VirtualBox

Ticket #15968: VBoxHardening.log

File VBoxHardening.log, 240.6 KB (added by DenJed, 8 years ago)

VBoxHardening.log

Line 
1db4c.1664: Log file opened: 5.1.6r110634 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
2db4c.1664: \SystemRoot\System32\ntdll.dll:
3db4c.1664: CreationTime: 2015-11-21T14:15:17.185097600Z
4db4c.1664: LastWriteTime: 2015-10-20T01:09:05.164170200Z
5db4c.1664: ChangeTime: 2015-11-21T15:42:35.700119400Z
6db4c.1664: FileAttributes: 0x20
7db4c.1664: Size: 0x1a67c0
8db4c.1664: NT Headers: 0xe0
9db4c.1664: Timestamp: 0x56259295
10db4c.1664: Machine: 0x8664 - amd64
11db4c.1664: Timestamp: 0x56259295
12db4c.1664: Image Version: 6.1
13db4c.1664: SizeOfImage: 0x1a9000 (1740800)
14db4c.1664: Resource Dir: 0x14d000 LB 0x5a028
15db4c.1664: ProductName: Microsoft® Windows® Operating System
16db4c.1664: ProductVersion: 6.1.7601.19045
17db4c.1664: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
18db4c.1664: FileDescription: NT Layer DLL
19db4c.1664: \SystemRoot\System32\kernel32.dll:
20db4c.1664: CreationTime: 2015-11-21T14:15:16.741041200Z
21db4c.1664: LastWriteTime: 2015-10-20T01:05:40.819000000Z
22db4c.1664: ChangeTime: 2015-11-21T15:42:35.778119500Z
23db4c.1664: FileAttributes: 0x20
24db4c.1664: Size: 0x11c600
25db4c.1664: NT Headers: 0xe8
26db4c.1664: Timestamp: 0x56259270
27db4c.1664: Machine: 0x8664 - amd64
28db4c.1664: Timestamp: 0x56259270
29db4c.1664: Image Version: 6.1
30db4c.1664: SizeOfImage: 0x120000 (1179648)
31db4c.1664: Resource Dir: 0x117000 LB 0x528
32db4c.1664: ProductName: Microsoft® Windows® Operating System
33db4c.1664: ProductVersion: 6.1.7601.19045
34db4c.1664: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
35db4c.1664: FileDescription: Windows NT BASE API Client DLL
36db4c.1664: \SystemRoot\System32\KernelBase.dll:
37db4c.1664: CreationTime: 2015-11-21T14:15:16.693035100Z
38db4c.1664: LastWriteTime: 2015-10-20T01:05:40.819000000Z
39db4c.1664: ChangeTime: 2015-11-21T15:42:35.778119500Z
40db4c.1664: FileAttributes: 0x20
41db4c.1664: Size: 0x67c00
42db4c.1664: NT Headers: 0xe8
43db4c.1664: Timestamp: 0x56259271
44db4c.1664: Machine: 0x8664 - amd64
45db4c.1664: Timestamp: 0x56259271
46db4c.1664: Image Version: 6.1
47db4c.1664: SizeOfImage: 0x6c000 (442368)
48db4c.1664: Resource Dir: 0x6a000 LB 0x530
49db4c.1664: ProductName: Microsoft® Windows® Operating System
50db4c.1664: ProductVersion: 6.1.7601.19045
51db4c.1664: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
52db4c.1664: FileDescription: Windows NT BASE API Client DLL
53db4c.1664: \SystemRoot\System32\apisetschema.dll:
54db4c.1664: CreationTime: 2015-11-21T14:15:16.142965300Z
55db4c.1664: LastWriteTime: 2015-10-20T00:53:47.280000000Z
56db4c.1664: ChangeTime: 2015-11-21T15:42:35.700119400Z
57db4c.1664: FileAttributes: 0x20
58db4c.1664: Size: 0x1a00
59db4c.1664: NT Headers: 0xc0
60db4c.1664: Timestamp: 0x562590e2
61db4c.1664: Machine: 0x8664 - amd64
62db4c.1664: Timestamp: 0x562590e2
63db4c.1664: Image Version: 6.1
64db4c.1664: SizeOfImage: 0x50000 (327680)
65db4c.1664: Resource Dir: 0x30000 LB 0x3f8
66db4c.1664: ProductName: Microsoft® Windows® Operating System
67db4c.1664: ProductVersion: 6.1.7601.19045
68db4c.1664: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
69db4c.1664: FileDescription: ApiSet Schema DLL
70db4c.1664: supR3HardenedWinFindAdversaries: 0x80
71db4c.1664: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
72db4c.1664: CreationTime: 2016-03-26T07:06:34.037695200Z
73db4c.1664: LastWriteTime: 2016-07-29T18:39:09.104152200Z
74db4c.1664: ChangeTime: 2016-07-29T18:39:09.104152200Z
75db4c.1664: FileAttributes: 0x20
76db4c.1664: Size: 0x2eed8
77db4c.1664: NT Headers: 0xe0
78db4c.1664: Timestamp: 0x55b855d9
79db4c.1664: Machine: 0x8664 - amd64
80db4c.1664: Timestamp: 0x55b855d9
81db4c.1664: Image Version: 6.1
82db4c.1664: SizeOfImage: 0x33000 (208896)
83db4c.1664: Resource Dir: 0x31000 LB 0x3b8
84db4c.1664: ProductName: Malwarebytes Anti-Malware
85db4c.1664: ProductVersion: 0.3.0.0
86db4c.1664: FileVersion: 0.3.0.0
87db4c.1664: FileDescription: Malwarebytes Anti-Malware
88db4c.1664: \SystemRoot\System32\drivers\mwac.sys:
89db4c.1664: CreationTime: 2016-03-26T07:06:12.861506100Z
90db4c.1664: LastWriteTime: 2016-03-10T11:09:06.000000000Z
91db4c.1664: ChangeTime: 2016-07-29T18:37:45.410524500Z
92db4c.1664: FileAttributes: 0x20
93db4c.1664: Size: 0xfd80
94db4c.1664: NT Headers: 0xf8
95db4c.1664: Timestamp: 0x53a0f42a
96db4c.1664: Machine: 0x8664 - amd64
97db4c.1664: Timestamp: 0x53a0f42a
98db4c.1664: Image Version: 6.2
99db4c.1664: SizeOfImage: 0x12000 (73728)
100db4c.1664: Resource Dir: 0x10000 LB 0x3e0
101db4c.1664: ProductName: Malwarebytes Web Access Control
102db4c.1664: ProductVersion: 1.0.6.0
103db4c.1664: FileVersion: 1.0.6.0
104db4c.1664: FileDescription: Malwarebytes Web Access Control
105db4c.1664: \SystemRoot\System32\drivers\mbamchameleon.sys:
106db4c.1664: CreationTime: 2016-03-26T07:06:12.872507500Z
107db4c.1664: LastWriteTime: 2016-03-10T11:08:58.000000000Z
108db4c.1664: ChangeTime: 2016-07-29T18:37:45.424026200Z
109db4c.1664: FileAttributes: 0x20
110db4c.1664: Size: 0x22580
111db4c.1664: NT Headers: 0xe0
112db4c.1664: Timestamp: 0x56a95753
113db4c.1664: Machine: 0x8664 - amd64
114db4c.1664: Timestamp: 0x56a95753
115db4c.1664: Image Version: 6.1
116db4c.1664: SizeOfImage: 0x26000 (155648)
117db4c.1664: Resource Dir: 0x24000 LB 0xba8
118db4c.1664: ProductName: Malwarebytes Chameleon
119db4c.1664: ProductVersion: 1.1.22.0
120db4c.1664: FileVersion: 1.1.22.0
121db4c.1664: FileDescription: Malwarebytes Chameleon Protection Driver
122db4c.1664: \SystemRoot\System32\drivers\mbam.sys:
123db4c.1664: CreationTime: 2016-03-26T07:06:12.857005600Z
124db4c.1664: LastWriteTime: 2016-03-10T11:08:54.000000000Z
125db4c.1664: ChangeTime: 2016-07-29T18:37:45.402523500Z
126db4c.1664: FileAttributes: 0x20
127db4c.1664: Size: 0x6980
128db4c.1664: NT Headers: 0xd8
129db4c.1664: Timestamp: 0x55ca3257
130db4c.1664: Machine: 0x8664 - amd64
131db4c.1664: Timestamp: 0x55ca3257
132db4c.1664: Image Version: 6.1
133db4c.1664: SizeOfImage: 0xa000 (40960)
134db4c.1664: Resource Dir: 0x8000 LB 0x3a0
135db4c.1664: ProductName: Malwarebytes Anti-Malware
136db4c.1664: ProductVersion: 0.1.16.0
137db4c.1664: FileVersion: 0.1.16.0
138db4c.1664: FileDescription: Malwarebytes Anti-Malware
139db4c.1664: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
140db4c.1664: Calling main()
141db4c.1664: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
142db4c.1664: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
143db4c.1664: SUPR3HardenedMain: Respawn #1
144db4c.1664: System32: \Device\HarddiskVolume2\Windows\System32
145db4c.1664: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
146db4c.1664: KnownDllPath: C:\Windows\system32
147db4c.1664: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
148db4c.1664: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
149db4c.1664: supR3HardNtEnableThreadCreation:
150db4c.1664: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076f5b630 pvNtTerminateThread=0000000076f7dee0
151db4c.1664: supR3HardenedWinDoReSpawn(1): New child e9bc.c8f8 [kernel32].
152db4c.1664: supR3HardNtChildGatherData: PebBaseAddress=000007fffffda000 cbPeb=0x380
153db4c.1664: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000076f30000 uNtDllChildAddr=0000000076f30000
154db4c.1664: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000076f5b630
155db4c.1664: supR3HardenedWinSetupChildInit: Start child.
156db4c.1664: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
157db4c.1664: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
158db4c.1664: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
159db4c.1664: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
160db4c.1664: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
161db4c.1664: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
162db4c.1664: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
163db4c.1664: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
164db4c.1664: 0000000000041000-0000000000001fff 0x0001/0x0000 0x0000000
165db4c.1664: *0000000000080000-fffffffffff83fff 0x0000/0x0004 0x0020000
166db4c.1664: 000000000017c000-0000000000179fff 0x0104/0x0004 0x0020000
167db4c.1664: 000000000017e000-000000000017bfff 0x0004/0x0004 0x0020000
168db4c.1664: 0000000000180000-ffffffff893cffff 0x0001/0x0000 0x0000000
169db4c.1664: *0000000076f30000-0000000076f30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
170db4c.1664: 0000000076f31000-000000007702efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
171db4c.1664: 000000007702f000-000000007705dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
172db4c.1664: 000000007705e000-0000000077065fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
173db4c.1664: 0000000077066000-0000000077066fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
174db4c.1664: 0000000077067000-0000000077069fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
175db4c.1664: 000000007706a000-00000000770d8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
176db4c.1664: 00000000770d9000-000000006f1d1fff 0x0001/0x0000 0x0000000
177db4c.1664: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
178db4c.1664: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
179db4c.1664: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
180db4c.1664: 000000007fff0000-ffffffffc088ffff 0x0001/0x0000 0x0000000
181db4c.1664: *000000013f750000-000000013f750fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
182db4c.1664: 000000013f751000-000000013f7bffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
183db4c.1664: 000000013f7c0000-000000013f7c0fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
184db4c.1664: 000000013f7c1000-000000013f805fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
185db4c.1664: 000000013f806000-000000013f806fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
186db4c.1664: 000000013f807000-000000013f807fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
187db4c.1664: 000000013f808000-000000013f80cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
188db4c.1664: 000000013f80d000-000000013f80dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
189db4c.1664: 000000013f80e000-000000013f80efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
190db4c.1664: 000000013f80f000-000000013f812fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
191db4c.1664: 000000013f813000-000000013f85afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
192db4c.1664: 000000013f85b000-fffff8037fe65fff 0x0001/0x0000 0x0000000
193db4c.1664: *000007feff250000-000007feff250fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
194db4c.1664: 000007feff251000-000007fdfe4f1fff 0x0001/0x0000 0x0000000
195db4c.1664: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
196db4c.1664: 000007fffffd3000-000007fffffcbfff 0x0001/0x0000 0x0000000
197db4c.1664: *000007fffffda000-000007fffffd8fff 0x0004/0x0004 0x0020000
198db4c.1664: 000007fffffdb000-000007fffffd7fff 0x0001/0x0000 0x0000000
199db4c.1664: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
200db4c.1664: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
201db4c.1664: apisetschema.dll: timestamp 0x562590e2 (rc=VINF_SUCCESS)
202db4c.1664: VirtualBox.exe: timestamp 0x57d6d53c (rc=VINF_SUCCESS)
203db4c.1664: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
204db4c.1664: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
205db4c.1664: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
206db4c.1664: supR3HardNtChildPurify: Done after 557 ms and 0 fixes (loop #0).
207e9bc.c8f8: Log file opened: 5.1.6r110634 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
208e9bc.c8f8: supR3HardenedVmProcessInit: uNtDllAddr=0000000076f30000 g_uNtVerCombined=0x611db100
209e9bc.c8f8: ntdll.dll: timestamp 0x56259295 (rc=VINF_SUCCESS)
210e9bc.c8f8: New simple heap: #1 0000000000280000 LB 0x400000 (for 1740800 allocation)
211db4c.1664: supR3HardNtEnableThreadCreation:
212e9bc.c8f8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
213e9bc.c8f8: System32: \Device\HarddiskVolume2\Windows\System32
214e9bc.c8f8: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
215e9bc.c8f8: KnownDllPath: C:\Windows\system32
216e9bc.c8f8: supR3HardenedVmProcessInit: Opening vboxdrv stub...
217e9bc.c8f8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
218e9bc.c8f8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
219e9bc.c8f8: Registered Dll notification callback with NTDLL.
220e9bc.c8f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
221e9bc.c8f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
222e9bc.c8f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
223e9bc.c8f8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
224e9bc.c8f8: supR3HardenedDllNotificationCallback: load 0000000076e10000 LB 0x00120000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
225e9bc.c8f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
226e9bc.c8f8: supR3HardenedDllNotificationCallback: load 000007fefccf0000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
227e9bc.c8f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
228e9bc.c8f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
229e9bc.c8f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e10000 'C:\Windows\system32\kernel32.dll'
230e9bc.c8f8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076f5b630 pvNtTerminateThread=0000000076f7dee0
231db4c.1664: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 41 ms.
232e9bc.c8f8: \SystemRoot\System32\ntdll.dll:
233e9bc.c8f8: CreationTime: 2015-11-21T14:15:17.185097600Z
234e9bc.c8f8: LastWriteTime: 2015-10-20T01:09:05.164170200Z
235e9bc.c8f8: ChangeTime: 2015-11-21T15:42:35.700119400Z
236e9bc.c8f8: FileAttributes: 0x20
237e9bc.c8f8: Size: 0x1a67c0
238e9bc.c8f8: NT Headers: 0xe0
239e9bc.c8f8: Timestamp: 0x56259295
240e9bc.c8f8: Machine: 0x8664 - amd64
241e9bc.c8f8: Timestamp: 0x56259295
242e9bc.c8f8: Image Version: 6.1
243e9bc.c8f8: SizeOfImage: 0x1a9000 (1740800)
244e9bc.c8f8: Resource Dir: 0x14d000 LB 0x5a028
245e9bc.c8f8: ProductName: Microsoft® Windows® Operating System
246e9bc.c8f8: ProductVersion: 6.1.7601.19045
247e9bc.c8f8: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
248e9bc.c8f8: FileDescription: NT Layer DLL
249e9bc.c8f8: \SystemRoot\System32\kernel32.dll:
250e9bc.c8f8: CreationTime: 2015-11-21T14:15:16.741041200Z
251e9bc.c8f8: LastWriteTime: 2015-10-20T01:05:40.819000000Z
252e9bc.c8f8: ChangeTime: 2015-11-21T15:42:35.778119500Z
253e9bc.c8f8: FileAttributes: 0x20
254e9bc.c8f8: Size: 0x11c600
255e9bc.c8f8: NT Headers: 0xe8
256e9bc.c8f8: Timestamp: 0x56259270
257e9bc.c8f8: Machine: 0x8664 - amd64
258e9bc.c8f8: Timestamp: 0x56259270
259e9bc.c8f8: Image Version: 6.1
260e9bc.c8f8: SizeOfImage: 0x120000 (1179648)
261e9bc.c8f8: Resource Dir: 0x117000 LB 0x528
262e9bc.c8f8: ProductName: Microsoft® Windows® Operating System
263e9bc.c8f8: ProductVersion: 6.1.7601.19045
264e9bc.c8f8: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
265e9bc.c8f8: FileDescription: Windows NT BASE API Client DLL
266e9bc.c8f8: \SystemRoot\System32\KernelBase.dll:
267e9bc.c8f8: CreationTime: 2015-11-21T14:15:16.693035100Z
268e9bc.c8f8: LastWriteTime: 2015-10-20T01:05:40.819000000Z
269e9bc.c8f8: ChangeTime: 2015-11-21T15:42:35.778119500Z
270e9bc.c8f8: FileAttributes: 0x20
271e9bc.c8f8: Size: 0x67c00
272e9bc.c8f8: NT Headers: 0xe8
273e9bc.c8f8: Timestamp: 0x56259271
274e9bc.c8f8: Machine: 0x8664 - amd64
275e9bc.c8f8: Timestamp: 0x56259271
276e9bc.c8f8: Image Version: 6.1
277e9bc.c8f8: SizeOfImage: 0x6c000 (442368)
278e9bc.c8f8: Resource Dir: 0x6a000 LB 0x530
279e9bc.c8f8: ProductName: Microsoft® Windows® Operating System
280e9bc.c8f8: ProductVersion: 6.1.7601.19045
281e9bc.c8f8: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
282e9bc.c8f8: FileDescription: Windows NT BASE API Client DLL
283e9bc.c8f8: \SystemRoot\System32\apisetschema.dll:
284e9bc.c8f8: CreationTime: 2015-11-21T14:15:16.142965300Z
285e9bc.c8f8: LastWriteTime: 2015-10-20T00:53:47.280000000Z
286e9bc.c8f8: ChangeTime: 2015-11-21T15:42:35.700119400Z
287e9bc.c8f8: FileAttributes: 0x20
288e9bc.c8f8: Size: 0x1a00
289e9bc.c8f8: NT Headers: 0xc0
290e9bc.c8f8: Timestamp: 0x562590e2
291e9bc.c8f8: Machine: 0x8664 - amd64
292e9bc.c8f8: Timestamp: 0x562590e2
293e9bc.c8f8: Image Version: 6.1
294e9bc.c8f8: SizeOfImage: 0x50000 (327680)
295e9bc.c8f8: Resource Dir: 0x30000 LB 0x3f8
296e9bc.c8f8: ProductName: Microsoft® Windows® Operating System
297e9bc.c8f8: ProductVersion: 6.1.7601.19045
298e9bc.c8f8: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
299e9bc.c8f8: FileDescription: ApiSet Schema DLL
300e9bc.c8f8: supR3HardenedWinFindAdversaries: 0x80
301e9bc.c8f8: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
302e9bc.c8f8: CreationTime: 2016-03-26T07:06:34.037695200Z
303e9bc.c8f8: LastWriteTime: 2016-07-29T18:39:09.104152200Z
304e9bc.c8f8: ChangeTime: 2016-07-29T18:39:09.104152200Z
305e9bc.c8f8: FileAttributes: 0x20
306e9bc.c8f8: Size: 0x2eed8
307e9bc.c8f8: NT Headers: 0xe0
308e9bc.c8f8: Timestamp: 0x55b855d9
309e9bc.c8f8: Machine: 0x8664 - amd64
310e9bc.c8f8: Timestamp: 0x55b855d9
311e9bc.c8f8: Image Version: 6.1
312e9bc.c8f8: SizeOfImage: 0x33000 (208896)
313e9bc.c8f8: Resource Dir: 0x31000 LB 0x3b8
314e9bc.c8f8: ProductName: Malwarebytes Anti-Malware
315e9bc.c8f8: ProductVersion: 0.3.0.0
316e9bc.c8f8: FileVersion: 0.3.0.0
317e9bc.c8f8: FileDescription: Malwarebytes Anti-Malware
318e9bc.c8f8: \SystemRoot\System32\drivers\mwac.sys:
319e9bc.c8f8: CreationTime: 2016-03-26T07:06:12.861506100Z
320e9bc.c8f8: LastWriteTime: 2016-03-10T11:09:06.000000000Z
321e9bc.c8f8: ChangeTime: 2016-07-29T18:37:45.410524500Z
322e9bc.c8f8: FileAttributes: 0x20
323e9bc.c8f8: Size: 0xfd80
324e9bc.c8f8: NT Headers: 0xf8
325e9bc.c8f8: Timestamp: 0x53a0f42a
326e9bc.c8f8: Machine: 0x8664 - amd64
327e9bc.c8f8: Timestamp: 0x53a0f42a
328e9bc.c8f8: Image Version: 6.2
329e9bc.c8f8: SizeOfImage: 0x12000 (73728)
330e9bc.c8f8: Resource Dir: 0x10000 LB 0x3e0
331e9bc.c8f8: ProductName: Malwarebytes Web Access Control
332e9bc.c8f8: ProductVersion: 1.0.6.0
333e9bc.c8f8: FileVersion: 1.0.6.0
334e9bc.c8f8: FileDescription: Malwarebytes Web Access Control
335e9bc.c8f8: \SystemRoot\System32\drivers\mbamchameleon.sys:
336e9bc.c8f8: CreationTime: 2016-03-26T07:06:12.872507500Z
337e9bc.c8f8: LastWriteTime: 2016-03-10T11:08:58.000000000Z
338e9bc.c8f8: ChangeTime: 2016-07-29T18:37:45.424026200Z
339e9bc.c8f8: FileAttributes: 0x20
340e9bc.c8f8: Size: 0x22580
341e9bc.c8f8: NT Headers: 0xe0
342e9bc.c8f8: Timestamp: 0x56a95753
343e9bc.c8f8: Machine: 0x8664 - amd64
344e9bc.c8f8: Timestamp: 0x56a95753
345e9bc.c8f8: Image Version: 6.1
346e9bc.c8f8: SizeOfImage: 0x26000 (155648)
347e9bc.c8f8: Resource Dir: 0x24000 LB 0xba8
348e9bc.c8f8: ProductName: Malwarebytes Chameleon
349e9bc.c8f8: ProductVersion: 1.1.22.0
350e9bc.c8f8: FileVersion: 1.1.22.0
351e9bc.c8f8: FileDescription: Malwarebytes Chameleon Protection Driver
352e9bc.c8f8: \SystemRoot\System32\drivers\mbam.sys:
353e9bc.c8f8: CreationTime: 2016-03-26T07:06:12.857005600Z
354e9bc.c8f8: LastWriteTime: 2016-03-10T11:08:54.000000000Z
355e9bc.c8f8: ChangeTime: 2016-07-29T18:37:45.402523500Z
356e9bc.c8f8: FileAttributes: 0x20
357e9bc.c8f8: Size: 0x6980
358e9bc.c8f8: NT Headers: 0xd8
359e9bc.c8f8: Timestamp: 0x55ca3257
360e9bc.c8f8: Machine: 0x8664 - amd64
361e9bc.c8f8: Timestamp: 0x55ca3257
362e9bc.c8f8: Image Version: 6.1
363e9bc.c8f8: SizeOfImage: 0xa000 (40960)
364e9bc.c8f8: Resource Dir: 0x8000 LB 0x3a0
365e9bc.c8f8: ProductName: Malwarebytes Anti-Malware
366e9bc.c8f8: ProductVersion: 0.1.16.0
367e9bc.c8f8: FileVersion: 0.1.16.0
368e9bc.c8f8: FileDescription: Malwarebytes Anti-Malware
369e9bc.c8f8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
370e9bc.c8f8: Calling main()
371e9bc.c8f8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
372e9bc.c8f8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
373e9bc.c8f8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
374e9bc.c8f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
375e9bc.c8f8: SUPR3HardenedMain: Respawn #2
376e9bc.c8f8: supR3HardNtEnableThreadCreation:
377e9bc.c8f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
378e9bc.c8f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
379e9bc.c8f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
380e9bc.c8f8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
381e9bc.c8f8: supR3HardenedDllNotificationCallback: load 000007fefcad0000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
382e9bc.c8f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
383e9bc.c8f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcad0000 'C:\Windows\system32\apphelp.dll'
384e9bc.c8f8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076f5b630 pvNtTerminateThread=0000000076f7dee0
385e9bc.c8f8: supR3HardenedWinDoReSpawn(2): New child 63ec.74e4 [kernel32].
386e9bc.c8f8: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdd000 cbPeb=0x380
387e9bc.c8f8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000076f30000 uNtDllChildAddr=0000000076f30000
388e9bc.c8f8: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000076f5b630
389e9bc.c8f8: supR3HardenedWinSetupChildInit: Start child.
390e9bc.c8f8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
391e9bc.c8f8: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 64 sleeps
392e9bc.c8f8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
393e9bc.c8f8: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
394e9bc.c8f8: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
395e9bc.c8f8: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
396e9bc.c8f8: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
397e9bc.c8f8: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
398e9bc.c8f8: 0000000000041000-fffffffffffc1fff 0x0001/0x0000 0x0000000
399e9bc.c8f8: *00000000000c0000-fffffffffffc3fff 0x0000/0x0004 0x0020000
400e9bc.c8f8: 00000000001bc000-00000000001b9fff 0x0104/0x0004 0x0020000
401e9bc.c8f8: 00000000001be000-00000000001bbfff 0x0004/0x0004 0x0020000
402e9bc.c8f8: 00000000001c0000-ffffffff8944ffff 0x0001/0x0000 0x0000000
403e9bc.c8f8: *0000000076f30000-0000000076f30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
404e9bc.c8f8: 0000000076f31000-000000007702efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
405e9bc.c8f8: 000000007702f000-000000007705dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
406e9bc.c8f8: 000000007705e000-0000000077065fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
407e9bc.c8f8: 0000000077066000-0000000077066fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
408e9bc.c8f8: 0000000077067000-0000000077069fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
409e9bc.c8f8: 000000007706a000-00000000770d8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
410e9bc.c8f8: 00000000770d9000-000000006f1d1fff 0x0001/0x0000 0x0000000
411e9bc.c8f8: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
412e9bc.c8f8: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
413e9bc.c8f8: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
414e9bc.c8f8: 000000007fff0000-ffffffffc088ffff 0x0001/0x0000 0x0000000
415e9bc.c8f8: *000000013f750000-000000013f750fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
416e9bc.c8f8: 000000013f751000-000000013f7bffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
417e9bc.c8f8: 000000013f7c0000-000000013f7c0fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
418e9bc.c8f8: 000000013f7c1000-000000013f805fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
419e9bc.c8f8: 000000013f806000-000000013f806fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
420e9bc.c8f8: 000000013f807000-000000013f807fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
421e9bc.c8f8: 000000013f808000-000000013f80cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
422e9bc.c8f8: 000000013f80d000-000000013f80dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
423e9bc.c8f8: 000000013f80e000-000000013f80efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
424e9bc.c8f8: 000000013f80f000-000000013f812fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
425e9bc.c8f8: 000000013f813000-000000013f85afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
426e9bc.c8f8: 000000013f85b000-fffff8037fe65fff 0x0001/0x0000 0x0000000
427e9bc.c8f8: *000007feff250000-000007feff250fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
428e9bc.c8f8: 000007feff251000-000007fdfe4f1fff 0x0001/0x0000 0x0000000
429e9bc.c8f8: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
430e9bc.c8f8: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000
431e9bc.c8f8: *000007fffffdd000-000007fffffdbfff 0x0004/0x0004 0x0020000
432e9bc.c8f8: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
433e9bc.c8f8: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
434e9bc.c8f8: apisetschema.dll: timestamp 0x562590e2 (rc=VINF_SUCCESS)
435e9bc.c8f8: VirtualBox.exe: timestamp 0x57d6d53c (rc=VINF_SUCCESS)
436e9bc.c8f8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
437e9bc.c8f8: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
438e9bc.c8f8: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
439e9bc.c8f8: supR3HardNtChildPurify: Done after 551 ms and 0 fixes (loop #0).
44063ec.74e4: Log file opened: 5.1.6r110634 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
44163ec.74e4: supR3HardenedVmProcessInit: uNtDllAddr=0000000076f30000 g_uNtVerCombined=0x611db100
44263ec.74e4: ntdll.dll: timestamp 0x56259295 (rc=VINF_SUCCESS)
44363ec.74e4: New simple heap: #1 00000000002c0000 LB 0x400000 (for 1740800 allocation)
444e9bc.c8f8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000280000 LB 0x400000)
445e9bc.c8f8: supR3HardNtEnableThreadCreation:
44663ec.74e4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
44763ec.74e4: System32: \Device\HarddiskVolume2\Windows\System32
44863ec.74e4: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
44963ec.74e4: KnownDllPath: C:\Windows\system32
45063ec.74e4: supR3HardenedVmProcessInit: Opening vboxdrv...
45163ec.74e4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
45263ec.74e4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
45363ec.74e4: Registered Dll notification callback with NTDLL.
45463ec.74e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
45563ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
45663ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
45763ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
45863ec.74e4: supR3HardenedDllNotificationCallback: load 0000000076e10000 LB 0x00120000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
45963ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
46063ec.74e4: supR3HardenedDllNotificationCallback: load 000007fefccf0000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
46163ec.74e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
46263ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
46363ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e10000 'C:\Windows\system32\kernel32.dll'
46463ec.74e4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076f5b630 pvNtTerminateThread=0000000076f7dee0
465e9bc.c8f8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 51 ms.
46663ec.74e4: \SystemRoot\System32\ntdll.dll:
46763ec.74e4: CreationTime: 2015-11-21T14:15:17.185097600Z
46863ec.74e4: LastWriteTime: 2015-10-20T01:09:05.164170200Z
46963ec.74e4: ChangeTime: 2015-11-21T15:42:35.700119400Z
47063ec.74e4: FileAttributes: 0x20
47163ec.74e4: Size: 0x1a67c0
47263ec.74e4: NT Headers: 0xe0
47363ec.74e4: Timestamp: 0x56259295
47463ec.74e4: Machine: 0x8664 - amd64
47563ec.74e4: Timestamp: 0x56259295
47663ec.74e4: Image Version: 6.1
47763ec.74e4: SizeOfImage: 0x1a9000 (1740800)
47863ec.74e4: Resource Dir: 0x14d000 LB 0x5a028
47963ec.74e4: ProductName: Microsoft® Windows® Operating System
48063ec.74e4: ProductVersion: 6.1.7601.19045
48163ec.74e4: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
48263ec.74e4: FileDescription: NT Layer DLL
48363ec.74e4: \SystemRoot\System32\kernel32.dll:
48463ec.74e4: CreationTime: 2015-11-21T14:15:16.741041200Z
48563ec.74e4: LastWriteTime: 2015-10-20T01:05:40.819000000Z
48663ec.74e4: ChangeTime: 2015-11-21T15:42:35.778119500Z
48763ec.74e4: FileAttributes: 0x20
48863ec.74e4: Size: 0x11c600
48963ec.74e4: NT Headers: 0xe8
49063ec.74e4: Timestamp: 0x56259270
49163ec.74e4: Machine: 0x8664 - amd64
49263ec.74e4: Timestamp: 0x56259270
49363ec.74e4: Image Version: 6.1
49463ec.74e4: SizeOfImage: 0x120000 (1179648)
49563ec.74e4: Resource Dir: 0x117000 LB 0x528
49663ec.74e4: ProductName: Microsoft® Windows® Operating System
49763ec.74e4: ProductVersion: 6.1.7601.19045
49863ec.74e4: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
49963ec.74e4: FileDescription: Windows NT BASE API Client DLL
50063ec.74e4: \SystemRoot\System32\KernelBase.dll:
50163ec.74e4: CreationTime: 2015-11-21T14:15:16.693035100Z
50263ec.74e4: LastWriteTime: 2015-10-20T01:05:40.819000000Z
50363ec.74e4: ChangeTime: 2015-11-21T15:42:35.778119500Z
50463ec.74e4: FileAttributes: 0x20
50563ec.74e4: Size: 0x67c00
50663ec.74e4: NT Headers: 0xe8
50763ec.74e4: Timestamp: 0x56259271
50863ec.74e4: Machine: 0x8664 - amd64
50963ec.74e4: Timestamp: 0x56259271
51063ec.74e4: Image Version: 6.1
51163ec.74e4: SizeOfImage: 0x6c000 (442368)
51263ec.74e4: Resource Dir: 0x6a000 LB 0x530
51363ec.74e4: ProductName: Microsoft® Windows® Operating System
51463ec.74e4: ProductVersion: 6.1.7601.19045
51563ec.74e4: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
51663ec.74e4: FileDescription: Windows NT BASE API Client DLL
51763ec.74e4: \SystemRoot\System32\apisetschema.dll:
51863ec.74e4: CreationTime: 2015-11-21T14:15:16.142965300Z
51963ec.74e4: LastWriteTime: 2015-10-20T00:53:47.280000000Z
52063ec.74e4: ChangeTime: 2015-11-21T15:42:35.700119400Z
52163ec.74e4: FileAttributes: 0x20
52263ec.74e4: Size: 0x1a00
52363ec.74e4: NT Headers: 0xc0
52463ec.74e4: Timestamp: 0x562590e2
52563ec.74e4: Machine: 0x8664 - amd64
52663ec.74e4: Timestamp: 0x562590e2
52763ec.74e4: Image Version: 6.1
52863ec.74e4: SizeOfImage: 0x50000 (327680)
52963ec.74e4: Resource Dir: 0x30000 LB 0x3f8
53063ec.74e4: ProductName: Microsoft® Windows® Operating System
53163ec.74e4: ProductVersion: 6.1.7601.19045
53263ec.74e4: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
53363ec.74e4: FileDescription: ApiSet Schema DLL
53463ec.74e4: supR3HardenedWinFindAdversaries: 0x80
53563ec.74e4: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
53663ec.74e4: CreationTime: 2016-03-26T07:06:34.037695200Z
53763ec.74e4: LastWriteTime: 2016-07-29T18:39:09.104152200Z
53863ec.74e4: ChangeTime: 2016-07-29T18:39:09.104152200Z
53963ec.74e4: FileAttributes: 0x20
54063ec.74e4: Size: 0x2eed8
54163ec.74e4: NT Headers: 0xe0
54263ec.74e4: Timestamp: 0x55b855d9
54363ec.74e4: Machine: 0x8664 - amd64
54463ec.74e4: Timestamp: 0x55b855d9
54563ec.74e4: Image Version: 6.1
54663ec.74e4: SizeOfImage: 0x33000 (208896)
54763ec.74e4: Resource Dir: 0x31000 LB 0x3b8
54863ec.74e4: ProductName: Malwarebytes Anti-Malware
54963ec.74e4: ProductVersion: 0.3.0.0
55063ec.74e4: FileVersion: 0.3.0.0
55163ec.74e4: FileDescription: Malwarebytes Anti-Malware
55263ec.74e4: \SystemRoot\System32\drivers\mwac.sys:
55363ec.74e4: CreationTime: 2016-03-26T07:06:12.861506100Z
55463ec.74e4: LastWriteTime: 2016-03-10T11:09:06.000000000Z
55563ec.74e4: ChangeTime: 2016-07-29T18:37:45.410524500Z
55663ec.74e4: FileAttributes: 0x20
55763ec.74e4: Size: 0xfd80
55863ec.74e4: NT Headers: 0xf8
55963ec.74e4: Timestamp: 0x53a0f42a
56063ec.74e4: Machine: 0x8664 - amd64
56163ec.74e4: Timestamp: 0x53a0f42a
56263ec.74e4: Image Version: 6.2
56363ec.74e4: SizeOfImage: 0x12000 (73728)
56463ec.74e4: Resource Dir: 0x10000 LB 0x3e0
56563ec.74e4: ProductName: Malwarebytes Web Access Control
56663ec.74e4: ProductVersion: 1.0.6.0
56763ec.74e4: FileVersion: 1.0.6.0
56863ec.74e4: FileDescription: Malwarebytes Web Access Control
56963ec.74e4: \SystemRoot\System32\drivers\mbamchameleon.sys:
57063ec.74e4: CreationTime: 2016-03-26T07:06:12.872507500Z
57163ec.74e4: LastWriteTime: 2016-03-10T11:08:58.000000000Z
57263ec.74e4: ChangeTime: 2016-07-29T18:37:45.424026200Z
57363ec.74e4: FileAttributes: 0x20
57463ec.74e4: Size: 0x22580
57563ec.74e4: NT Headers: 0xe0
57663ec.74e4: Timestamp: 0x56a95753
57763ec.74e4: Machine: 0x8664 - amd64
57863ec.74e4: Timestamp: 0x56a95753
57963ec.74e4: Image Version: 6.1
58063ec.74e4: SizeOfImage: 0x26000 (155648)
58163ec.74e4: Resource Dir: 0x24000 LB 0xba8
58263ec.74e4: ProductName: Malwarebytes Chameleon
58363ec.74e4: ProductVersion: 1.1.22.0
58463ec.74e4: FileVersion: 1.1.22.0
58563ec.74e4: FileDescription: Malwarebytes Chameleon Protection Driver
58663ec.74e4: \SystemRoot\System32\drivers\mbam.sys:
58763ec.74e4: CreationTime: 2016-03-26T07:06:12.857005600Z
58863ec.74e4: LastWriteTime: 2016-03-10T11:08:54.000000000Z
58963ec.74e4: ChangeTime: 2016-07-29T18:37:45.402523500Z
59063ec.74e4: FileAttributes: 0x20
59163ec.74e4: Size: 0x6980
59263ec.74e4: NT Headers: 0xd8
59363ec.74e4: Timestamp: 0x55ca3257
59463ec.74e4: Machine: 0x8664 - amd64
59563ec.74e4: Timestamp: 0x55ca3257
59663ec.74e4: Image Version: 6.1
59763ec.74e4: SizeOfImage: 0xa000 (40960)
59863ec.74e4: Resource Dir: 0x8000 LB 0x3a0
59963ec.74e4: ProductName: Malwarebytes Anti-Malware
60063ec.74e4: ProductVersion: 0.1.16.0
60163ec.74e4: FileVersion: 0.1.16.0
60263ec.74e4: FileDescription: Malwarebytes Anti-Malware
60363ec.74e4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
60463ec.74e4: Calling main()
60563ec.74e4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
60663ec.74e4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
60763ec.74e4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
60863ec.74e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
60963ec.74e4: SUPR3HardenedMain: Final process, opening VBoxDrv...
61063ec.74e4: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002c0000 LB 0x400000)
61163ec.74e4: supR3HardNtEnableThreadCreation:
61263ec.74e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
61363ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
61463ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000843e40:C:\Windows\system32 [calling]
61563ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
61663ec.74e4: supR3HardenedDllNotificationCallback: load 000007fef42d0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
61763ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
61863ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
61963ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
62063ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef42d0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
62163ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
62263ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
62363ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef42d0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
62463ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef42d0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
62563ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
62663ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
62763ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
62863ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
62963ec.74e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
63063ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
63163ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
63263ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
63363ec.74e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
63463ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
63563ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
63663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
63763ec.74e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
63863ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
63963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
64063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
64163ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
64263ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
64363ec.74e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
64463ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
64563ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
64663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
64763ec.74e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
64863ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
64963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
65063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
65163ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
65263ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
65363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
65463ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
65563ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000843e40:C:\Windows\system32 [calling]
65663ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
65763ec.74e4: supR3HardenedDllNotificationCallback: load 000007fefce20000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
65863ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
65963ec.74e4: supR3HardenedDllNotificationCallback: load 000007fefdbc0000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
66063ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
66163ec.74e4: supR3HardenedDllNotificationCallback: load 000007fefcf00000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
66263ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
66363ec.74e4: supR3HardenedDllNotificationCallback: load 000007fefcce0000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
66463ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
66563ec.74e4: supR3HardenedDllNotificationCallback: load 000007fefefc0000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
66663ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
66763ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce20000 'C:\Windows\system32\Wintrust.dll'
66863ec.74e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
66963ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
67063ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008b92f0:C:\Windows\system32 [calling]
67163ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
67263ec.74e4: supR3HardenedDllNotificationCallback: load 000007fefc600000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
67363ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
67463ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc600000 'C:\Windows\system32\bcrypt.dll'
67563ec.74e4: bcrypt.dll loaded at 000007fefc600000, BCryptOpenAlgorithmProvider at 000007fefc602640, preloading providers:
67663ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
67763ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
67863ec.74e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
67963ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
68063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
68163ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
68263ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
68363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
68463ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
68563ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
68663ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
68763ec.74e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
68863ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
68963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
69063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
69163ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
69263ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
69363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
69463ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
69563ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
69663ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
69763ec.74e4: supR3HardenedDllNotificationCallback: load 000007fefc100000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
69863ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
69963ec.74e4: supR3HardenedDllNotificationCallback: load 000007fefeee0000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
70063ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
70163ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
70263ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
70363ec.74e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
70463ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
70563ec.74e4: supR3HardenedDllNotificationCallback: load 000007fefd9f0000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
70663ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
70763ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc100000 'C:\Windows\system32\bcryptprimitives.dll'
70863ec.74e4: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000008ba9d0)
70963ec.74e4: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000008bd890)
71063ec.74e4: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000008bd9b0)
71163ec.74e4: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000008bdbc0)
71263ec.74e4: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000008bdce0)
71363ec.74e4: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000008bde00)
71463ec.74e4: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000008be040)
71563ec.74e4: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000008be160)
71663ec.74e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
71763ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
71863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
71963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
72063ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
72163ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
72263ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
72363ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
72463ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
72563ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
72663ec.74e4: supR3HardenedDllNotificationCallback: load 000007fefc4b0000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
72763ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
72863ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc4b0000 'C:\Windows\system32\CRYPTSP.dll'
72963ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
73063ec.74e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
73163ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
73263ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
73363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
73463ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
73563ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
73663ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
73763ec.74e4: supR3HardenedDllNotificationCallback: load 000007fefc1a0000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
73863ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
73963ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc1a0000 'C:\Windows\system32\rsaenh.dll'
74063ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
74163ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
74263ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeee0000 'C:\Windows\system32\ADVAPI32.dll'
74363ec.74e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
74463ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
74563ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
74663ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
74763ec.74e4: supR3HardenedDllNotificationCallback: load 000007fefcb70000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
74863ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
74963ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb70000 'C:\Windows\system32\CRYPTBASE.dll'
75063ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
75163ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
75263ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e10000 'C:\Windows\system32\kernel32.dll'
75363ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
75463ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
75563ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce20000 'C:\Windows\system32\WINTRUST.DLL'
75663ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
75763ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
75863ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf00000 'C:\Windows\system32\CRYPT32.dll'
75963ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
76063ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
76163ec.74e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
76263ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
76363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
76463ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
76563ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
76663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
76763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
76863ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
76963ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
77063ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
77163ec.74e4: supR3HardenedDllNotificationCallback: load 000007fefeec0000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
77263ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
77363ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeec0000 'C:\Windows\system32\imagehlp.dll'
77463ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
77563ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
77663ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc4b0000 'C:\Windows\system32\CRYPTSP.dll'
77763ec.74e4: \Device\HarddiskVolume2\Windows\System32\user32.dll: Owner is administrators group.
77863ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
77963ec.74e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
78063ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
78163ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
78263ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
78363ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
78463ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
78563ec.74e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
78663ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
78763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
78863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
78963ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
79063ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
79163ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
79263ec.74e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
79363ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
79463ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
79563ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
79663ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
79763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
79863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
79963ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
80063ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
80163ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
80263ec.74e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
80363ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
80463ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
80563ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
80663ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
80763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
80863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
80963ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
81063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
81163ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
81263ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
81363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
81463ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
81563ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
81663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
81763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
81863ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
81963ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
82063ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
82163ec.74e4: supR3HardenedDllNotificationCallback: load 0000000076d10000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
82263ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
82363ec.74e4: supR3HardenedDllNotificationCallback: load 000007fefe010000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
82463ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
82563ec.74e4: supR3HardenedDllNotificationCallback: load 000007fefdc60000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
82663ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
82763ec.74e4: supR3HardenedDllNotificationCallback: load 000007fefda10000 LB 0x000c9000 C:\Windows\system32\USP10.dll [fFlags=0x0]
82863ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
82963ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
83063ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
83163ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe010000 'C:\Windows\system32\gdi32.dll'
83263ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
83363ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
83463ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
83563ec.74e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
83663ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
83763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
83863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
83963ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
84063ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
84163ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
84263ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
84363ec.74e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
84463ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
84563ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
84663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
84763ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
84863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
84963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
85063ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
85163ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
85263ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
85363ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
85463ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
85563ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
85663ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
85763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
85863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
85963ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
86063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
86163ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
86263ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
86363ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
86463ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
86563ec.74e4: supR3HardenedDllNotificationCallback: load 000007feff170000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
86663ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
86763ec.74e4: supR3HardenedDllNotificationCallback: load 000007fefd4e0000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
86863ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
86963ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff170000 'C:\Windows\system32\IMM32.DLL'
87063ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076d10000 'C:\Windows\system32\USER32.dll'
87163ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
87263ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
87363ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
87463ec.74e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
87563ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
87663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
87763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
87863ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
87963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
88063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
88163ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
88263ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
88363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
88463ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
88563ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
88663ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
88763ec.74e4: supR3HardenedDllNotificationCallback: load 000007fefc630000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
88863ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
88963ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc630000 'C:\Windows\system32\ncrypt.dll'
89063ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
89163ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
89263ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc600000 'C:\Windows\system32\bcrypt.dll'
89363ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
89463ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
89563ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
89663ec.74e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
89763ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
89863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
89963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
90063ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
90163ec.74e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
90263ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
90363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
90463ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
90563ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
90663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
90763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
90863ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
90963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
91063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
91163ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
91263ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
91363ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
91463ec.74e4: supR3HardenedDllNotificationCallback: load 000007fefcd60000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
91563ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
91663ec.74e4: supR3HardenedDllNotificationCallback: load 000007fefccd0000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
91763ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
91863ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd60000 'C:\Windows\system32\USERENV.dll'
91963ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
92063ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9f0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
92163ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
92263ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9f0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
92363ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
92463ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
92563ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefefc0000 'C:\Windows\system32\rpcrt4.dll'
92663ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
92763ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9f0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
92863ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
92963ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RPCRT4.dll (Input=RPCRT4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
93063ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefefc0000 'C:\Windows\system32\RPCRT4.dll'
93163ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
93263ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9f0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
93363ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
93463ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9f0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
93563ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
93663ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9f0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
93763ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
93863ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
93963ec.74e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
94063ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
94163ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
94263ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
94363ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
94463ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
94563ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
94663ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
94763ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
94863ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
94963ec.74e4: supR3HardenedDllNotificationCallback: load 000007fefbf80000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
95063ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
95163ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbf80000 'C:\Windows\system32\GPAPI.dll'
95263ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
95363ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9f0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
95463ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
95563ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9f0000 'API-MS-WIN-Service-Management-L2-1-0.dll'
95663ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
95763ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9f0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
95863ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
95963ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
96063ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
96163ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
96263ec.74e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
96363ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
96463ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
96563ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
96663ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
96763ec.74e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
96863ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
96963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
97063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
97163ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
97263ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
97363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
97463ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
97563ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
97663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
97763ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
97863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
97963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
98063ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
98163ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
98263ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
98363ec.74e4: supR3HardenedDllNotificationCallback: load 000007fef9140000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
98463ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
98563ec.74e4: supR3HardenedDllNotificationCallback: load 000007fefd5f0000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
98663ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
98763ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
98863ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
98963ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9140000 'C:\Windows\system32\cryptnet.dll'
99063ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
99163ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
99263ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9140000 'C:\Windows\system32\cryptnet.dll'
99363ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
99463ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
99563ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9140000 'C:\Windows\system32\cryptnet.dll'
99663ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
99763ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
99863ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9140000 'C:\Windows\system32\cryptnet.dll'
99963ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
100063ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
100163ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9140000 'C:\Windows\system32\cryptnet.dll'
100263ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
100363ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
100463ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9140000 'C:\Windows\system32\cryptnet.dll'
100563ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
100663ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9140000 'C:\Windows\system32\cryptnet.dll'
100763ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
100863ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9140000 'C:\Windows\system32\cryptnet.dll'
100963ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
101063ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9140000 'C:\Windows\system32\cryptnet.dll'
101163ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
101263ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9140000 'C:\Windows\system32\cryptnet.dll'
101363ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
101463ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9140000 'C:\Windows\system32\cryptnet.dll'
101563ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9140000 'C:\Windows\system32\cryptnet.dll'
101663ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
101763ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9140000 'C:\Windows\system32\cryptnet.dll'
101863ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
101963ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9f0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
102063ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
102163ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
102263ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefccd0000 'C:\Windows\system32\profapi.dll'
102363ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
102463ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
102563ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
102663ec.74e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
102763ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
102863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
102963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
103063ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
103163ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
103263ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
103363ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
103463ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
103563ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
103663ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
103763ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
103863ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
103963ec.74e4: supR3HardenedDllNotificationCallback: load 000007feff0f0000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
104063ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
104163ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0f0000 'C:\Windows\system32\SHLWAPI.dll'
104263ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
104363ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000002b01dd0
104463ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
104563ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9B1D637739FC6B271ED989F7454A98D5A76C1B7A
104663ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
104763ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9f0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
104863ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
104963ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9f0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
105063ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
105163ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9f0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
105263ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
105363ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
105463ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeee0000 'C:\Windows\system32\ADVAPI32.dll'
105563ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
105663ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9f0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
105763ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3101746~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\SystemRoot\System32\ntdll.dll'
105863ec.74e4: g_pfnWinVerifyTrust=000007fefce21010
105963ec.74e4: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
106063ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
106163ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
106263ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
106363ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BFD41401EDEBD4D914977D62B588ECABEE60CFD3
106463ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_112_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
106563ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
106663ec.74e4: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
106763ec.74e4: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
106863ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
106963ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
107063ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
107163ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E1BBE4EB6D114F50142F24E2E2749EFD81021486
107263ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
107363ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
107463ec.74e4: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
107563ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003c4 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
107663ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
107763ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
107863ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
107963ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
108063ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
108163ec.74e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
108263ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b8 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
108363ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
108463ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
108563ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
108663ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
108763ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
108863ec.74e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
108963ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b4 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
109063ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
109163ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
109263ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=756DC088EE40CF9369C990D71B200F3CB59FC35D
109363ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
109463ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
109563ec.74e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
109663ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000002e4 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
109763ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
109863ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
109963ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
110063ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
110163ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
110263ec.74e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
110363ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d4 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
110463ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
110563ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
110663ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
110763ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
110863ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
110963ec.74e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
111063ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d0 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
111163ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
111263ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
111363ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
111463ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
111563ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
111663ec.74e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
111763ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001bc pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
111863ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
111963ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
112063ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DE8C9B0409BB6DC8348383C722B4EC4291BB2193
112163ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3101746~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
112263ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
112363ec.74e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
112463ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a4 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
112563ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
112663ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
112763ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03916BC73EE5A0E312E3D3100D0ACE1B78E93BB1
112863ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3033889~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
112963ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
113063ec.74e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
113163ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a0 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
113263ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
113363ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
113463ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
113563ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
113663ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
113763ec.74e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
113863ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000019c pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
113963ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
114063ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
114163ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F1AA8340DE02FC1B6341EE2706E55D56EDF63B8
114263ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2957509~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
114363ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
114463ec.74e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
114563ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000198 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
114663ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
114763ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
114863ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FDBA63132AE4F561C5CFC5478222E40A2DAA2ACC
114963ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3087039~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
115063ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
115163ec.74e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
115263ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
115363ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
115463ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
115563ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EB178841F5FFC6B05E668168217B0AC222A62955
115663ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3069392~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
115763ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
115863ec.74e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
115963ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
116063ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
116163ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
116263ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FB05A6DD4AF9AC247D37C4B7BAFCCBD178A41E64
116363ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
116463ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000002b01dd0
116563ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
116663ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FB05A6DD4AF9AC247D37C4B7BAFCCBD178A41E64
116763ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
116863ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000002b023d0
116963ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b023d0
117063ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=7458187B83265348D287AC7AB34C0A5AD0EFDAA5040E43F37D2AC3DBEB747E20
117163ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
117263ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
117363ec.74e4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
117463ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
117563ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
117663ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
117763ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
117863ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
117963ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
118063ec.74e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
118163ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
118263ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
118363ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
118463ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DD41E47CDA7ECDD58265F0739B9BC23E0761082B
118563ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3101746~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
118663ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
118763ec.74e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
118863ec.74e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
118963ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000012c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
119063ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
119163ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
119263ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BA7AC4A7E8ADDFEA90AC951ECB6D6546E4873613
119363ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
119463ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
119563ec.74e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
119663ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
119763ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
119863ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
119963ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB669FA8DB80F8E50A29D055BB8D558E10E5E6B4
120063ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
120163ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
120263ec.74e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
120363ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
120463ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
120563ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
120663ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D58A667BECF67ECC76D4BEEDB96E9F1960013145
120763ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3080149~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
120863ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
120963ec.74e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
121063ec.74e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
121163ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
121263ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
121363ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
121463ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
121563ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
121663ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
121763ec.74e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
121863ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
121963ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
122063ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
122163ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
122263ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
122363ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
122463ec.74e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
122563ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
122663ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
122763ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
122863ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
122963ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
123063ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
123163ec.74e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
123263ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
123363ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
123463ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
123563ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=35EB15A32FF6A8320A28B76654C7C05F183C0649
123663ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3101746~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
123763ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
123863ec.74e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
123963ec.74e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
124063ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
124163ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
124263ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
124363ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D187E2BFBA7ED9D015FB710000144445CAD8B2DE
124463ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3101746~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
124563ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
124663ec.74e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
124763ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
124863ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
124963ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
125063ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3ABD4E7598BD11C4FA1AD66BF1B854BCC2A7C5DD
125163ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3101746~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
125263ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
125363ec.74e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
125463ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
125563ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002afa7c0:C:\Windows\system32 [calling]
125663ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf00000 'C:\Windows\system32\crypt32.dll'
125763ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
125863ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
125963ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0x4512680f2c75ba00 O=AO Kaspersky Lab, CN=Kaspersky Anti-Virus Personal Root Certificate
126063ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
126163ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0x1e147286a8b3ba00 C=LU, L=Luxembourg, O=Innova Co S.A.R.L., CN=Innova Co S.A.R.L. HTTPS Signing Certification Authority
126263ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
126363ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
126463ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
126563ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
126663ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
126763ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
126863ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
126963ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
127063ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
127163ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
127263ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
127363ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
127463ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
127563ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0x1591b8ac8dcabd00 C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign
127663ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
127763ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
127863ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
127963ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
128063ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
128163ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
128263ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
128363ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
128463ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
128563ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
128663ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
128763ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
128863ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
128963ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
129063ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0xc66d30927ebce400 C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority
129163ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
129263ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
129363ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
129463ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
129563ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
129663ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
129763ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
129863ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0x30669a4e82fa800 C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
129963ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
130063ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
130163ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
130263ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0x20b7075b3689b600 C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2
130363ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
130463ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
130563ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
130663ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
130763ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
130863ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
130963ec.74e4: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
131063ec.74e4: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=53
131163ec.74e4: SUPR3HardenedMain: Load Runtime...
131263ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
131363ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
131463ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
131563ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
131663ec.74e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
131763ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
131863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
131963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
132063ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
132163ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
132263ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
132363ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000440 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
132463ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
132563ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
132663ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
132763ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
132863ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
132963ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
133063ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
133163ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
133263ec.74e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
133363ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
133463ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
133563ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
133663ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
133763ec.74e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
133863ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
133963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
134063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
134163ec.74e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
134263ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
134363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
134463ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
134563ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
134663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
134763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
134863ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000043c pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
134963ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
135063ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
135163ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
135263ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
135363ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
135463ec.74e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
135563ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
135663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
135763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
135863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
135963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
136063ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
136163ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000009022e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
136263ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
136363ec.74e4: supR3HardenedDllNotificationCallback: load 000007feebf10000 LB 0x0051f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
136463ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
136563ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
136663ec.74e4: supR3HardenedDllNotificationCallback: load 000000006f9b0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
136763ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
136863ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
136963ec.74e4: supR3HardenedDllNotificationCallback: load 0000000071790000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
137063ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
137163ec.74e4: supR3HardenedDllNotificationCallback: load 000007fefd9a0000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
137263ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
137363ec.74e4: supR3HardenedDllNotificationCallback: load 000007fefeeb0000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
137463ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
137563ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
137663ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
137763ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
137863ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
137963ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
138063ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
138163ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
138263ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
138363ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
138463ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
138563ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
138663ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
138763ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
138863ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
138963ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
139063ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
139163ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
139263ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
139363ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
139463ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
139563ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
139663ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
139763ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
139863ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
139963ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
140063ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
140163ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
140263ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
140363ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
140463ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
140563ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
140663ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
140763ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
140863ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
140963ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
141063ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
141163ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
141263ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
141363ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
141463ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
141563ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
141663ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
141763ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
141863ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
141963ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000844270:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Skype\Phone\;C:\Program Files (x86)\OpenVPN\bin [calling]
142063ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
142163ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
142263ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
142363ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebf10000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
142463ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
142563ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e50d0:C:\Windows\system32 [calling]
142663ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce20000 'C:\Windows\system32\Wintrust.dll'
142763ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
142863ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008e50d0:C:\Windows\system32 [calling]
142963ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf00000 'C:\Windows\system32\crypt32.dll'
143063ec.74e4: SUPR3HardenedMain: Load TrustedMain...
143163ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
143263ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
143363ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
143463ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
143563ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
143663ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
143763ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
143863ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
143963ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
144063ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
144163ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
144263ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
144363ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
144463ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
144563ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
144663ec.74e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
144763ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
144863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
144963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
145063ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000488 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
145163ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
145263ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
145363ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
145463ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
145563ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
145663ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
145763ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
145863ec.74e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
145963ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
146063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
146163ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
146263ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000468 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
146363ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
146463ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
146563ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8A837B0D823EB506C6A4C447C1962174D27ED954
146663ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3020338~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
146763ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
146863ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
146963ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
147063ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
147163ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
147263ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
147363ec.74e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
147463ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
147563ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
147663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
147763ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000494 pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
147863ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
147963ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
148063ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E93C1851E5754D607F55581B4DE2A30B711C830
148163ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3072633~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
148263ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
148363ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
148463ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
148563ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
148663ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
148763ec.74e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
148863ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
148963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
149063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
149163ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a4 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
149263ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
149363ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
149463ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FB4A0D952E568C1E85DCE662F9A066FFB2E6CE84
149563ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3080446~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
149663ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
149763ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
149863ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
149963ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
150063ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
150163ec.74e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
150263ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
150363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
150463ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
150563ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
150663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
150763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
150863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
150963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
151063ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
151163ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
151263ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
151363ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
151463ec.74e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
151563ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
151663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
151763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
151863ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
151963ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
152063ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
152163ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
152263ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
152363ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
152463ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
152563ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
152663ec.74e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
152763ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
152863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
152963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
153063ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
153163ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
153263ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
153363ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
153463ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
153563ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
153663ec.74e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
153763ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
153863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
153963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
154063ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
154163ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
154263ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
154363ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
154463ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcp100.dll'.
154563ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
154663ec.74e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust
154763ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
154863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
154963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
155063ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
155163ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
155263ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
155363ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
155463ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
155563ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
155663ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
155763ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
155863ec.74e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) WinVerifyTrust
155963ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
156063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
156163ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
156263ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
156363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
156463ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
156563ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
156663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
156763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
156863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
156963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
157063ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c8 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
157163ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
157263ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
157363ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
157463ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
157563ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
157663ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
157763ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
157863ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
157963ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
158063ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
158163ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
158263ec.74e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
158363ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
158463ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
158563ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
158663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
158763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
158863ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004bc pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
158963ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
159063ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
159163ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
159263ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
159363ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
159463ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
159563ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
159663ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
159763ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
159863ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
159963ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
160063ec.74e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
160163ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
160263ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
160363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
160463ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c0 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
160563ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
160663ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
160763ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
160863ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
160963ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
161063ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
161163ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
161263ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
161363ec.74e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
161463ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
161563ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
161663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
161763ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
161863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
161963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
162063ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
162163ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
162263ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
162363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
162463ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
162563ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
162663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
162763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
162863ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
162963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
163063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
163163ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d8 pwszName=\Device\HarddiskVolume2\Windows\System32\mpr.dll
163263ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
163363ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
163463ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F84FE9BA047B24E7694C9E0C349B48B9FD5F925B
163563ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\mpr.dll'
163663ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
163763ec.74e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll) WinVerifyTrust
163863ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
163963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
164063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
164163ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
164263ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
164363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
164463ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
164563ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
164663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
164763ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
164863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
164963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
165063ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
165163ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
165263ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
165363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
165463ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
165563ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
165663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
165763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
165863ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
165963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
166063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
166163ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
166263ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
166363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
166463ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
166563ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
166663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
166763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
166863ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
166963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
167063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
167163ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
167263ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
167363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
167463ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
167563ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
167663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
167763ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
167863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
167963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
168063ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
168163ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
168263ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
168363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
168463ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
168563ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
168663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
168763ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
168863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
168963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
169063ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e4 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
169163ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
169263ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
169363ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
169463ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
169563ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
169663ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
169763ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
169863ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
169963ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
170063ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
170163ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
170263ec.74e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
170363ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
170463ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
170563ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
170663ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e8 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
170763ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
170863ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
170963ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
171063ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
171163ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
171263ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
171363ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
171463ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
171563ec.74e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust
171663ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
171763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
171863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
171963ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
172063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
172163ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
172263ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
172363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
172463ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
172563ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
172663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
172763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
172863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
172963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
173063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
173163ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
173263ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
173363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
173463ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
173563ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
173663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
173763ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
173863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
173963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
174063ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
174163ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
174263ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
174363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
174463ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
174563ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
174663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
174763ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
174863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
174963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
175063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
175163ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
175263ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
175363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
175463ec.74e4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\user32.dll
175563ec.74e4: Error (rc=0):
175663ec.74e4: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=16 \Device\HarddiskVolume2\Windows\System32\user32.dll
175763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
175863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
175963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
176063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
176163ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
176263ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
176363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
176463ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
176563ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
176663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
176763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
176863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
176963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
177063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
177163ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
177263ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
177363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
177463ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
177563ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
177663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
177763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
177863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
177963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
178063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
178163ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
178263ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
178363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
178463ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
178563ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
178663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
178763ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e0 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
178863ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
178963ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
179063ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
179163ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
179263ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
179363ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
179463ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
179563ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
179663ec.74e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
179763ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
179863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
179963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
180063ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
180163ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
180263ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
180363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
180463ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
180563ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
180663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
180763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
180863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
180963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
181063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
181163ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
181263ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
181363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
181463ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
181563ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
181663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
181763ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f8 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
181863ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
181963ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
182063ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3F3D4867E9140896E0742D7EE8AE1D01FE85ECE
182163ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3078667~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
182263ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
182363ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
182463ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
182563ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
182663ec.74e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
182763ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
182863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
182963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
183063ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d0 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
183163ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
183263ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
183363ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
183463ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
183563ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
183663ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
183763ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
183863ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
183963ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
184063ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
184163ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
184263ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
184363ec.74e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
184463ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
184563ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
184663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
184763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
184863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
184963ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000048c pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
185063ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
185163ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
185263ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=779E327CA47BE9830D08A18EEDE8A70C3A978A3B
185363ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3087039~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
185463ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
185563ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
185663ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
185763ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
185863ec.74e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
185963ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
186063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
186163ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
186263ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
186363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
186463ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
186563ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
186663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
186763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
186863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
186963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
187063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
187163ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
187263ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000504 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
187363ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
187463ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
187563ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
187663ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
187763ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
187863ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
187963ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
188063ec.74e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
188163ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
188263ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
188363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
188463ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
188563ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
188663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
188763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
188863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
188963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
189063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
189163ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
189263ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
189363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
189463ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
189563ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000508 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
189663ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
189763ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
189863ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
189963ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
190063ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
190163ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
190263ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
190363ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
190463ec.74e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) WinVerifyTrust
190563ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
190663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
190763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
190863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
190963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
191063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
191163ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
191263ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
191363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
191463ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
191563ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
191663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
191763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
191863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
191963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
192063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
192163ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
192263ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
192363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
192463ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
192563ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
192663ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
192763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
192863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
192963ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000009022e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
193063ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
193163ec.74e4: supR3HardenedDllNotificationCallback: load 000007fee1ba0000 LB 0x008e3000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
193263ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
193363ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
193463ec.74e4: supR3HardenedDllNotificationCallback: load 000007feed5e0000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
193563ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
193663ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
193763ec.74e4: supR3HardenedDllNotificationCallback: load 000007feef9b0000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
193863ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
193963ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
194063ec.74e4: supR3HardenedDllNotificationCallback: load 000007feefc00000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
194163ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
194263ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
194363ec.74e4: supR3HardenedDllNotificationCallback: load 000007fef4640000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
194463ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
194563ec.74e4: supR3HardenedDllNotificationCallback: load 000007fefd300000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
194663ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
194763ec.74e4: supR3HardenedDllNotificationCallback: load 000007fefcd90000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
194863ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
194963ec.74e4: supR3HardenedDllNotificationCallback: load 000007fefdae0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
195063ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
195163ec.74e4: supR3HardenedDllNotificationCallback: load 000007fefde00000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
195263ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
195363ec.74e4: supR3HardenedDllNotificationCallback: load 000007fefcdd0000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
195463ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
195563ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
195663ec.74e4: supR3HardenedDllNotificationCallback: load 000007fefaec0000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
195763ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
195863ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
195963ec.74e4: supR3HardenedDllNotificationCallback: load 0000000050bc0000 LB 0x00553000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
196063ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
196163ec.74e4: supR3HardenedDllNotificationCallback: load 000007fefe080000 LB 0x00d89000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
196263ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
196363ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
196463ec.74e4: supR3HardenedDllNotificationCallback: load 000007fef8b00000 LB 0x00018000 C:\Windows\system32\MPR.dll [fFlags=0x0]
196563ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
196663ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
196763ec.74e4: supR3HardenedDllNotificationCallback: load 000007fee15f0000 LB 0x005a1000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
196863ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
196963ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
197063ec.74e4: supR3HardenedDllNotificationCallback: load 0000000050670000 LB 0x0054f000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
197163ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
197263ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
197363ec.74e4: supR3HardenedDllNotificationCallback: load 000007feef0d0000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
197463ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
197563ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
197663ec.74e4: supR3HardenedDllNotificationCallback: load 000007fef9910000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
197763ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
197863ec.74e4: supR3HardenedDllNotificationCallback: load 000007feff1a0000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
197963ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
198063ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
198163ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
198263ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
198363ec.74e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
198463ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
198563ec.74e4: supR3HardenedDllNotificationCallback: load 000007fef9990000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
198663ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
198763ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
198863ec.74e4: supR3HardenedDllNotificationCallback: load 0000000071ef0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
198963ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
199063ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
199163ec.74e4: supR3HardenedDllNotificationCallback: load 000007fef9a40000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
199263ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
199363ec.74e4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
199463ec.74e4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
199563ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
199663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
199763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
199863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
199963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
200063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
200163ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
200263ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000902370:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
200363ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff170000 'C:\Windows\system32\imm32.dll'
200463ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeee0000 'C:\Windows\system32\ADVAPI32.DLL'
200563ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
200663ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
200763ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb70000 'C:\Windows\system32\cryptbase.dll'
200863ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ba0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
200963ec.74e4: SUPR3HardenedMain: Calling TrustedMain (000007fee1ba1610)...
201063ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
201163ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000009022e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
201263ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde00000 'C:\Windows\system32\ole32.dll'
201363ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeee0000 'C:\Windows\system32\ADVAPI32.dll'
201463ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
201563ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000009022e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
201663ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe080000 'C:\Windows\system32\shell32.dll'
201763ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
201863ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'imm32.dll'.
201963ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'winmm.dll'.
202063ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
202163ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
202263ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
202363ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
202463ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
202563ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
202663ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
202763ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
202863ec.74e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
202963ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
203063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
203163ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
203263ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
203363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
203463ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
203563ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
203663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
203763ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
203863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
203963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
204063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
204163ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
204263ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
204363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
204463ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
204563ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
204663ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
204763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
204863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
204963ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
205063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
205163ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
205263ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
205363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
205463ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
205563ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
205663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
205763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
205863ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
205963ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000009022e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
206063ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
206163ec.74e4: supR3HardenedDllNotificationCallback: load 000007feeda50000 LB 0x00127000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
206263ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
206363ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeda50000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
206463ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005a8 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
206563ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002b01dd0
206663ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002b01dd0
206763ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
206863ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
206963ec.74e4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
207063ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
207163ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
207263ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
207363ec.74e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
207463ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
207563ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
207663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
207763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
207863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
207963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
208063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
208163ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002b93010:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
208263ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
208363ec.74e4: supR3HardenedDllNotificationCallback: load 000007fefb2a0000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
208463ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
208563ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb2a0000 'C:\Windows\system32\uxtheme.dll'
208663ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
208763ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002b93010:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
208863ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb2a0000 'C:\Windows\system32\uxtheme.dll'
208963ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
209063ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002b93d20:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
209163ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb2a0000 'C:\Windows\system32\uxtheme.dll'
209263ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
209363ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002b93d20:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
209463ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb2a0000 'C:\Windows\system32\uxtheme.dll'
209563ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
209663ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000009022e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
209763ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb70000 'C:\Windows\system32\CRYPTBASE.dll'
209863ec.74e4: \Device\HarddiskVolume2\Program Files (x86)\Yandex\Punto Switcher\pshook64.dll: Owner is administrators group.
209963ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'shlwapi.dll'.
210063ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'imagehlp.dll'.
210163ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
210263ec.74e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
210363ec.74e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files (x86)\Yandex\Punto Switcher\pshook64.dll) WinVerifyTrust
210463ec.74e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files (x86)\Yandex\Punto Switcher\pshook64.dll
210563ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
210663ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
210763ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
210863ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
210963ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imagehlp.dll'...
211063ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imagehlp.dll' -> '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll' [rcNtRedir=0xc0150008]
211163ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
211263ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
211363ec.74e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
211463ec.74e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
211563ec.74e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\Yandex\Punto Switcher\PSHook64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002b87c00:C:\Program Files (x86)\Yandex\Punto Switcher;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
211663ec.74e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\Yandex\Punto Switcher\pshook64.dll
211763ec.74e4: supR3HardenedDllNotificationCallback: load 000007fefa1e0000 LB 0x0000a000 C:\Program Files (x86)\Yandex\Punto Switcher\PSHook64.dll [fFlags=0x0]
211863ec.74e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\Yandex\Punto Switcher\pshook64.dll
211963ec.74e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1e0000 'C:\Program Files (x86)\Yandex\Punto Switcher\PSHook64.dll'
2120e9bc.c8f8: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 883 ms, the end);
2121db4c.1664: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1499 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy