C:\Windows\system32\setupapi.dll [flags=0x0]
1927ce8.460: supR3HardenedDllNotificationCallback: Unload 75cb0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
1928ce8.460: supR3HardenedDllNotificationCallback: Unload 76680000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
1929ce8.460: supR3HardenedDllNotificationCallback: Unload 760b0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [flags=0x0]
1930ce8.460: supR3HardenedDllNotificationCallback: Unload 75d60000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [flags=0x0]
1931ce8.460: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
1932ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1933ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1934ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1935ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
1936ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
1937ce8.460: supR3HardenedDllNotificationCallback: load 75dd0000 LB 0x0019d000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
1938ce8.460: supR3HardenedDllNotificationCallback: load 75d60000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1939ce8.460: supR3HardenedDllNotificationCallback: load 76680000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1940ce8.460: supR3HardenedDllNotificationCallback: load 760b0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1941ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1942ce8.460: supR3HardenedDllNotificationCallback: load 75cb0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1943ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1944ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75fc0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
1945ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75dd0000 'C:\Windows\system32\setupapi.dll'
1946ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72700000 'C:\Windows\system32\Cabinet.dll'
1947ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=750b0000 'C:\Windows\system32\DEVRTL.dll'
1948ce8.460: supR3HardenedDllNotificationCallback: Unload 75dd0000 LB 0x0019d000 C:\Windows\system32\setupapi.dll [flags=0x0]
1949ce8.460: supR3HardenedDllNotificationCallback: Unload 75cb0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
1950ce8.460: supR3HardenedDllNotificationCallback: Unload 76680000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
1951ce8.460: supR3HardenedDllNotificationCallback: Unload 760b0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [flags=0x0]
1952ce8.460: supR3HardenedDllNotificationCallback: Unload 75d60000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [flags=0x0]
1953ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1954ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
1955ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1956ce8.460: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
1957ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1958ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1959ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1960ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1961ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1962ce8.460: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
1963ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000044c pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1964ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
1965ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
1966ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4C7570E385B8CF66CB40344231F3E0AA4189574F
1967ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WinEmb-Graphics-Platform~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1968ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1969ce8.460: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1970ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1971ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1972ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
1973ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
1974ce8.460: supR3HardenedDllNotificationCallback: load 75dd0000 LB 0x0019d000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
1975ce8.460: supR3HardenedDllNotificationCallback: load 75d60000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1976ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1977ce8.460: supR3HardenedDllNotificationCallback: load 76680000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1978ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1979ce8.460: supR3HardenedDllNotificationCallback: load 760b0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1980ce8.460: supR3HardenedDllNotificationCallback: load 75cb0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1981ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1982ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75fc0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
1983ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75dd0000 'C:\Windows\system32\setupapi.dll'
1984ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cabinet.dll
1985ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Cabinet.dll (Input=Cabinet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1986ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72700000 'C:\Windows\system32\Cabinet.dll'
1987ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll
1988ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DEVRTL.dll (Input=DEVRTL.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1989ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=750b0000 'C:\Windows\system32\DEVRTL.dll'
1990ce8.460: supR3HardenedDllNotificationCallback: Unload 75dd0000 LB 0x0019d000 C:\Windows\system32\setupapi.dll [flags=0x0]
1991ce8.460: supR3HardenedDllNotificationCallback: Unload 75cb0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
1992ce8.460: supR3HardenedDllNotificationCallback: Unload 76680000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
1993ce8.460: supR3HardenedDllNotificationCallback: Unload 760b0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [flags=0x0]
1994ce8.460: supR3HardenedDllNotificationCallback: Unload 75d60000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [flags=0x0]
1995ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1996ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1997ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
1998ce8.460: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
1999ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2000ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2001ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2002ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2003ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2004ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2005ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2006ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2007ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2008ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2009ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
2010ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
2011ce8.460: supR3HardenedDllNotificationCallback: load 6ce50000 LB 0x0080c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
2012ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
2013ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2014ce8.460: supR3HardenedDllNotificationCallback: load 6cd80000 LB 0x000c8000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
2015ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2016ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
2017ce8.460: supR3HardenedDllNotificationCallback: load 723d0000 LB 0x00022000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
2018ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
2019ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
2020ce8.460: supR3HardenedDllNotificationCallback: load 6cc90000 LB 0x000e7000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
2021ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
2022ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
2023ce8.460: supR3HardenedDllNotificationCallback: load 723c0000 LB 0x00006000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
2024ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
2025ce8.460: supR3HardenedDllNotificationCallback: load 75dd0000 LB 0x0019d000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
2026ce8.460: supR3HardenedDllNotificationCallback: load 75d60000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
2027ce8.460: supR3HardenedDllNotificationCallback: load 76680000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
2028ce8.460: supR3HardenedDllNotificationCallback: load 760b0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [fFlags=0x0]
2029ce8.460: supR3HardenedDllNotificationCallback: load 75cb0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
2030ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
2031ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
2032ce8.460: supR3HardenedDllNotificationCallback: load 73a70000 LB 0x00013000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
2033ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
2034ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2035ce8.460: supR3HardenedDllNotificationCallback: load 6ca40000 LB 0x00241000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.dll [fFlags=0x0]
2036ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2037ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2038ce8.460: supR3HardenedDllNotificationCallback: load 72380000 LB 0x00007000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
2039ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2040ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2041ce8.460: supR3HardenedDllNotificationCallback: load 6c5c0000 LB 0x00475000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
2042ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2043ce8.460: supR3HardenedDllNotificationCallback: load 76850000 LB 0x00c4a000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
2044ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2045ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
2046ce8.460: supR3HardenedDllNotificationCallback: load 75ab0000 LB 0x00012000 C:\Windows\system32\MPR.dll [fFlags=0x0]
2047ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
2048ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2049ce8.460: supR3HardenedDllNotificationCallback: load 6c110000 LB 0x004ae000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
2050ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2051ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
2052ce8.460: supR3HardenedDllNotificationCallback: load 6bcc0000 LB 0x0044d000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
2053ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
2054ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
2055ce8.460: supR3HardenedDllNotificationCallback: load 72330000 LB 0x00044000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
2056ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
2057ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
2058ce8.460: supR3HardenedDllNotificationCallback: load 71120000 LB 0x00051000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
2059ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
2060ce8.460: supR3HardenedDllNotificationCallback: load 77640000 LB 0x0007b000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
2061ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll [avoiding WinVerifyTrust]
2062ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
2063ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
2064ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2065ce8.460: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll)
2066ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
2067ce8.460: supR3HardenedDllNotificationCallback: load 72120000 LB 0x00084000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\COMCTL32.dll [fFlags=0x0]
2068ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll [avoiding WinVerifyTrust]
2069ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
2070ce8.460: supR3HardenedDllNotificationCallback: load 720d0000 LB 0x00046000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
2071ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
2072ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2073ce8.460: supR3HardenedDllNotificationCallback: load 71e80000 LB 0x00032000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
2074ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2075ce8.460: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll'.
2076ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll' [rescheduled]
2077ce8.460: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
2078ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rescheduled]
2079ce8.460: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
2080ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rescheduled]
2081ce8.460: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'.
2082ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rescheduled]
2083ce8.460: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\dciman32.dll'.
2084ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rescheduled]
2085ce8.460: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'.
2086ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rescheduled]
2087ce8.460: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
2088ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rescheduled]
2089ce8.460: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\ddraw.dll'.
2090ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rescheduled]
2091ce8.460: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
2092ce8.460: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rescheduled]
2093ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
2094ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75fc0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
2095ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
2096ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2097ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2098ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2099ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2100ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2101ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2102ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
2103ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76480000 'C:\Windows\system32\imm32.dll'
2104ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767b0000 'C:\Windows\system32\ADVAPI32.DLL'
2105ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
2106ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000:<flags> [calling]
2107ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=757f0000 'C:\Windows\system32\cryptbase.dll'
2108ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ce50000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
2109ce8.460: SUPR3HardenedMain: Calling TrustedMain (6ce51530)...
2110ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=760b0000 'C:\Windows\system32\ole32.dll'
2111ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767b0000 'C:\Windows\system32\ADVAPI32.dll'
2112ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2113ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
2114ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76850000 'C:\Windows\system32\shell32.dll'
2115ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75dd0000 'C:\Windows\system32\setupapi.dll'
2116ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72700000 'C:\Windows\system32\Cabinet.dll'
2117ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=750b0000 'C:\Windows\system32\DEVRTL.dll'
2118ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
2119ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'imm32.dll'.
2120ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'winmm.dll'.
2121ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
2122ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
2123ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2124ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
2125ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
2126ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
2127ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
2128ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
2129ce8.460: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
2130ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2131ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2132ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2133ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
2134ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
2135ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2136ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
2137ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
2138ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2139ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2140ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2141ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2142ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2143ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2144ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2145ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2146ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2147ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2148ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2149ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2150ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2151ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2152ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2153ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
2154ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
2155ce8.460: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
2156ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2157ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2158ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
2159ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2160ce8.460: supR3HardenedDllNotificationCallback: load 6bbd0000 LB 0x000ee000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
2161ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2162ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6bbd0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
2163ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000052c pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2164ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0087bbf0
2165ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0087bbf0
2166ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BCFB3B3EDEC8C54A3B95DACAFC19DCB9EA6969BD
2167ce8.460: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
2168ce8.460: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2169ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2170ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2171ce8.460: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
2172ce8.460: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
2173ce8.460: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2174ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2175ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2176ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2177ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2178ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2179ce8.460: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2180ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0095a7f4:C:\Windows\system32;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
2181ce8.460: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2182ce8.460: supR3HardenedDllNotificationCallback: load 73da0000 LB 0x00040000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
2183ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2184ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73da0000 'C:\Windows\system32\uxtheme.dll'
2185ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2186ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0095a7f4:C:\Windows\system32;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
2187ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73da0000 'C:\Windows\system32\uxtheme.dll'
2188ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2189ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0095a7f4:C:\Windows\system32;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
2190ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73da0000 'C:\Windows\system32\uxtheme.dll'
2191ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2192ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0095a7f4:C:\Windows\system32;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
2193ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73da0000 'C:\Windows\system32\uxtheme.dll'
2194ce8.460: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
2195ce8.460: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0086275c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
2196ce8.460: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=757f0000 'C:\Windows\system32\CRYPTBASE.dll'
2197590.6c: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2922 ms, the end);
219823c.938: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 3399 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy