VirtualBox

Ticket #16308: CentOS-6.7-x86_64-for-NMS_10G-2016-12-20-17-31-13.log

File CentOS-6.7-x86_64-for-NMS_10G-2016-12-20-17-31-13.log, 373.6 KB (added by BORISKINA OLGA, 8 years ago)
Line 
11a54.59c: Log file opened: 5.1.11r112433 g_hStartupLog=0000000000000024 g_uNtVerCombined=0x611db110
21a54.59c: \SystemRoot\System32\ntdll.dll:
31a54.59c: CreationTime: 2015-07-06T13:10:11.952484600Z
41a54.59c: LastWriteTime: 2015-03-17T05:19:37.641771700Z
51a54.59c: ChangeTime: 2015-07-08T11:57:06.272843500Z
61a54.59c: FileAttributes: 0x20
71a54.59c: Size: 0x1a5da0
81a54.59c: NT Headers: 0xe0
91a54.59c: Timestamp: 0x5507b864
101a54.59c: Machine: 0x8664 - amd64
111a54.59c: Timestamp: 0x5507b864
121a54.59c: Image Version: 6.1
131a54.59c: SizeOfImage: 0x1a8000 (1736704)
141a54.59c: Resource Dir: 0x14c000 LB 0x5a028
151a54.59c: ProductName: Microsoft® Windows® Operating System
161a54.59c: ProductVersion: 6.1.7601.18798
171a54.59c: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
181a54.59c: FileDescription: NT Layer DLL
191a54.59c: \SystemRoot\System32\kernel32.dll:
201a54.59c: CreationTime: 2015-07-06T13:10:11.874483600Z
211a54.59c: LastWriteTime: 2015-03-17T05:16:34.921000000Z
221a54.59c: ChangeTime: 2015-07-08T11:57:09.080848400Z
231a54.59c: FileAttributes: 0x20
241a54.59c: Size: 0x11c000
251a54.59c: NT Headers: 0xe8
261a54.59c: Timestamp: 0x5507b879
271a54.59c: Machine: 0x8664 - amd64
281a54.59c: Timestamp: 0x5507b879
291a54.59c: Image Version: 6.1
301a54.59c: SizeOfImage: 0x11f000 (1175552)
311a54.59c: Resource Dir: 0x116000 LB 0x528
321a54.59c: ProductName: Microsoft® Windows® Operating System
331a54.59c: ProductVersion: 6.1.7601.18798
341a54.59c: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
351a54.59c: FileDescription: Windows NT BASE API Client DLL
361a54.59c: \SystemRoot\System32\KernelBase.dll:
371a54.59c: CreationTime: 2015-07-06T13:10:13.028898400Z
381a54.59c: LastWriteTime: 2015-03-17T05:16:34.921000000Z
391a54.59c: ChangeTime: 2015-07-08T11:57:09.080848400Z
401a54.59c: FileAttributes: 0x20
411a54.59c: Size: 0x67a00
421a54.59c: NT Headers: 0xe8
431a54.59c: Timestamp: 0x5507b87a
441a54.59c: Machine: 0x8664 - amd64
451a54.59c: Timestamp: 0x5507b87a
461a54.59c: Image Version: 6.1
471a54.59c: SizeOfImage: 0x6c000 (442368)
481a54.59c: Resource Dir: 0x6a000 LB 0x530
491a54.59c: ProductName: Microsoft® Windows® Operating System
501a54.59c: ProductVersion: 6.1.7601.18798
511a54.59c: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
521a54.59c: FileDescription: Windows NT BASE API Client DLL
531a54.59c: \SystemRoot\System32\apisetschema.dll:
541a54.59c: CreationTime: 2015-07-06T13:10:14.292514600Z
551a54.59c: LastWriteTime: 2015-03-17T05:11:07.952000000Z
561a54.59c: ChangeTime: 2015-07-08T11:57:06.054443100Z
571a54.59c: FileAttributes: 0x20
581a54.59c: Size: 0x1a00
591a54.59c: NT Headers: 0xc0
601a54.59c: Timestamp: 0x5507b7b1
611a54.59c: Machine: 0x8664 - amd64
621a54.59c: Timestamp: 0x5507b7b1
631a54.59c: Image Version: 6.1
641a54.59c: SizeOfImage: 0x50000 (327680)
651a54.59c: Resource Dir: 0x30000 LB 0x3f8
661a54.59c: ProductName: Microsoft® Windows® Operating System
671a54.59c: ProductVersion: 6.1.7601.18798
681a54.59c: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
691a54.59c: FileDescription: ApiSet Schema DLL
701a54.59c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
711a54.59c: supR3HardenedWinFindAdversaries: 0x3
721a54.59c: \SystemRoot\System32\drivers\SysPlant.sys:
731a54.59c: CreationTime: 2015-05-27T10:15:58.142318400Z
741a54.59c: LastWriteTime: 2015-09-29T01:49:17.062434300Z
751a54.59c: ChangeTime: 2015-09-29T01:49:17.062434300Z
761a54.59c: FileAttributes: 0x20
771a54.59c: Size: 0x29170
781a54.59c: NT Headers: 0xf0
791a54.59c: Timestamp: 0x55ba08b1
801a54.59c: Machine: 0x8664 - amd64
811a54.59c: Timestamp: 0x55ba08b1
821a54.59c: Image Version: 5.0
831a54.59c: SizeOfImage: 0x2f000 (192512)
841a54.59c: Resource Dir: 0x2d000 LB 0x498
851a54.59c: ProductName: Symantec CMC Firewall
861a54.59c: ProductVersion: 12.1.6318.6100
871a54.59c: FileVersion: 12.1.6318.6100
881a54.59c: FileDescription: Symantec CMC Firewall SysPlant
891a54.59c: \SystemRoot\System32\sysfer.dll:
901a54.59c: CreationTime: 2015-05-27T10:15:58.126715200Z
911a54.59c: LastWriteTime: 2015-09-29T01:49:17.046834300Z
921a54.59c: ChangeTime: 2015-09-29T01:49:17.046834300Z
931a54.59c: FileAttributes: 0x20
941a54.59c: Size: 0x72038
951a54.59c: NT Headers: 0xe8
961a54.59c: Timestamp: 0x55ba08bc
971a54.59c: Machine: 0x8664 - amd64
981a54.59c: Timestamp: 0x55ba08bc
991a54.59c: Image Version: 0.0
1001a54.59c: SizeOfImage: 0x89000 (561152)
1011a54.59c: Resource Dir: 0x87000 LB 0x630
1021a54.59c: ProductName: Symantec CMC Firewall
1031a54.59c: ProductVersion: 12.1.6318.6100
1041a54.59c: FileVersion: 12.1.6318.6100
1051a54.59c: FileDescription: Symantec CMC Firewall sysfer
1061a54.59c: \SystemRoot\System32\drivers\symevent64x86.sys:
1071a54.59c: CreationTime: 2015-05-27T10:17:09.456737600Z
1081a54.59c: LastWriteTime: 2015-09-28T20:23:10.725559400Z
1091a54.59c: ChangeTime: 2015-09-28T20:23:10.725559400Z
1101a54.59c: FileAttributes: 0x20
1111a54.59c: Size: 0x2b8d8
1121a54.59c: NT Headers: 0xe8
1131a54.59c: Timestamp: 0x54b87d44
1141a54.59c: Machine: 0x8664 - amd64
1151a54.59c: Timestamp: 0x54b87d44
1161a54.59c: Image Version: 6.0
1171a54.59c: SizeOfImage: 0x38000 (229376)
1181a54.59c: Resource Dir: 0x36000 LB 0x3c8
1191a54.59c: ProductName: SYMEVENT
1201a54.59c: ProductVersion: 12.9.6.12
1211a54.59c: FileVersion: 12.9.6.12
1221a54.59c: FileDescription: Symantec Event Library
1231a54.59c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1241a54.59c: Calling main()
1251a54.59c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
1261a54.59c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1271a54.59c: SUPR3HardenedMain: Respawn #1
1281a54.59c: System32: \Device\HarddiskVolume2\Windows\System32
1291a54.59c: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
1301a54.59c: KnownDllPath: C:\Windows\system32
1311a54.59c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1321a54.59c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1331a54.59c: supR3HardNtEnableThreadCreation:
1341a54.59c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077c4b690 pvNtTerminateThread=0000000077c6e100
1351a54.59c: supR3HardenedWinDoReSpawn(1): New child 1738.21fc [kernel32].
1361a54.59c: supR3HardNtChildGatherData: PebBaseAddress=000007fffffde000 cbPeb=0x380
1371a54.59c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077c20000 uNtDllChildAddr=0000000077c20000
1381a54.59c: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077c4b690
1391a54.59c: supR3HardenedWinSetupChildInit: Start child.
1401a54.59c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 12 ms.
1411a54.59c: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
1421a54.59c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1431a54.59c: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
1441a54.59c: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
1451a54.59c: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
1461a54.59c: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
1471a54.59c: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
1481a54.59c: 0000000000041000-ffffffffffec1fff 0x0001/0x0000 0x0000000
1491a54.59c: *00000000001c0000-00000000000c3fff 0x0000/0x0004 0x0020000
1501a54.59c: 00000000002bc000-00000000002b9fff 0x0104/0x0004 0x0020000
1511a54.59c: 00000000002be000-00000000002bbfff 0x0004/0x0004 0x0020000
1521a54.59c: 00000000002c0000-ffffffff8895ffff 0x0001/0x0000 0x0000000
1531a54.59c: *0000000077c20000-0000000077c20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1541a54.59c: 0000000077c21000-0000000077d1dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1551a54.59c: 0000000077d1e000-0000000077d4cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1561a54.59c: 0000000077d4d000-0000000077d54fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1571a54.59c: 0000000077d55000-0000000077d55fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1581a54.59c: 0000000077d56000-0000000077d58fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1591a54.59c: 0000000077d59000-0000000077dc7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1601a54.59c: 0000000077dc8000-0000000070baffff 0x0001/0x0000 0x0000000
1611a54.59c: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
1621a54.59c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
1631a54.59c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
1641a54.59c: 000000007fff0000-ffffffffc031ffff 0x0001/0x0000 0x0000000
1651a54.59c: *000000013fcc0000-000000013fcc0fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1661a54.59c: 000000013fcc1000-000000013fd2ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1671a54.59c: 000000013fd30000-000000013fd30fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1681a54.59c: 000000013fd31000-000000013fd75fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1691a54.59c: 000000013fd76000-000000013fd76fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1701a54.59c: 000000013fd77000-000000013fd77fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1711a54.59c: 000000013fd78000-000000013fd7cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1721a54.59c: 000000013fd7d000-000000013fd7dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1731a54.59c: 000000013fd7e000-000000013fd7efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1741a54.59c: 000000013fd7f000-000000013fd82fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1751a54.59c: 000000013fd83000-000000013fdcafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1761a54.59c: 000000013fdcb000-000000013fdc5fff 0x0001/0x0000 0x0000000
1771a54.59c: *000000013fdd0000-000000013fdcefff 0x0040/0x0040 0x0020000 !!
1781a54.59c: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 000000013fdd0000 (LB 0x1000, 000000013fdd0000 LB 0x1000)
1791a54.59c: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [000000013fdd0000/000000013fdd0000 LB 0/0x1000]
1801a54.59c: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/000000013fdd0000 LB 0x7fdc0170000 s=0x10000 ap=0x0 rp=0x00000000000001
1811a54.59c: 000000013fdd1000-fffff8037fc61fff 0x0001/0x0000 0x0000000
1821a54.59c: *000007fefff40000-000007fefff40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
1831a54.59c: 000007fefff41000-000007fdffed1fff 0x0001/0x0000 0x0000000
1841a54.59c: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
1851a54.59c: 000007fffffd3000-000007fffffc9fff 0x0001/0x0000 0x0000000
1861a54.59c: *000007fffffdc000-000007fffffd9fff 0x0004/0x0004 0x0020000
1871a54.59c: *000007fffffde000-000007fffffdcfff 0x0004/0x0004 0x0020000
1881a54.59c: 000007fffffdf000-000007fffffddfff 0x0001/0x0000 0x0000000
1891a54.59c: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
1901a54.59c: apisetschema.dll: timestamp 0x5507b7b1 (rc=VINF_SUCCESS)
1911a54.59c: VirtualBox.exe: timestamp 0x585802aa (rc=VINF_SUCCESS)
1921a54.59c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1931a54.59c: VirtualBox.exe: Differences in section #0 (headers) between file and memory:
1941a54.59c: 000000013fcc0172 / 0x0000172: 00 != 11
1951a54.59c: 000000013fcc0174 / 0x0000174: 00 != 14
1961a54.59c: Restored 0x400 bytes of original file content at 000000013fcc0000
1971a54.59c: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
1981a54.59c: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
1991a54.59c: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x3 cPatchCount=0
2001a54.59c: supR3HardNtChildPurify: Startup delay kludge #1/1: 513 ms, 64 sleeps
2011a54.59c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2021a54.59c: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
2031a54.59c: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
2041a54.59c: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
2051a54.59c: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
2061a54.59c: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
2071a54.59c: 0000000000041000-ffffffffffec1fff 0x0001/0x0000 0x0000000
2081a54.59c: *00000000001c0000-00000000000c3fff 0x0000/0x0004 0x0020000
2091a54.59c: 00000000002bc000-00000000002b9fff 0x0104/0x0004 0x0020000
2101a54.59c: 00000000002be000-00000000002bbfff 0x0004/0x0004 0x0020000
2111a54.59c: 00000000002c0000-ffffffff8895ffff 0x0001/0x0000 0x0000000
2121a54.59c: *0000000077c20000-0000000077c20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2131a54.59c: 0000000077c21000-0000000077d1dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2141a54.59c: 0000000077d1e000-0000000077d4cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2151a54.59c: 0000000077d4d000-0000000077d54fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2161a54.59c: 0000000077d55000-0000000077d55fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2171a54.59c: 0000000077d56000-0000000077d56fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2181a54.59c: 0000000077d57000-0000000077d58fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2191a54.59c: 0000000077d59000-0000000077dc7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2201a54.59c: 0000000077dc8000-0000000070baffff 0x0001/0x0000 0x0000000
2211a54.59c: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
2221a54.59c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
2231a54.59c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
2241a54.59c: 000000007fff0000-ffffffffc031ffff 0x0001/0x0000 0x0000000
2251a54.59c: *000000013fcc0000-000000013fcc0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2261a54.59c: 000000013fcc1000-000000013fd2ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2271a54.59c: 000000013fd30000-000000013fd30fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2281a54.59c: 000000013fd31000-000000013fd75fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2291a54.59c: 000000013fd76000-000000013fd82fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2301a54.59c: 000000013fd83000-000000013fdcafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2311a54.59c: 000000013fdcb000-fffff8037fc55fff 0x0001/0x0000 0x0000000
2321a54.59c: *000007fefff40000-000007fefff40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
2331a54.59c: 000007fefff41000-000007fdffed1fff 0x0001/0x0000 0x0000000
2341a54.59c: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
2351a54.59c: 000007fffffd3000-000007fffffc9fff 0x0001/0x0000 0x0000000
2361a54.59c: *000007fffffdc000-000007fffffd9fff 0x0004/0x0004 0x0020000
2371a54.59c: *000007fffffde000-000007fffffdcfff 0x0004/0x0004 0x0020000
2381a54.59c: 000007fffffdf000-000007fffffddfff 0x0001/0x0000 0x0000000
2391a54.59c: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
2401a54.59c: supR3HardNtChildPurify: Done after 1076 ms and 2 fixes (loop #1).
2411a54.59c: supR3HardNtEnableThreadCreation:
2421738.21fc: Log file opened: 5.1.11r112433 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
2431738.21fc: supR3HardenedVmProcessInit: uNtDllAddr=0000000077c20000 g_uNtVerCombined=0x611db100
2441738.21fc: ntdll.dll: timestamp 0x5507b864 (rc=VINF_SUCCESS)
2451738.21fc: New simple heap: #1 00000000002c0000 LB 0x400000 (for 1736704 allocation)
2461738.21fc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2471738.21fc: System32: \Device\HarddiskVolume2\Windows\System32
2481738.21fc: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
2491738.21fc: KnownDllPath: C:\Windows\system32
2501738.21fc: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2511738.21fc: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2521738.21fc: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2531738.21fc: Registered Dll notification callback with NTDLL.
2541738.21fc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
2551738.21fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2561738.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
2571738.21fc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2581738.21fc: supR3HardenedDllNotificationCallback: load 0000000077a00000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
2591738.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2601738.21fc: supR3HardenedDllNotificationCallback: load 000007fefdc40000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
2611738.21fc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
2621738.21fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2631738.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077a00000 'C:\Windows\system32\kernel32.dll'
2641738.21fc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077c4b690 pvNtTerminateThread=0000000077c6e100
2651a54.59c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 27 ms.
2661738.21fc: \SystemRoot\System32\ntdll.dll:
2671738.21fc: CreationTime: 2015-07-06T13:10:11.952484600Z
2681738.21fc: LastWriteTime: 2015-03-17T05:19:37.641771700Z
2691738.21fc: ChangeTime: 2015-07-08T11:57:06.272843500Z
2701738.21fc: FileAttributes: 0x20
2711738.21fc: Size: 0x1a5da0
2721738.21fc: NT Headers: 0xe0
2731738.21fc: Timestamp: 0x5507b864
2741738.21fc: Machine: 0x8664 - amd64
2751738.21fc: Timestamp: 0x5507b864
2761738.21fc: Image Version: 6.1
2771738.21fc: SizeOfImage: 0x1a8000 (1736704)
2781738.21fc: Resource Dir: 0x14c000 LB 0x5a028
2791738.21fc: ProductName: Microsoft® Windows® Operating System
2801738.21fc: ProductVersion: 6.1.7601.18798
2811738.21fc: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
2821738.21fc: FileDescription: NT Layer DLL
2831738.21fc: \SystemRoot\System32\kernel32.dll:
2841738.21fc: CreationTime: 2015-07-06T13:10:11.874483600Z
2851738.21fc: LastWriteTime: 2015-03-17T05:16:34.921000000Z
2861738.21fc: ChangeTime: 2015-07-08T11:57:09.080848400Z
2871738.21fc: FileAttributes: 0x20
2881738.21fc: Size: 0x11c000
2891738.21fc: NT Headers: 0xe8
2901738.21fc: Timestamp: 0x5507b879
2911738.21fc: Machine: 0x8664 - amd64
2921738.21fc: Timestamp: 0x5507b879
2931738.21fc: Image Version: 6.1
2941738.21fc: SizeOfImage: 0x11f000 (1175552)
2951738.21fc: Resource Dir: 0x116000 LB 0x528
2961738.21fc: ProductName: Microsoft® Windows® Operating System
2971738.21fc: ProductVersion: 6.1.7601.18798
2981738.21fc: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
2991738.21fc: FileDescription: Windows NT BASE API Client DLL
3001738.21fc: \SystemRoot\System32\KernelBase.dll:
3011738.21fc: CreationTime: 2015-07-06T13:10:13.028898400Z
3021738.21fc: LastWriteTime: 2015-03-17T05:16:34.921000000Z
3031738.21fc: ChangeTime: 2015-07-08T11:57:09.080848400Z
3041738.21fc: FileAttributes: 0x20
3051738.21fc: Size: 0x67a00
3061738.21fc: NT Headers: 0xe8
3071738.21fc: Timestamp: 0x5507b87a
3081738.21fc: Machine: 0x8664 - amd64
3091738.21fc: Timestamp: 0x5507b87a
3101738.21fc: Image Version: 6.1
3111738.21fc: SizeOfImage: 0x6c000 (442368)
3121738.21fc: Resource Dir: 0x6a000 LB 0x530
3131738.21fc: ProductName: Microsoft® Windows® Operating System
3141738.21fc: ProductVersion: 6.1.7601.18798
3151738.21fc: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
3161738.21fc: FileDescription: Windows NT BASE API Client DLL
3171738.21fc: \SystemRoot\System32\apisetschema.dll:
3181738.21fc: CreationTime: 2015-07-06T13:10:14.292514600Z
3191738.21fc: LastWriteTime: 2015-03-17T05:11:07.952000000Z
3201738.21fc: ChangeTime: 2015-07-08T11:57:06.054443100Z
3211738.21fc: FileAttributes: 0x20
3221738.21fc: Size: 0x1a00
3231738.21fc: NT Headers: 0xc0
3241738.21fc: Timestamp: 0x5507b7b1
3251738.21fc: Machine: 0x8664 - amd64
3261738.21fc: Timestamp: 0x5507b7b1
3271738.21fc: Image Version: 6.1
3281738.21fc: SizeOfImage: 0x50000 (327680)
3291738.21fc: Resource Dir: 0x30000 LB 0x3f8
3301738.21fc: ProductName: Microsoft® Windows® Operating System
3311738.21fc: ProductVersion: 6.1.7601.18798
3321738.21fc: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
3331738.21fc: FileDescription: ApiSet Schema DLL
3341738.21fc: NtOpenDirectoryObject failed on \Driver: 0xc0000022
3351738.21fc: supR3HardenedWinFindAdversaries: 0x3
3361738.21fc: \SystemRoot\System32\drivers\SysPlant.sys:
3371738.21fc: CreationTime: 2015-05-27T10:15:58.142318400Z
3381738.21fc: LastWriteTime: 2015-09-29T01:49:17.062434300Z
3391738.21fc: ChangeTime: 2015-09-29T01:49:17.062434300Z
3401738.21fc: FileAttributes: 0x20
3411738.21fc: Size: 0x29170
3421738.21fc: NT Headers: 0xf0
3431738.21fc: Timestamp: 0x55ba08b1
3441738.21fc: Machine: 0x8664 - amd64
3451738.21fc: Timestamp: 0x55ba08b1
3461738.21fc: Image Version: 5.0
3471738.21fc: SizeOfImage: 0x2f000 (192512)
3481738.21fc: Resource Dir: 0x2d000 LB 0x498
3491738.21fc: ProductName: Symantec CMC Firewall
3501738.21fc: ProductVersion: 12.1.6318.6100
3511738.21fc: FileVersion: 12.1.6318.6100
3521738.21fc: FileDescription: Symantec CMC Firewall SysPlant
3531738.21fc: \SystemRoot\System32\sysfer.dll:
3541738.21fc: CreationTime: 2015-05-27T10:15:58.126715200Z
3551738.21fc: LastWriteTime: 2015-09-29T01:49:17.046834300Z
3561738.21fc: ChangeTime: 2015-09-29T01:49:17.046834300Z
3571738.21fc: FileAttributes: 0x20
3581738.21fc: Size: 0x72038
3591738.21fc: NT Headers: 0xe8
3601738.21fc: Timestamp: 0x55ba08bc
3611738.21fc: Machine: 0x8664 - amd64
3621738.21fc: Timestamp: 0x55ba08bc
3631738.21fc: Image Version: 0.0
3641738.21fc: SizeOfImage: 0x89000 (561152)
3651738.21fc: Resource Dir: 0x87000 LB 0x630
3661738.21fc: ProductName: Symantec CMC Firewall
3671738.21fc: ProductVersion: 12.1.6318.6100
3681738.21fc: FileVersion: 12.1.6318.6100
3691738.21fc: FileDescription: Symantec CMC Firewall sysfer
3701738.21fc: \SystemRoot\System32\drivers\symevent64x86.sys:
3711738.21fc: CreationTime: 2015-05-27T10:17:09.456737600Z
3721738.21fc: LastWriteTime: 2015-09-28T20:23:10.725559400Z
3731738.21fc: ChangeTime: 2015-09-28T20:23:10.725559400Z
3741738.21fc: FileAttributes: 0x20
3751738.21fc: Size: 0x2b8d8
3761738.21fc: NT Headers: 0xe8
3771738.21fc: Timestamp: 0x54b87d44
3781738.21fc: Machine: 0x8664 - amd64
3791738.21fc: Timestamp: 0x54b87d44
3801738.21fc: Image Version: 6.0
3811738.21fc: SizeOfImage: 0x38000 (229376)
3821738.21fc: Resource Dir: 0x36000 LB 0x3c8
3831738.21fc: ProductName: SYMEVENT
3841738.21fc: ProductVersion: 12.9.6.12
3851738.21fc: FileVersion: 12.9.6.12
3861738.21fc: FileDescription: Symantec Event Library
3871738.21fc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3881738.21fc: Calling main()
3891738.21fc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
3901738.21fc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3911738.21fc: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3921738.21fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
3931738.21fc: SUPR3HardenedMain: Respawn #2
3941738.21fc: supR3HardNtEnableThreadCreation:
3951738.21fc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
3961738.21fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
3971738.21fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
3981738.21fc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
3991738.21fc: supR3HardenedDllNotificationCallback: load 000007fefd7e0000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
4001738.21fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
4011738.21fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7e0000 'C:\Windows\system32\apphelp.dll'
4021738.21fc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077c4b690 pvNtTerminateThread=0000000077c6e100
4031738.21fc: supR3HardenedWinDoReSpawn(2): New child 213c.14d4 [kernel32].
4041738.21fc: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdc000 cbPeb=0x380
4051738.21fc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077c20000 uNtDllChildAddr=0000000077c20000
4061738.21fc: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077c4b690
4071738.21fc: supR3HardenedWinSetupChildInit: Start child.
4081738.21fc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 12 ms.
4091738.21fc: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
4101738.21fc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
4111738.21fc: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
4121738.21fc: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
4131738.21fc: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
4141738.21fc: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
4151738.21fc: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
4161738.21fc: 0000000000041000-fffffffffff91fff 0x0001/0x0000 0x0000000
4171738.21fc: *00000000000f0000-ffffffffffff3fff 0x0000/0x0004 0x0020000
4181738.21fc: 00000000001ec000-00000000001e9fff 0x0104/0x0004 0x0020000
4191738.21fc: 00000000001ee000-00000000001ebfff 0x0004/0x0004 0x0020000
4201738.21fc: 00000000001f0000-ffffffff887bffff 0x0001/0x0000 0x0000000
4211738.21fc: *0000000077c20000-0000000077c20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4221738.21fc: 0000000077c21000-0000000077d1dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4231738.21fc: 0000000077d1e000-0000000077d4cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4241738.21fc: 0000000077d4d000-0000000077d54fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4251738.21fc: 0000000077d55000-0000000077d55fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4261738.21fc: 0000000077d56000-0000000077d58fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4271738.21fc: 0000000077d59000-0000000077dc7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4281738.21fc: 0000000077dc8000-0000000070baffff 0x0001/0x0000 0x0000000
4291738.21fc: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
4301738.21fc: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
4311738.21fc: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
4321738.21fc: 000000007fff0000-ffffffffc031ffff 0x0001/0x0000 0x0000000
4331738.21fc: *000000013fcc0000-000000013fcc0fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4341738.21fc: 000000013fcc1000-000000013fd2ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4351738.21fc: 000000013fd30000-000000013fd30fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4361738.21fc: 000000013fd31000-000000013fd75fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4371738.21fc: 000000013fd76000-000000013fd76fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4381738.21fc: 000000013fd77000-000000013fd77fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4391738.21fc: 000000013fd78000-000000013fd7cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4401738.21fc: 000000013fd7d000-000000013fd7dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4411738.21fc: 000000013fd7e000-000000013fd7efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4421738.21fc: 000000013fd7f000-000000013fd82fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4431738.21fc: 000000013fd83000-000000013fdcafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4441738.21fc: 000000013fdcb000-000000013fdc5fff 0x0001/0x0000 0x0000000
4451738.21fc: *000000013fdd0000-000000013fdcefff 0x0040/0x0040 0x0020000 !!
4461738.21fc: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 000000013fdd0000 (LB 0x1000, 000000013fdd0000 LB 0x1000)
4471738.21fc: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [000000013fdd0000/000000013fdd0000 LB 0/0x1000]
4481738.21fc: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/000000013fdd0000 LB 0x7fdc0170000 s=0x10000 ap=0x0 rp=0x00000000000001
4491738.21fc: 000000013fdd1000-fffff8037fc61fff 0x0001/0x0000 0x0000000
4501738.21fc: *000007fefff40000-000007fefff40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
4511738.21fc: 000007fefff41000-000007fdffed1fff 0x0001/0x0000 0x0000000
4521738.21fc: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
4531738.21fc: 000007fffffd3000-000007fffffc9fff 0x0001/0x0000 0x0000000
4541738.21fc: *000007fffffdc000-000007fffffdafff 0x0004/0x0004 0x0020000
4551738.21fc: 000007fffffdd000-000007fffffdbfff 0x0001/0x0000 0x0000000
4561738.21fc: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
4571738.21fc: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
4581738.21fc: apisetschema.dll: timestamp 0x5507b7b1 (rc=VINF_SUCCESS)
4591738.21fc: VirtualBox.exe: timestamp 0x585802aa (rc=VINF_SUCCESS)
4601738.21fc: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4611738.21fc: VirtualBox.exe: Differences in section #0 (headers) between file and memory:
4621738.21fc: 000000013fcc0172 / 0x0000172: 00 != 11
4631738.21fc: 000000013fcc0174 / 0x0000174: 00 != 14
4641738.21fc: Restored 0x400 bytes of original file content at 000000013fcc0000
4651738.21fc: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
4661738.21fc: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
4671738.21fc: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x3 cPatchCount=0
4681738.21fc: supR3HardNtChildPurify: Startup delay kludge #1/1: 520 ms, 65 sleeps
4691738.21fc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
4701738.21fc: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
4711738.21fc: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
4721738.21fc: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
4731738.21fc: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
4741738.21fc: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
4751738.21fc: 0000000000041000-fffffffffff91fff 0x0001/0x0000 0x0000000
4761738.21fc: *00000000000f0000-ffffffffffff3fff 0x0000/0x0004 0x0020000
4771738.21fc: 00000000001ec000-00000000001e9fff 0x0104/0x0004 0x0020000
4781738.21fc: 00000000001ee000-00000000001ebfff 0x0004/0x0004 0x0020000
4791738.21fc: 00000000001f0000-ffffffff887bffff 0x0001/0x0000 0x0000000
4801738.21fc: *0000000077c20000-0000000077c20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4811738.21fc: 0000000077c21000-0000000077d1dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4821738.21fc: 0000000077d1e000-0000000077d4cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4831738.21fc: 0000000077d4d000-0000000077d54fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4841738.21fc: 0000000077d55000-0000000077d55fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4851738.21fc: 0000000077d56000-0000000077d56fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4861738.21fc: 0000000077d57000-0000000077d58fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4871738.21fc: 0000000077d59000-0000000077dc7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4881738.21fc: 0000000077dc8000-0000000070baffff 0x0001/0x0000 0x0000000
4891738.21fc: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
4901738.21fc: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
4911738.21fc: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
4921738.21fc: 000000007fff0000-ffffffffc031ffff 0x0001/0x0000 0x0000000
4931738.21fc: *000000013fcc0000-000000013fcc0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4941738.21fc: 000000013fcc1000-000000013fd2ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4951738.21fc: 000000013fd30000-000000013fd30fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4961738.21fc: 000000013fd31000-000000013fd75fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4971738.21fc: 000000013fd76000-000000013fd82fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4981738.21fc: 000000013fd83000-000000013fdcafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4991738.21fc: 000000013fdcb000-fffff8037fc55fff 0x0001/0x0000 0x0000000
5001738.21fc: *000007fefff40000-000007fefff40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
5011738.21fc: 000007fefff41000-000007fdffed1fff 0x0001/0x0000 0x0000000
5021738.21fc: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
5031738.21fc: 000007fffffd3000-000007fffffc9fff 0x0001/0x0000 0x0000000
5041738.21fc: *000007fffffdc000-000007fffffdafff 0x0004/0x0004 0x0020000
5051738.21fc: 000007fffffdd000-000007fffffdbfff 0x0001/0x0000 0x0000000
5061738.21fc: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
5071738.21fc: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
5081738.21fc: supR3HardNtChildPurify: Done after 1067 ms and 2 fixes (loop #1).
5091738.21fc: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002c0000 LB 0x400000)
5101738.21fc: supR3HardNtEnableThreadCreation:
511213c.14d4: Log file opened: 5.1.11r112433 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
512213c.14d4: supR3HardenedVmProcessInit: uNtDllAddr=0000000077c20000 g_uNtVerCombined=0x611db100
513213c.14d4: ntdll.dll: timestamp 0x5507b864 (rc=VINF_SUCCESS)
514213c.14d4: New simple heap: #1 00000000002f0000 LB 0x400000 (for 1736704 allocation)
515213c.14d4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
516213c.14d4: System32: \Device\HarddiskVolume2\Windows\System32
517213c.14d4: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
518213c.14d4: KnownDllPath: C:\Windows\system32
519213c.14d4: supR3HardenedVmProcessInit: Opening vboxdrv...
520213c.14d4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
521213c.14d4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
522213c.14d4: Registered Dll notification callback with NTDLL.
523213c.14d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
524213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
525213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
526213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
527213c.14d4: supR3HardenedDllNotificationCallback: load 0000000077a00000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
528213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
529213c.14d4: supR3HardenedDllNotificationCallback: load 000007fefdc40000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
530213c.14d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
531213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
532213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077a00000 'C:\Windows\system32\kernel32.dll'
533213c.14d4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077c4b690 pvNtTerminateThread=0000000077c6e100
5341738.21fc: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 39 ms.
535213c.14d4: \SystemRoot\System32\ntdll.dll:
536213c.14d4: CreationTime: 2015-07-06T13:10:11.952484600Z
537213c.14d4: LastWriteTime: 2015-03-17T05:19:37.641771700Z
538213c.14d4: ChangeTime: 2015-07-08T11:57:06.272843500Z
539213c.14d4: FileAttributes: 0x20
540213c.14d4: Size: 0x1a5da0
541213c.14d4: NT Headers: 0xe0
542213c.14d4: Timestamp: 0x5507b864
543213c.14d4: Machine: 0x8664 - amd64
544213c.14d4: Timestamp: 0x5507b864
545213c.14d4: Image Version: 6.1
546213c.14d4: SizeOfImage: 0x1a8000 (1736704)
547213c.14d4: Resource Dir: 0x14c000 LB 0x5a028
548213c.14d4: ProductName: Microsoft® Windows® Operating System
549213c.14d4: ProductVersion: 6.1.7601.18798
550213c.14d4: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
551213c.14d4: FileDescription: NT Layer DLL
552213c.14d4: \SystemRoot\System32\kernel32.dll:
553213c.14d4: CreationTime: 2015-07-06T13:10:11.874483600Z
554213c.14d4: LastWriteTime: 2015-03-17T05:16:34.921000000Z
555213c.14d4: ChangeTime: 2015-07-08T11:57:09.080848400Z
556213c.14d4: FileAttributes: 0x20
557213c.14d4: Size: 0x11c000
558213c.14d4: NT Headers: 0xe8
559213c.14d4: Timestamp: 0x5507b879
560213c.14d4: Machine: 0x8664 - amd64
561213c.14d4: Timestamp: 0x5507b879
562213c.14d4: Image Version: 6.1
563213c.14d4: SizeOfImage: 0x11f000 (1175552)
564213c.14d4: Resource Dir: 0x116000 LB 0x528
565213c.14d4: ProductName: Microsoft® Windows® Operating System
566213c.14d4: ProductVersion: 6.1.7601.18798
567213c.14d4: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
568213c.14d4: FileDescription: Windows NT BASE API Client DLL
569213c.14d4: \SystemRoot\System32\KernelBase.dll:
570213c.14d4: CreationTime: 2015-07-06T13:10:13.028898400Z
571213c.14d4: LastWriteTime: 2015-03-17T05:16:34.921000000Z
572213c.14d4: ChangeTime: 2015-07-08T11:57:09.080848400Z
573213c.14d4: FileAttributes: 0x20
574213c.14d4: Size: 0x67a00
575213c.14d4: NT Headers: 0xe8
576213c.14d4: Timestamp: 0x5507b87a
577213c.14d4: Machine: 0x8664 - amd64
578213c.14d4: Timestamp: 0x5507b87a
579213c.14d4: Image Version: 6.1
580213c.14d4: SizeOfImage: 0x6c000 (442368)
581213c.14d4: Resource Dir: 0x6a000 LB 0x530
582213c.14d4: ProductName: Microsoft® Windows® Operating System
583213c.14d4: ProductVersion: 6.1.7601.18798
584213c.14d4: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
585213c.14d4: FileDescription: Windows NT BASE API Client DLL
586213c.14d4: \SystemRoot\System32\apisetschema.dll:
587213c.14d4: CreationTime: 2015-07-06T13:10:14.292514600Z
588213c.14d4: LastWriteTime: 2015-03-17T05:11:07.952000000Z
589213c.14d4: ChangeTime: 2015-07-08T11:57:06.054443100Z
590213c.14d4: FileAttributes: 0x20
591213c.14d4: Size: 0x1a00
592213c.14d4: NT Headers: 0xc0
593213c.14d4: Timestamp: 0x5507b7b1
594213c.14d4: Machine: 0x8664 - amd64
595213c.14d4: Timestamp: 0x5507b7b1
596213c.14d4: Image Version: 6.1
597213c.14d4: SizeOfImage: 0x50000 (327680)
598213c.14d4: Resource Dir: 0x30000 LB 0x3f8
599213c.14d4: ProductName: Microsoft® Windows® Operating System
600213c.14d4: ProductVersion: 6.1.7601.18798
601213c.14d4: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
602213c.14d4: FileDescription: ApiSet Schema DLL
603213c.14d4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
604213c.14d4: supR3HardenedWinFindAdversaries: 0x3
605213c.14d4: \SystemRoot\System32\drivers\SysPlant.sys:
606213c.14d4: CreationTime: 2015-05-27T10:15:58.142318400Z
607213c.14d4: LastWriteTime: 2015-09-29T01:49:17.062434300Z
608213c.14d4: ChangeTime: 2015-09-29T01:49:17.062434300Z
609213c.14d4: FileAttributes: 0x20
610213c.14d4: Size: 0x29170
611213c.14d4: NT Headers: 0xf0
612213c.14d4: Timestamp: 0x55ba08b1
613213c.14d4: Machine: 0x8664 - amd64
614213c.14d4: Timestamp: 0x55ba08b1
615213c.14d4: Image Version: 5.0
616213c.14d4: SizeOfImage: 0x2f000 (192512)
617213c.14d4: Resource Dir: 0x2d000 LB 0x498
618213c.14d4: ProductName: Symantec CMC Firewall
619213c.14d4: ProductVersion: 12.1.6318.6100
620213c.14d4: FileVersion: 12.1.6318.6100
621213c.14d4: FileDescription: Symantec CMC Firewall SysPlant
622213c.14d4: \SystemRoot\System32\sysfer.dll:
623213c.14d4: CreationTime: 2015-05-27T10:15:58.126715200Z
624213c.14d4: LastWriteTime: 2015-09-29T01:49:17.046834300Z
625213c.14d4: ChangeTime: 2015-09-29T01:49:17.046834300Z
626213c.14d4: FileAttributes: 0x20
627213c.14d4: Size: 0x72038
628213c.14d4: NT Headers: 0xe8
629213c.14d4: Timestamp: 0x55ba08bc
630213c.14d4: Machine: 0x8664 - amd64
631213c.14d4: Timestamp: 0x55ba08bc
632213c.14d4: Image Version: 0.0
633213c.14d4: SizeOfImage: 0x89000 (561152)
634213c.14d4: Resource Dir: 0x87000 LB 0x630
635213c.14d4: ProductName: Symantec CMC Firewall
636213c.14d4: ProductVersion: 12.1.6318.6100
637213c.14d4: FileVersion: 12.1.6318.6100
638213c.14d4: FileDescription: Symantec CMC Firewall sysfer
639213c.14d4: \SystemRoot\System32\drivers\symevent64x86.sys:
640213c.14d4: CreationTime: 2015-05-27T10:17:09.456737600Z
641213c.14d4: LastWriteTime: 2015-09-28T20:23:10.725559400Z
642213c.14d4: ChangeTime: 2015-09-28T20:23:10.725559400Z
643213c.14d4: FileAttributes: 0x20
644213c.14d4: Size: 0x2b8d8
645213c.14d4: NT Headers: 0xe8
646213c.14d4: Timestamp: 0x54b87d44
647213c.14d4: Machine: 0x8664 - amd64
648213c.14d4: Timestamp: 0x54b87d44
649213c.14d4: Image Version: 6.0
650213c.14d4: SizeOfImage: 0x38000 (229376)
651213c.14d4: Resource Dir: 0x36000 LB 0x3c8
652213c.14d4: ProductName: SYMEVENT
653213c.14d4: ProductVersion: 12.9.6.12
654213c.14d4: FileVersion: 12.9.6.12
655213c.14d4: FileDescription: Symantec Event Library
656213c.14d4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
657213c.14d4: Calling main()
658213c.14d4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
659213c.14d4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
660213c.14d4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
661213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
662213c.14d4: SUPR3HardenedMain: Final process, opening VBoxDrv...
663213c.14d4: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002f0000 LB 0x400000)
664213c.14d4: supR3HardNtEnableThreadCreation:
665213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
666213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
667213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007a45d0:C:\Windows\system32 [calling]
668213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
669213c.14d4: supR3HardenedDllNotificationCallback: load 000007fefacc0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
670213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
671213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
672213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
673213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefacc0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
674213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
675213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
676213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefacc0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
677213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefacc0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
678213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
679213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
680213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
681213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
682213c.14d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
683213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
684213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
685213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
686213c.14d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
687213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
688213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
689213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
690213c.14d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
691213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
692213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
693213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
694213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
695213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
696213c.14d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
697213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
698213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
699213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
700213c.14d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
701213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
702213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
703213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
704213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
705213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
706213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
707213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
708213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007a45d0:C:\Windows\system32 [calling]
709213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
710213c.14d4: supR3HardenedDllNotificationCallback: load 000007fefdcc0000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
711213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
712213c.14d4: supR3HardenedDllNotificationCallback: load 000007feff9a0000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
713213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
714213c.14d4: supR3HardenedDllNotificationCallback: load 000007fefda90000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
715213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
716213c.14d4: supR3HardenedDllNotificationCallback: load 000007fefd9f0000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
717213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
718213c.14d4: supR3HardenedDllNotificationCallback: load 000007fefde10000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
719213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
720213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdcc0000 'C:\Windows\system32\Wintrust.dll'
721213c.14d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
722213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
723213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e9ad0:C:\Windows\system32 [calling]
724213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
725213c.14d4: supR3HardenedDllNotificationCallback: load 000007fefd330000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
726213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
727213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd330000 'C:\Windows\system32\bcrypt.dll'
728213c.14d4: bcrypt.dll loaded at 000007fefd330000, BCryptOpenAlgorithmProvider at 000007fefd332640, preloading providers:
729213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
730213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
731213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
732213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
733213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
734213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
735213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
736213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
737213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
738213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
739213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
740213c.14d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
741213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
742213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
743213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
744213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
745213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
746213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
747213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
748213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
749213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
750213c.14d4: supR3HardenedDllNotificationCallback: load 000007fefcdd0000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
751213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
752213c.14d4: supR3HardenedDllNotificationCallback: load 000007feff4f0000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
753213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
754213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
755213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
756213c.14d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
757213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
758213c.14d4: supR3HardenedDllNotificationCallback: load 000007feffc20000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
759213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
760213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcdd0000 'C:\Windows\system32\bcryptprimitives.dll'
761213c.14d4: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000007eb1b0)
762213c.14d4: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000007ee070)
763213c.14d4: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000007ee190)
764213c.14d4: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000007ee3a0)
765213c.14d4: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000007ee4c0)
766213c.14d4: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000007ee5e0)
767213c.14d4: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000007ee820)
768213c.14d4: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000007ee940)
769213c.14d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
770213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
771213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
772213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
773213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
774213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
775213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
776213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
777213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
778213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
779213c.14d4: supR3HardenedDllNotificationCallback: load 000007fefd1e0000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
780213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
781213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd1e0000 'C:\Windows\system32\CRYPTSP.dll'
782213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
783213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
784213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
785213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
786213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
787213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
788213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
789213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
790213c.14d4: supR3HardenedDllNotificationCallback: load 000007fefce90000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
791213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
792213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce90000 'C:\Windows\system32\rsaenh.dll'
793213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
794213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
795213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4f0000 'C:\Windows\system32\ADVAPI32.dll'
796213c.14d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
797213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
798213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
799213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
800213c.14d4: supR3HardenedDllNotificationCallback: load 000007fefd840000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
801213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
802213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd840000 'C:\Windows\system32\CRYPTBASE.dll'
803213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
804213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
805213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077a00000 'C:\Windows\system32\kernel32.dll'
806213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
807213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
808213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdcc0000 'C:\Windows\system32\WINTRUST.DLL'
809213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
810213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
811213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda90000 'C:\Windows\system32\CRYPT32.dll'
812213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
813213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
814213c.14d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
815213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
816213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
817213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
818213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
819213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
820213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
821213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
822213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
823213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
824213c.14d4: supR3HardenedDllNotificationCallback: load 000007fefdda0000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
825213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
826213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdda0000 'C:\Windows\system32\imagehlp.dll'
827213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
828213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
829213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd1e0000 'C:\Windows\system32\CRYPTSP.dll'
830213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
831213c.14d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
832213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
833213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
834213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
835213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
836213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
837213c.14d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
838213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
839213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
840213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
841213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
842213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
843213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
844213c.14d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
845213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
846213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
847213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
848213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
849213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
850213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
851213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
852213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
853213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
854213c.14d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
855213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
856213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
857213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
858213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
859213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
860213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
861213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
862213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
863213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
864213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
865213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
866213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
867213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
868213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
869213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
870213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
871213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
872213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
873213c.14d4: supR3HardenedDllNotificationCallback: load 0000000077b20000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
874213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
875213c.14d4: supR3HardenedDllNotificationCallback: load 000007feff230000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
876213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
877213c.14d4: supR3HardenedDllNotificationCallback: load 000007feff1a0000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
878213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
879213c.14d4: supR3HardenedDllNotificationCallback: load 000007feff8d0000 LB 0x000c9000 C:\Windows\system32\USP10.dll [fFlags=0x0]
880213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
881213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
882213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
883213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff230000 'C:\Windows\system32\gdi32.dll'
884213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
885213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
886213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
887213c.14d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
888213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
889213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
890213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
891213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
892213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
893213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
894213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
895213c.14d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
896213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
897213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
898213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
899213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
900213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
901213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
902213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
903213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
904213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
905213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
906213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
907213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
908213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
909213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
910213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
911213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
912213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
913213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
914213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
915213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
916213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
917213c.14d4: supR3HardenedDllNotificationCallback: load 000007feff5d0000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
918213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
919213c.14d4: supR3HardenedDllNotificationCallback: load 000007feffc40000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
920213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
921213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff5d0000 'C:\Windows\system32\IMM32.DLL'
922213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077b20000 'C:\Windows\system32\USER32.dll'
923213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
924213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
925213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
926213c.14d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
927213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
928213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
929213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
930213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
931213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
932213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
933213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
934213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
935213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
936213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
937213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
938213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
939213c.14d4: supR3HardenedDllNotificationCallback: load 000007fefd360000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
940213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
941213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd360000 'C:\Windows\system32\ncrypt.dll'
942213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
943213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
944213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd330000 'C:\Windows\system32\bcrypt.dll'
945213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
946213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
947213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
948213c.14d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
949213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
950213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
951213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
952213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
953213c.14d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
954213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
955213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
956213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
957213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
958213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
959213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
960213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
961213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
962213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
963213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
964213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
965213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
966213c.14d4: supR3HardenedDllNotificationCallback: load 000007fefdc20000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
967213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
968213c.14d4: supR3HardenedDllNotificationCallback: load 000007fefd9e0000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
969213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
970213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc20000 'C:\Windows\system32\USERENV.dll'
971213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
972213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffc20000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
973213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
974213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffc20000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
975213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
976213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
977213c.14d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
978213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
979213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
980213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
981213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
982213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
983213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
984213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
985213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
986213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
987213c.14d4: supR3HardenedDllNotificationCallback: load 000007fefcc80000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
988213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
989213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc80000 'C:\Windows\system32\GPAPI.dll'
990213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
991213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffc20000 'API-MS-WIN-Service-Management-L1-1-0.dll'
992213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
993213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
994213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde10000 'C:\Windows\system32\rpcrt4.dll'
995213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
996213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffc20000 'API-MS-WIN-Service-Management-L2-1-0.dll'
997213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
998213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffc20000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
999213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1000213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
1001213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
1002213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
1003213c.14d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
1004213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1005213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
1006213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
1007213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1008213c.14d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
1009213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
1010213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
1011213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
1012213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1013213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1014213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1015213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1016213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1017213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1018213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1019213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1020213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1021213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1022213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
1023213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1024213c.14d4: supR3HardenedDllNotificationCallback: load 000007fef9580000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
1025213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1026213c.14d4: supR3HardenedDllNotificationCallback: load 000007feffed0000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
1027213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
1028213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1029213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
1030213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9580000 'C:\Windows\system32\cryptnet.dll'
1031213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1032213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
1033213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9580000 'C:\Windows\system32\cryptnet.dll'
1034213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1035213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
1036213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9580000 'C:\Windows\system32\cryptnet.dll'
1037213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1038213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
1039213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9580000 'C:\Windows\system32\cryptnet.dll'
1040213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1041213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
1042213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9580000 'C:\Windows\system32\cryptnet.dll'
1043213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1044213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
1045213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9580000 'C:\Windows\system32\cryptnet.dll'
1046213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1047213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9580000 'C:\Windows\system32\cryptnet.dll'
1048213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1049213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9580000 'C:\Windows\system32\cryptnet.dll'
1050213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1051213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9580000 'C:\Windows\system32\cryptnet.dll'
1052213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1053213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9580000 'C:\Windows\system32\cryptnet.dll'
1054213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1055213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9580000 'C:\Windows\system32\cryptnet.dll'
1056213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9580000 'C:\Windows\system32\cryptnet.dll'
1057213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1058213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9580000 'C:\Windows\system32\cryptnet.dll'
1059213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
1060213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffc20000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1061213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
1062213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
1063213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9e0000 'C:\Windows\system32\profapi.dll'
1064213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1065213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1066213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
1067213c.14d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
1068213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1069213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1070213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1071213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1072213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1073213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1074213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1075213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1076213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1077213c.14d4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1078213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
1079213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1080213c.14d4: supR3HardenedDllNotificationCallback: load 000007fefed80000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
1081213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1082213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed80000 'C:\Windows\system32\SHLWAPI.dll'
1083213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
1084213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000895270
1085213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1086213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0CF27465443C34B4834B9578EF0D5E85CCDCA8FB
1087213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
1088213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffc20000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1089213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
1090213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffc20000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1091213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
1092213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffc20000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
1093213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1094213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
1095213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4f0000 'C:\Windows\system32\ADVAPI32.dll'
1096213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
1097213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffc20000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1098213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
1099213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffc20000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1100213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3045999~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\SystemRoot\System32\ntdll.dll'
1101213c.14d4: g_pfnWinVerifyTrust=000007fefdcc1010
1102213c.14d4: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
1103213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
1104213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1105213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1106213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B757256DD06374F77FF8DC61E1FEC0E93F3DF2F3
1107213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_192_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1108213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1109213c.14d4: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1110213c.14d4: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
1111213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
1112213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1113213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1114213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E9D66460DAFA96F2CF96829A002753DECB7ED7CF
1115213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1116213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1117213c.14d4: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1118213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000388 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1119213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1120213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1121213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
1122213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1123213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1124213c.14d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1125213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000380 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
1126213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1127213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1128213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
1129213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1130213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1131213c.14d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1132213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000037c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1133213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1134213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1135213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2545617940C2A353D1E2B307B3C55DF27B1EEBE9
1136213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1137213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1138213c.14d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1139213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000258 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
1140213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1141213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1142213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
1143213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1144213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1145213c.14d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1146213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c4 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
1147213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1148213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1149213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
1150213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1151213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1152213c.14d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1153213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c0 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
1154213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1155213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1156213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
1157213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1158213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1159213c.14d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1160213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001ac pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
1161213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1162213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1163213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=636F0B823F9188C3B9C300E2C7C366DBCCA6CBBA
1164213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_50_for_KB3061518~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1165213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1166213c.14d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1167213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
1168213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1169213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1170213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03916BC73EE5A0E312E3D3100D0ACE1B78E93BB1
1171213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3033889~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1172213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1173213c.14d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1174213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
1175213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1176213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1177213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
1178213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1179213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1180213c.14d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1181213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
1182213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1183213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1184213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F1AA8340DE02FC1B6341EE2706E55D56EDF63B8
1185213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2957509~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1186213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1187213c.14d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1188213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
1189213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1190213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1191213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A9BD2F77F6F16827206A18B4C9CB5FCFA62A60CF
1192213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3032323~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1193213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1194213c.14d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1195213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
1196213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1197213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1198213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1707E74860DCBF0241835EF4A1E7C39B40ED3ACA
1199213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3046306~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1200213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1201213c.14d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1202213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
1203213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1204213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1205213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B723D1B8AD72750B0CF5F6BEC66171B1254ED879
1206213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
1207213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1208213c.14d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
1209213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
1210213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1211213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1212213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
1213213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1214213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1215213c.14d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1216213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1217213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1218213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1219213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A965CC5DB13A5FB23BBB1B6B5FA6D400DC49462F
1220213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1221213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1222213c.14d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1223213c.14d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
1224213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000012c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
1225213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1226213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1227213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BA7AC4A7E8ADDFEA90AC951ECB6D6546E4873613
1228213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1229213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1230213c.14d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1231213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
1232213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1233213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1234213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323
1235213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1236213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1237213c.14d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1238213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
1239213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1240213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1241213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7C0A1C638CE7C1160F49C473EC1420BD3AB693C4
1242213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2882822~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1243213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1244213c.14d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1245213c.14d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
1246213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
1247213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1248213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1249213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
1250213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1251213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1252213c.14d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1253213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1254213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1255213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1256213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
1257213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1258213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1259213c.14d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1260213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
1261213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1262213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1263213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
1264213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1265213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1266213c.14d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1267213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1268213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1269213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1270213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03E871CFC4A3E7194619AFC99CEEA1EC75982D12
1271213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2978668~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1272213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1273213c.14d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1274213c.14d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1275213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1276213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1277213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1278213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2703E04E5F64FCA33765E53C5EB160799413C2FA
1279213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3045999~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1280213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1281213c.14d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1282213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
1283213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1284213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1285213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B39F531406FFFC9A8725E241096C684DBB516132
1286213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3045999~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1287213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1288213c.14d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1289213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1290213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000089e3e0:C:\Windows\system32 [calling]
1291213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda90000 'C:\Windows\system32\crypt32.dll'
1292213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1293213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1294213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1295213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1296213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1297213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1298213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1299213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1300213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
1301213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1302213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1303213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
1304213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
1305213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1306213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1307213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
1308213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1309213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
1310213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1311213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
1312213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1313213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1314213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1315213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1316213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
1317213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1318213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
1319213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
1320213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1321213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
1322213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1323213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
1324213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1325213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
1326213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
1327213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1328213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1329213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1330213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1331213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
1332213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1333213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
1334213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1335213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
1336213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
1337213c.14d4: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1338213c.14d4: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=46
1339213c.14d4: SUPR3HardenedMain: Load Runtime...
1340213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1341213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1342213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1343213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1344213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1345213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1346213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1347213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1348213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1349213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1350213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1351213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000428 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1352213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1353213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1354213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
1355213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
1356213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1357213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1358213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1359213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
1360213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
1361213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1362213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1363213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1364213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1365213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1366213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1367213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1368213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1369213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1370213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1371213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1372213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1373213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1374213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1375213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1376213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000043c pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
1377213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1378213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1379213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
1380213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
1381213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1382213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
1383213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
1384213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1385213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1386213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1387213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1388213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1389213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1390213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000838430:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1391213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1392213c.14d4: supR3HardenedDllNotificationCallback: load 000007fee7750000 LB 0x0052e000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1393213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1394213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1395213c.14d4: supR3HardenedDllNotificationCallback: load 000000005e770000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1396213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1397213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1398213c.14d4: supR3HardenedDllNotificationCallback: load 000000005e420000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1399213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1400213c.14d4: supR3HardenedDllNotificationCallback: load 000007fefddc0000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
1401213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1402213c.14d4: supR3HardenedDllNotificationCallback: load 000007fefdf40000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
1403213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
1404213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1405213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
1406213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1407213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1408213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
1409213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1410213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1411213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
1412213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1413213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1414213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
1415213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1416213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1417213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
1418213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1419213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1420213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
1421213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1422213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1423213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1424213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1425213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1426213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1427213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1428213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1429213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1430213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
1431213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1432213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1433213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1434213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1435213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1436213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1437213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1438213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1439213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1440213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1441213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1442213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1443213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1444213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1445213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1446213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1447213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1448213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007a4d90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SDKs\TypeScript\1.0\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Windows Kits\10\Windows Performance Toolkit\;C:\Program Files\Java\jdk1.7.0_80\bin;C:\Program Files (x86)\Skype\Phone\;C:\usr\bin [calling]
1449213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1450213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1451213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1452213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7750000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1453213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1454213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000891950:C:\Windows\system32 [calling]
1455213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdcc0000 'C:\Windows\system32\Wintrust.dll'
1456213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1457213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000891950:C:\Windows\system32 [calling]
1458213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda90000 'C:\Windows\system32\crypt32.dll'
1459213c.14d4: SUPR3HardenedMain: Load TrustedMain...
1460213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1461213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1462213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1463213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1464213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1465213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
1466213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
1467213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
1468213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
1469213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
1470213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1471213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1472213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1473213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1474213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
1475213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
1476213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1477213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1478213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1479213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000490 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
1480213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1481213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1482213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
1483213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
1484213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1485213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1486213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1487213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
1488213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1489213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1490213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1491213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000478 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1492213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1493213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1494213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8A837B0D823EB506C6A4C447C1962174D27ED954
1495213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3020338~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
1496213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1497213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1498213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1499213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1500213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1501213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1502213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
1503213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1504213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1505213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1506213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000494 pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
1507213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1508213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1509213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E64AE329BD5124592BC8CB0B327AA3B95DC65B7
1510213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
1511213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1512213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1513213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1514213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
1515213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1516213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
1517213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
1518213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1519213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1520213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000474 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
1521213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1522213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1523213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0ED534A13973A0F8A98CD4EDC6CBC56E0448E994
1524213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3039066~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
1525213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1526213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1527213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
1528213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1529213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1530213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
1531213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1532213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1533213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1534213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1535213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1536213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1537213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
1538213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
1539213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
1540213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
1541213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1542213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1543213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
1544213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1545213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
1546213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
1547213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1548213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1549213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
1550213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
1551213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1552213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1553213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
1554213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
1555213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
1556213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1557213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1558213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1559213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1560213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1561213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1562213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1563213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1564213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1565213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1566213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
1567213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1568213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1569213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1570213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1571213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1572213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1573213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1574213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1575213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1576213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1577213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust
1578213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1579213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1580213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1581213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1582213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
1583213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
1584213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1585213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1586213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
1587213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
1588213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
1589213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) WinVerifyTrust
1590213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1591213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1592213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1593213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1594213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1595213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1596213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1597213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1598213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1599213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1600213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1601213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b0 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1602213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1603213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1604213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
1605213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1606213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1607213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1608213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1609213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1610213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1611213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1612213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1613213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
1614213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1615213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1616213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1617213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1618213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1619213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ac pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
1620213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1621213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1622213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
1623213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
1624213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1625213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1626213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1627213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1628213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1629213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1630213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1631213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
1632213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1633213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1634213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1635213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000048c pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
1636213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1637213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1638213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
1639213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
1640213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1641213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1642213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1643213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1644213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
1645213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1646213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1647213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1648213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1649213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1650213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1651213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1652213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1653213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1654213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1655213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1656213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1657213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1658213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1659213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1660213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
1661213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
1662213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d0 pwszName=\Device\HarddiskVolume2\Windows\System32\mpr.dll
1663213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1664213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1665213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F84FE9BA047B24E7694C9E0C349B48B9FD5F925B
1666213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\mpr.dll'
1667213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1668213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll) WinVerifyTrust
1669213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
1670213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1671213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1672213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1673213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1674213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1675213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1676213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1677213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1678213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1679213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1680213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1681213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1682213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1683213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1684213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1685213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1686213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1687213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1688213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1689213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1690213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1691213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1692213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1693213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1695213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1696213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1697213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1698213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1699213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1700213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1701213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1702213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1703213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1704213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1705213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1706213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1707213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1708213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1709213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1710213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1711213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1712213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1713213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1714213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1715213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1716213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1717213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1718213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1719213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1720213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1721213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1722213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1723213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1724213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1725213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1726213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1727213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b8 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1728213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1729213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1730213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
1731213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
1732213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1733213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1734213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1735213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1736213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1737213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1738213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1739213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
1740213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1741213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1742213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1743213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c4 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
1744213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1745213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1746213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
1747213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
1748213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1749213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1750213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1751213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1752213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust
1753213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
1754213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1755213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1756213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1757213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1758213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1759213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1760213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1761213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1762213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1763213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1764213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1765213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1766213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1767213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1768213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1769213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1770213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1771213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1772213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1773213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1774213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1775213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1776213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1777213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1778213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1779213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1780213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1781213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1782213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1783213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1784213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1785213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1786213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1787213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1788213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1789213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1790213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1791213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1792213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1793213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1794213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1795213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1796213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1797213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1798213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1799213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1800213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1801213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1802213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1803213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1804213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1805213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1806213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1807213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1808213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1809213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1810213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1811213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1812213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1813213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1814213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1815213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1816213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1817213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1818213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1819213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1820213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1821213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1822213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e8 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
1823213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1824213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1825213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A2FB6B10717AFC03CD9FE6E8F1337A8EA94BF9B
1826213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2864058~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
1827213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1828213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1829213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1830213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1831213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
1832213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
1833213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1834213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1835213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1836213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1837213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1838213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1839213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1840213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1841213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1842213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1843213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1844213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1845213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1846213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1847213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1848213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1849213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1850213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
1851213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
1852213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d4 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1853213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1854213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1855213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B79EE7B5AD74EF51A849809202E043183A2C727E
1856213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
1857213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1858213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1859213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1860213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1861213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
1862213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1863213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1864213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1865213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f4 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
1866213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1867213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1868213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
1869213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
1870213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1871213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
1872213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
1873213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
1874213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1875213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1876213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
1877213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
1878213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
1879213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1880213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1881213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1882213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1883213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1884213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d8 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
1885213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1886213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1887213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8C17410BD716DCF557221B982F7A015B5B6AC2B4
1888213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3032323~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
1889213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1890213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1891213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1892213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1893213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
1894213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1895213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1896213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1897213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1898213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1899213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1900213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1901213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1902213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1903213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1904213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1905213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
1906213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
1907213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e0 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
1908213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1909213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1910213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
1911213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
1912213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1913213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1914213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
1915213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
1916213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
1917213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1918213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1919213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1920213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1921213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1922213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1923213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1924213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1925213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1926213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1927213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1928213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1929213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1930213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000500 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1931213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
1932213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
1933213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
1934213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
1935213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1936213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1937213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
1938213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1939213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) WinVerifyTrust
1940213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1941213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1942213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1943213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1944213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1945213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1946213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1947213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1948213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1949213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1950213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1951213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1952213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1953213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1954213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1955213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1956213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1957213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1958213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1959213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1960213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1961213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1962213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1963213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1964213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000838430:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1965213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1966213c.14d4: supR3HardenedDllNotificationCallback: load 000007fee6ad0000 LB 0x008e6000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
1967213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1968213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1969213c.14d4: supR3HardenedDllNotificationCallback: load 000007fef0410000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
1970213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1971213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1972213c.14d4: supR3HardenedDllNotificationCallback: load 000007fef2850000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
1973213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1974213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1975213c.14d4: supR3HardenedDllNotificationCallback: load 000007fef0310000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
1976213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1977213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1978213c.14d4: supR3HardenedDllNotificationCallback: load 000007fef2840000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
1979213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1980213c.14d4: supR3HardenedDllNotificationCallback: load 000007feffa40000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
1981213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1982213c.14d4: supR3HardenedDllNotificationCallback: load 000007fefda50000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1983213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1984213c.14d4: supR3HardenedDllNotificationCallback: load 000007feffdf0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1985213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1986213c.14d4: supR3HardenedDllNotificationCallback: load 000007fefef90000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1987213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1988213c.14d4: supR3HardenedDllNotificationCallback: load 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1989213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
1990213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1991213c.14d4: supR3HardenedDllNotificationCallback: load 000007fefb6a0000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
1992213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1993213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1994213c.14d4: supR3HardenedDllNotificationCallback: load 0000000055160000 LB 0x00566000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
1995213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1996213c.14d4: supR3HardenedDllNotificationCallback: load 000007fefdff0000 LB 0x00d89000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
1997213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1998213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
1999213c.14d4: supR3HardenedDllNotificationCallback: load 000007fef85b0000 LB 0x00018000 C:\Windows\system32\MPR.dll [fFlags=0x0]
2000213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
2001213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2002213c.14d4: supR3HardenedDllNotificationCallback: load 000007fee5ed0000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
2003213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2004213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
2005213c.14d4: supR3HardenedDllNotificationCallback: load 00000000556d0000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
2006213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
2007213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
2008213c.14d4: supR3HardenedDllNotificationCallback: load 000007fee9800000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
2009213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
2010213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
2011213c.14d4: supR3HardenedDllNotificationCallback: load 000007fef09b0000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
2012213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
2013213c.14d4: supR3HardenedDllNotificationCallback: load 000007feffd50000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
2014213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
2015213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
2016213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
2017213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2018213c.14d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll)
2019213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll
2020213c.14d4: supR3HardenedDllNotificationCallback: load 000007fefadf0000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\COMCTL32.dll [fFlags=0x0]
2021213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll [avoiding WinVerifyTrust]
2022213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
2023213c.14d4: supR3HardenedDllNotificationCallback: load 0000000058a20000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
2024213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
2025213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2026213c.14d4: supR3HardenedDllNotificationCallback: load 000007fefb750000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
2027213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2028213c.14d4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll'.
2029213c.14d4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll' [rescheduled]
2030213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
2031213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2032213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2033213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2034213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2035213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2036213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2037213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000838790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2038213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff5d0000 'C:\Windows\system32\imm32.dll'
2039213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4f0000 'C:\Windows\system32\ADVAPI32.DLL'
2040213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
2041213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
2042213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd840000 'C:\Windows\system32\cryptbase.dll'
2043213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6ad0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
2044213c.14d4: SUPR3HardenedMain: Calling TrustedMain (000007fee6ad1610)...
2045213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2046213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000838430:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2047213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef90000 'C:\Windows\system32\ole32.dll'
2048213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4f0000 'C:\Windows\system32\ADVAPI32.dll'
2049213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
2050213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000838430:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2051213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9e0000 'C:\Windows\system32\profapi.dll'
2052213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
2053213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
2054213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
2055213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
2056213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
2057213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2058213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
2059213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
2060213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
2061213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
2062213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
2063213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
2064213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2065213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2066213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2067213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
2068213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
2069213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2070213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
2071213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
2072213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2073213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2074213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2075213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2076213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2077213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2078213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2079213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2080213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2081213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2082213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2083213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2084213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
2085213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
2086213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
2087213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2088213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2089213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2090213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2091213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2092213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2093213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2094213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000838430:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2095213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2096213c.14d4: supR3HardenedDllNotificationCallback: load 000007fee9020000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
2097213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2098213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee9020000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
2099213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
2100213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000838430:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2101213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd840000 'C:\Windows\system32\CRYPTBASE.dll'
2102213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000594 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2103213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
2104213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
2105213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
2106213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
2107213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2108213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2109213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2110213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
2111213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
2112213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2113213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2114213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2115213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2116213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2117213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2118213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2119213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002858f70:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2120213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2121213c.14d4: supR3HardenedDllNotificationCallback: load 000007fefbfe0000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
2122213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2123213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfe0000 'C:\Windows\system32\uxtheme.dll'
2124213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2125213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002858f70:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2126213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfe0000 'C:\Windows\system32\uxtheme.dll'
2127213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2128213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000028592e0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2129213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfe0000 'C:\Windows\system32\uxtheme.dll'
2130213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2131213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000028592e0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2132213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfe0000 'C:\Windows\system32\uxtheme.dll'
2133213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077b20000 'C:\Windows\system32\user32.dll'
2134213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2135213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000838430:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2136213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdff0000 'C:\Windows\system32\shell32.dll'
2137213c.14d4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
2138213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000838430:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2139213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
2140213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2141213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000838430:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2142213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb750000 'C:\Windows\system32\winmm.dll'
2143213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2144213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000838430:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2145213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb750000 'C:\Windows\system32\winmm.dll'
2146213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2147213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000838430:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2148213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdff0000 'C:\Windows\system32\shell32.dll'
2149213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2150213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000838430:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2151213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfe0000 'C:\Windows\system32\uxtheme.dll'
2152213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4f0000 'C:\Windows\system32\advapi32.dll'
2153213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
2154213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000838430:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2155213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc20000 'C:\Windows\system32\userenv.dll'
2156213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2157213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000838430:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2158213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077a00000 'C:\Windows\system32\kernel32.dll'
2159213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005ac pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2160213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
2161213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
2162213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
2163213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
2164213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2165213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2166213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2167213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2168213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2169213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2170213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2171213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) WinVerifyTrust
2172213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2173213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2174213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2175213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2176213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2177213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2178213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2179213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2180213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2181213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2182213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2183213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2184213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2185213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2186213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2187213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2188213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2189213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000838430:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2190213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2191213c.14d4: supR3HardenedDllNotificationCallback: load 000007fefdf50000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
2192213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2193213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf50000 'C:\Windows\system32\CLBCatQ.DLL'
2194213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4f0000 'C:\Windows\system32\ADVAPI32.dll'
2195213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
2196213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000838b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2197213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd1e0000 'C:\Windows\system32\CRYPTSP.dll'
2198213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005dc pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2199213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
2200213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
2201213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
2202213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
2203213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2204213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
2205213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
2206213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2207213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2208213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2209213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000838b80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2210213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2211213c.14d4: supR3HardenedDllNotificationCallback: load 000007fefd930000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
2212213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2213213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd930000 'C:\Windows\system32\RpcRtRemote.dll'
2214213c.20c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2215213c.20c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2216213c.20c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2217213c.20c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2218213c.20c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2219213c.20c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2220213c.20c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
2221213c.20c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2222213c.20c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2223213c.20c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2224213c.20c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2225213c.20c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2226213c.20c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2227213c.20c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2228213c.20c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2229213c.20c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2230213c.20c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2231213c.20c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2232213c.20c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2233213c.20c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2234213c.20c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2235213c.20c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2236213c.20c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2237213c.20c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008591a0:C:\Program Files\Oracle\VirtualBox;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2238213c.20c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2239213c.20c8: supR3HardenedDllNotificationCallback: load 000007fee7cb0000 LB 0x004f5000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
2240213c.20c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2241213c.20c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7cb0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
2242213c.20c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2243213c.20c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2244213c.20c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2245213c.20c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
2246213c.20c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2247213c.20c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2248213c.20c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
2249213c.20c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
2250213c.20c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2251213c.20c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2252213c.20c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2253213c.20c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2254213c.20c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2255213c.20c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2256213c.20c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2257213c.20c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2258213c.20c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2259213c.20c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2260213c.20c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2261213c.20c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2262213c.20c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2263213c.20c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2264213c.20c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2265213c.20c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2266213c.20c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2267213c.20c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008591a0:C:\Program Files\Oracle\VirtualBox;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2268213c.20c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2269213c.20c8: supR3HardenedDllNotificationCallback: load 000007fee8550000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
2270213c.20c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2271213c.20c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8550000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
2272213c.20c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2273213c.20c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000028595a0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2274213c.20c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffdf0000 'C:\Windows\system32\oleaut32.dll'
2275213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4f0000 'C:\Windows\system32\ADVAPI32.dll'
2276213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff230000 'C:\Windows\system32\gdi32.dll'
2277213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2278213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000839240:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2279213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdff0000 'C:\Windows\system32\shell32.dll'
2280213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2281213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000839240:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2282213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6a0000 'C:\Windows\system32\dwmapi.dll'
2283213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4f0000 'C:\Windows\system32\ADVAPI32.dll'
2284213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef90000 'C:\Windows\system32\ole32.dll'
2285213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
2286213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000028595a0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2287213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffc40000 'C:\Windows\system32\MSCTF.dll'
2288213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdff0000 'C:\Windows\system32\shell32.dll'
2289213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdff0000 'C:\Windows\system32\shell32.dll'
2290213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef90000 'C:\Windows\system32\ole32.dll'
2291213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2292213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fb9f30:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2293213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffdf0000 'C:\Windows\system32\OLEAUT32.dll'
2294213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000008e4 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2295213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
2296213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
2297213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
2298213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
2299213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2300213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2301213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
2302213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2303213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2304213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
2305213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
2306213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
2307213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2308213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2309213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2310213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2311213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2312213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2313213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2314213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2315213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2316213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2317213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2318213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2319213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000008e8 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2320213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
2321213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
2322213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
2323213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
2324213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2325213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2326213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
2327213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2328213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2329213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
2330213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
2331213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2332213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2333213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2334213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2335213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2336213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2337213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2338213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2339213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
2340213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2341213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2342213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2343213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2344213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2345213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2346213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000285cd90:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2347213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2348213c.14d4: supR3HardenedDllNotificationCallback: load 000007fefa730000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
2349213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2350213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2351213c.14d4: supR3HardenedDllNotificationCallback: load 000007fefa4b0000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
2352213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2353213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa730000 'C:\Windows\system32\wbem\wbemprox.dll'
2354213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000910 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2355213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
2356213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
2357213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
2358213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
2359213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2360213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2361213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2362213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
2363213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2364213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2365213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2366213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2367213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2368213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2369213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000285cd90:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2370213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2371213c.14d4: supR3HardenedDllNotificationCallback: load 000007fef10f0000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
2372213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2373213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef10f0000 'C:\Windows\system32\wbem\wbemsvc.dll'
2374213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000091c pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2375213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
2376213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
2377213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
2378213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
2379213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2380213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2381213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
2382213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
2383213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
2384213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2385213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
2386213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
2387213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2388213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
2389213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
2390213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000904 pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2391213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
2392213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
2393213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
2394213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll'
2395213c.14d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2396213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2397213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
2398213c.14d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
2399213c.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll) WinVerifyTrust
2400213c.14d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2401213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2402213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2403213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2404213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2405213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2406213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2407213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2408213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2409213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2410213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2411213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2412213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2413213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2414213c.14d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2415213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2416213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2417213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2418213c.14d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2419213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000285cd90:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2420213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2421213c.14d4: supR3HardenedDllNotificationCallback: load 000007fef12d0000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
2422213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2423213c.14d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2424213c.14d4: supR3HardenedDllNotificationCallback: load 000007fefa660000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
2425213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2426213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef12d0000 'C:\Windows\system32\wbem\fastprox.dll'
2427213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffdf0000 'C:\Windows\system32\OLEAUT32.dll'
2428213c.14d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2429213c.14d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fba170:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2430213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb750000 'C:\Windows\system32\WINMM.dll'
2431213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffdf0000 'C:\Windows\system32\OLEAUT32.DLL'
2432213c.21a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2433213c.21a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
2434213c.21a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2435213c.21a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
2436213c.21a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2437213c.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2438213c.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2439213c.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
2440213c.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
2441213c.21a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
2442213c.21a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2443213c.21a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
2444213c.21a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
2445213c.21a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2446213c.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2447213c.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2448213c.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2449213c.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2450213c.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2451213c.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2452213c.21a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2453213c.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2454213c.21a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2455213c.21a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fb9fc0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2456213c.21a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2457213c.21a0: supR3HardenedDllNotificationCallback: load 000007fee6830000 LB 0x0029f000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
2458213c.21a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2459213c.21a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2460213c.21a0: supR3HardenedDllNotificationCallback: load 0000000058910000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
2461213c.21a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2462213c.21a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6830000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2463213c.944: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009f4 pwszName=\Device\HarddiskVolume2\Windows\System32\netcfgx.dll
2464213c.944: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
2465213c.944: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
2466213c.944: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B2E2834BA132AEF0C1091DED23D983BBB0CDB980
2467213c.944: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\netcfgx.dll'
2468213c.944: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2469213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shlwapi.dll'.
2470213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2471213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
2472213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2473213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2474213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
2475213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'nsi.dll'.
2476213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'iphlpapi.dll'.
2477213c.944: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\netcfgx.dll) WinVerifyTrust
2478213c.944: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
2479213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2480213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2481213c.944: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a10 pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2482213c.944: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
2483213c.944: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
2484213c.944: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
2485213c.944: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
2486213c.944: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2487213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2488213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
2489213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
2490213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
2491213c.944: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
2492213c.944: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2493213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2494213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2495213c.944: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2496213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2497213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2498213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2499213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2500213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2501213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2502213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2503213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2504213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2505213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2506213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2507213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2508213c.944: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2509213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2510213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2511213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
2512213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
2513213c.944: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009dc pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll
2514213c.944: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
2515213c.944: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
2516213c.944: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91
2517213c.944: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
2518213c.944: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2519213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2520213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2521213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
2522213c.944: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust
2523213c.944: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2524213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2525213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2526213c.944: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2527213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2528213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2529213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2530213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2531213c.944: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2532213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2533213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2534213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2535213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2536213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\netcfgx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002859700:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2537213c.944: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
2538213c.944: supR3HardenedDllNotificationCallback: load 000007fef0fc0000 LB 0x00084000 C:\Windows\system32\netcfgx.dll [fFlags=0x0]
2539213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
2540213c.944: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2541213c.944: supR3HardenedDllNotificationCallback: load 000007fefb5c0000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0]
2542213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2543213c.944: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2544213c.944: supR3HardenedDllNotificationCallback: load 000007fefb5f0000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0]
2545213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2546213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0fc0000 'C:\Windows\system32\netcfgx.dll'
2547213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2548213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fb9fc0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2549213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa40000 'C:\Windows\system32\SETUPAPI.dll'
2550213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2551213c.944: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
2552213c.944: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
2553213c.944: supR3HardenedDllNotificationCallback: load 000007fefcca0000 LB 0x00012000 C:\Windows\system32\devrtl.DLL [fFlags=0x0]
2554213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
2555213c.944: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a4c pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
2556213c.944: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
2557213c.944: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
2558213c.944: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=445E5B0E9F43B5D56A5B9C4BC3369E3D076ACA1A
2559213c.944: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
2560213c.944: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2561213c.944: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
2562213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
2563213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2564213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2565213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.dll (Input=WINTRUST.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fb9fc0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2566213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdcc0000 'C:\Windows\system32\WINTRUST.dll'
2567213c.17f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2568213c.17f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2569213c.17f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2570213c.17f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2571213c.17f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
2572213c.17f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2573213c.17f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2574213c.17f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2575213c.17f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2576213c.17f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2577213c.17f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2578213c.17f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2579213c.17f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2580213c.17f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2581213c.17f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2582213c.17f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fba320:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2583213c.17f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2584213c.17f8: supR3HardenedDllNotificationCallback: load 000007feed990000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2585213c.17f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2586213c.17f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed990000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2587213c.17f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077b20000 'C:\Windows\system32\User32.dll'
2588213c.d6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2589213c.d6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2590213c.d6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2591213c.d6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
2592213c.d6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2593213c.d6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2594213c.d6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2595213c.d6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2596213c.d6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2597213c.d6c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2598213c.d6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2599213c.d6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2600213c.d6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fba320:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2601213c.d6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2602213c.d6c: supR3HardenedDllNotificationCallback: load 000007feed890000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2603213c.d6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2604213c.d6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed890000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2605213c.113c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2606213c.113c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2607213c.113c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2608213c.113c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
2609213c.113c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2610213c.113c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2611213c.113c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2612213c.113c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2613213c.113c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2614213c.113c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2615213c.113c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2616213c.113c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
2617213c.113c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fba320:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2618213c.113c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2619213c.113c: supR3HardenedDllNotificationCallback: load 000007feed860000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
2620213c.113c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2621213c.113c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed860000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
2622213c.1b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2623213c.1b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2624213c.1b24: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2625213c.1b24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
2626213c.1b24: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2627213c.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2628213c.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2629213c.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2630213c.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2631213c.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2632213c.1b24: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2633213c.1b24: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fba320:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2634213c.1b24: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2635213c.1b24: supR3HardenedDllNotificationCallback: load 000007feed140000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
2636213c.1b24: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2637213c.1b24: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed140000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
2638213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdff0000 'C:\Windows\system32\Shell32.dll'
2639213c.944: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000002fba320:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2640213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffc20000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
2641213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2642213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2643213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2644213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2645213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2646213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2647213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2648213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2649213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2650213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2651213c.944: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
2652213c.944: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2653213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2654213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2655213c.944: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2656213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2657213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2658213c.944: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2659213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2660213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2661213c.944: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2662213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2663213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2664213c.944: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2665213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2666213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2667213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2668213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2669213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2670213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2671213c.944: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
2672213c.944: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2673213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2674213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
2675213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2676213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2677213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2678213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2679213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2680213c.944: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
2681213c.944: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2682213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2683213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2684213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2685213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2686213c.944: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2687213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2688213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2689213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2690213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2691213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2692213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2693213c.944: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2694213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2695213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2696213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2697213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2698213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2699213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2700213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2701213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2702213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2703213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2704213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fba320:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2705213c.944: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2706213c.944: supR3HardenedDllNotificationCallback: load 000007fee5520000 LB 0x009a7000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
2707213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2708213c.944: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2709213c.944: supR3HardenedDllNotificationCallback: load 000007fee8fc0000 LB 0x00058000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
2710213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2711213c.944: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2712213c.944: supR3HardenedDllNotificationCallback: load 000007fee9a80000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
2713213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2714213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5520000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
2715213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2716213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fba320:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2717213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7cb0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
2718213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2719213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fba320:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2720213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee9a80000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
2721213c.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2722213c.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2723213c.2050: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2724213c.2050: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
2725213c.2050: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2726213c.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2727213c.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2728213c.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2729213c.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2730213c.2050: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2731213c.2050: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2732213c.2050: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2733213c.2050: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fba320:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2734213c.2050: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2735213c.2050: supR3HardenedDllNotificationCallback: load 000007feed120000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
2736213c.2050: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2737213c.2050: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed120000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
2738213c.944: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c3c pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
2739213c.944: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
2740213c.944: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
2741213c.944: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6C3E3D9F8B48D816E52C31576FFFD4AF86AB813
2742213c.944: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
2743213c.944: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2744213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2745213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
2746213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2747213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2748213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
2749213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
2750213c.944: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
2751213c.944: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
2752213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
2753213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
2754213c.944: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c40 pwszName=\Device\HarddiskVolume2\Windows\System32\powrprof.dll
2755213c.944: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
2756213c.944: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
2757213c.944: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0B7DE18787DB24DAD3580634869A9A8FF4AB48F
2758213c.944: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\powrprof.dll'
2759213c.944: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2760213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2761213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2762213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2763213c.944: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll) WinVerifyTrust
2764213c.944: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
2765213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2766213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2767213c.944: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2768213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2769213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2770213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2771213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2772213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2773213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2774213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2775213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2776213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2777213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2778213c.944: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2779213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2780213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2781213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2782213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2783213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002859700:C:\Windows\System32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2784213c.944: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2785213c.944: supR3HardenedDllNotificationCallback: load 000007fef0530000 LB 0x00088000 C:\Windows\System32\dsound.dll [fFlags=0x0]
2786213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2787213c.944: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
2788213c.944: supR3HardenedDllNotificationCallback: load 000007fefc810000 LB 0x0002c000 C:\Windows\System32\POWRPROF.dll [fFlags=0x0]
2789213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
2790213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2791213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fba320:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2792213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0530000 'C:\Windows\System32\dsound.dll'
2793213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0530000 'C:\Windows\System32\dsound.dll'
2794213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2795213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fba320:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2796213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0530000 'C:\Windows\system32\dsound.dll'
2797213c.944: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c44 pwszName=\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2798213c.944: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
2799213c.944: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
2800213c.944: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=704F97298D44B8146C54067788F597E0BF365197
2801213c.944: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll'
2802213c.944: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2803213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2804213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2805213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2806213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
2807213c.944: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
2808213c.944: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2809213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
2810213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
2811213c.944: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c68 pwszName=\Device\HarddiskVolume2\Windows\System32\propsys.dll
2812213c.944: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
2813213c.944: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
2814213c.944: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A1594E841359779EF7EA7EBCF775D89F55388D3
2815213c.944: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\propsys.dll'
2816213c.944: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2817213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2818213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
2819213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
2820213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2821213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2822213c.944: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
2823213c.944: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
2824213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2825213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2826213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2827213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2828213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2829213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2830213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2831213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2832213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2833213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2834213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2835213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2836213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2837213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2838213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2839213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2840213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002859700:C:\Windows\System32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2841213c.944: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2842213c.944: supR3HardenedDllNotificationCallback: load 000007fefc660000 LB 0x0004b000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
2843213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2844213c.944: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
2845213c.944: supR3HardenedDllNotificationCallback: load 000007fefc530000 LB 0x0012c000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0]
2846213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
2847213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4f0000 'C:\Windows\system32\ADVAPI32.dll'
2848213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc660000 'C:\Windows\System32\MMDevApi.dll'
2849213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef90000 'C:\Windows\system32\ole32.dll'
2850213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2851213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fba9e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2852213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa40000 'C:\Windows\system32\SETUPAPI.dll'
2853213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2854213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fbaa70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2855213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed80000 'C:\Windows\system32\SHLWAPI.dll'
2856213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2857213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fbaa70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2858213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc660000 'C:\Windows\system32\MMDEVAPI.DLL'
2859213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef90000 'C:\Windows\system32\ole32.dll'
2860213c.5cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2861213c.5cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fbaa70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2862213c.5cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda50000 'C:\Windows\system32\CFGMGR32.dll'
2863213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2864213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fbaa70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2865213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb750000 'C:\Windows\system32\winmm.dll'
2866213c.944: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000002fbaa70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2867213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffc20000 'API-MS-WIN-Service-Management-L1-1-0.dll'
2868213c.944: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000002fbaa70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2869213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffc20000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
2870213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde10000 'C:\Windows\system32\RPCRT4.dll'
2871213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2872213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fbaa70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2873213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc660000 'C:\Windows\system32\MMDevAPI.DLL'
2874213c.944: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c90 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2875213c.944: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
2876213c.944: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
2877213c.944: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4B64306F5558D2DEC53CF11AAF17F02438929FDD
2878213c.944: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
2879213c.944: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2880213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2881213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2882213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2883213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2884213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
2885213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ksuser.dll'.
2886213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
2887213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'avrt.dll'.
2888213c.944: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
2889213c.944: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2890213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
2891213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
2892213c.944: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c94 pwszName=\Device\HarddiskVolume2\Windows\System32\avrt.dll
2893213c.944: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
2894213c.944: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
2895213c.944: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1362C343929DD08AB918B38DE195D1A11B1D1365
2896213c.944: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\avrt.dll'
2897213c.944: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2898213c.944: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
2899213c.944: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
2900213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
2901213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
2902213c.944: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2903213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
2904213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
2905213c.944: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cb0 pwszName=\Device\HarddiskVolume2\Windows\System32\ksuser.dll
2906213c.944: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
2907213c.944: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
2908213c.944: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EC3873F9ACBE279185D3540F02128F42D21D0856
2909213c.944: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ksuser.dll'
2910213c.944: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2911213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2912213c.944: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
2913213c.944: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
2914213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2915213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2916213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2917213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2918213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2919213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2920213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2921213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2922213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2923213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2924213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2925213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2926213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fbaa70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2927213c.944: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2928213c.944: supR3HardenedDllNotificationCallback: load 000007fefae90000 LB 0x0003b000 C:\Windows\system32\wdmaud.drv [fFlags=0x0]
2929213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2930213c.944: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
2931213c.944: supR3HardenedDllNotificationCallback: load 00000000756d0000 LB 0x00006000 C:\Windows\system32\ksuser.dll [fFlags=0x0]
2932213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
2933213c.944: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
2934213c.944: supR3HardenedDllNotificationCallback: load 000007fefc6b0000 LB 0x00009000 C:\Windows\system32\AVRT.dll [fFlags=0x0]
2935213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
2936213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae90000 'C:\Windows\system32\wdmaud.drv'
2937213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2938213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fbaa70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2939213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae90000 'C:\Windows\system32\wdmaud.drv'
2940213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2941213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fbaa70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2942213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae90000 'C:\Windows\system32\wdmaud.drv'
2943213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2944213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fba440:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2945213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae90000 'C:\Windows\system32\wdmaud.drv'
2946213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2947213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fba440:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2948213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae90000 'C:\Windows\system32\wdmaud.drv'
2949213c.944: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cc8 pwszName=\Device\HarddiskVolume2\Windows\System32\AudioSes.dll
2950213c.944: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
2951213c.944: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
2952213c.944: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CFCA643693E82633EB61E3B838F7FBA097082A81
2953213c.944: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_114_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\AudioSes.dll'
2954213c.944: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2955213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2956213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2957213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2958213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2959213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2960213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
2961213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
2962213c.944: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
2963213c.944: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
2964213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
2965213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
2966213c.944: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2967213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2968213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2969213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2970213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2971213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2972213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2973213c.944: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2974213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2975213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2976213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2977213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2978213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2979213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2980213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fba440:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2981213c.944: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
2982213c.944: supR3HardenedDllNotificationCallback: load 000007fefb6c0000 LB 0x0004f000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0]
2983213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
2984213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6c0000 'C:\Windows\system32\AUDIOSES.DLL'
2985213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2986213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fba440:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2987213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae90000 'C:\Windows\system32\wdmaud.drv'
2988213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2989213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fbab00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2990213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae90000 'C:\Windows\system32\wdmaud.drv'
2991213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae90000 'C:\Windows\system32\wdmaud.drv'
2992213c.944: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c88 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
2993213c.944: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
2994213c.944: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
2995213c.944: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=522563F5384AD4C93CF5CF4EEA899D3267552328
2996213c.944: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
2997213c.944: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2998213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2999213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
3000213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
3001213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
3002213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
3003213c.944: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
3004213c.944: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3005213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3006213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3007213c.944: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3008213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
3009213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
3010213c.944: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cd8 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.dll
3011213c.944: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
3012213c.944: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
3013213c.944: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCA0A8AEE81B82C402AA72A300B2C8D2DC17C1DA
3014213c.944: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.dll'
3015213c.944: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3016213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3017213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
3018213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
3019213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
3020213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
3021213c.944: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
3022213c.944: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
3023213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3024213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3025213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3026213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3027213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3028213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3029213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3030213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3031213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3032213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3033213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3034213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3035213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3036213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3037213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3038213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3039213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fbab00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3040213c.944: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3041213c.944: supR3HardenedDllNotificationCallback: load 000007fefb710000 LB 0x0000a000 C:\Windows\system32\msacm32.drv [fFlags=0x0]
3042213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3043213c.944: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
3044213c.944: supR3HardenedDllNotificationCallback: load 000007fefadd0000 LB 0x00018000 C:\Windows\system32\MSACM32.dll [fFlags=0x0]
3045213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
3046213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb710000 'C:\Windows\system32\msacm32.drv'
3047213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3048213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fbab00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3049213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb710000 'C:\Windows\system32\msacm32.drv'
3050213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3051213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fbab00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3052213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb710000 'C:\Windows\system32\msacm32.drv'
3053213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3054213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fbab00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3055213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb710000 'C:\Windows\system32\msacm32.drv'
3056213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3057213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fbab00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3058213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb710000 'C:\Windows\system32\msacm32.drv'
3059213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3060213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fbab00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3061213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb710000 'C:\Windows\system32\msacm32.drv'
3062213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3063213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fbab00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3064213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb710000 'C:\Windows\system32\msacm32.drv'
3065213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb710000 'C:\Windows\system32\msacm32.drv'
3066213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb710000 'C:\Windows\system32\msacm32.drv'
3067213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb710000 'C:\Windows\system32\msacm32.drv'
3068213c.944: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cdc pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
3069213c.944: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000895270
3070213c.944: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000895270
3071213c.944: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43116C5C719A4751DA70B12932084D73D7AACEA3
3072213c.944: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
3073213c.944: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3074213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3075213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
3076213c.944: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
3077213c.944: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
3078213c.944: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
3079213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3080213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3081213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3082213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3083213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3084213c.944: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3085213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fbab00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3086213c.944: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3087213c.944: supR3HardenedDllNotificationCallback: load 000007fefb650000 LB 0x00009000 C:\Windows\system32\midimap.dll [fFlags=0x0]
3088213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3089213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb650000 'C:\Windows\system32\midimap.dll'
3090213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3091213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fbab00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3092213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb650000 'C:\Windows\system32\midimap.dll'
3093213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3094213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fbab00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3095213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb650000 'C:\Windows\system32\midimap.dll'
3096213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3097213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fbab00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3098213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb650000 'C:\Windows\system32\midimap.dll'
3099213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb750000 'C:\Windows\system32\winmm.dll'
3100213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb750000 'C:\Windows\system32\winmm.dll'
3101213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb750000 'C:\Windows\system32\winmm.dll'
3102213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef90000 'C:\Windows\system32\ole32.dll'
3103213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
3104213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fbab00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3105213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb750000 'C:\Windows\system32\winmm.dll'
3106213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb750000 'C:\Windows\system32\winmm.dll'
3107213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb750000 'C:\Windows\system32\winmm.dll'
3108213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3109213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fbab00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3110213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0530000 'C:\Windows\system32\dsound.dll'
3111213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb750000 'C:\Windows\system32\winmm.dll'
3112213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb750000 'C:\Windows\system32\winmm.dll'
3113213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb750000 'C:\Windows\system32\winmm.dll'
3114213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb750000 'C:\Windows\system32\winmm.dll'
3115213c.150: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
3116213c.150: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\audioses.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002859700:C:\Windows\System32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3117213c.150: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6c0000 'C:\Windows\System32\audioses.dll'
3118213c.944: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3119213c.944: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000838430:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3120213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0530000 'C:\Windows\system32\dsound.dll'
3121213c.944: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb750000 'C:\Windows\system32\winmm.dll'
3122213c.21a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffdf0000 'C:\Windows\system32\OLEAUT32.dll'
3123213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdff0000 'C:\Windows\system32\shell32.dll'
3124213c.14d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdff0000 'C:\Windows\system32\shell32.dll'
3125213c.2090: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
3126213c.2090: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fbab00:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3127213c.2090: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc6b0000 'C:\Windows\system32\avrt.dll'
3128213c.1bb4: supR3HardenedDllNotificationCallback: Unload 000007fef0fc0000 LB 0x00084000 C:\Windows\system32\netcfgx.dll [flags=0x0]

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy