VirtualBox

Ticket #17651: VBoxHardening.log

File VBoxHardening.log, 406.7 KB (added by H88, 6 years ago)
Line 
114f4.d24: Log file opened: 5.2.8r121009 g_hStartupLog=00000010 g_uNtVerCombined=0x60177220
214f4.d24: \SystemRoot\System32\ntdll.dll:
314f4.d24: CreationTime: 2018-03-27T20:09:37.799125200Z
414f4.d24: LastWriteTime: 2010-10-15T13:48:59.897528200Z
514f4.d24: ChangeTime: 2018-03-28T15:58:42.801153500Z
614f4.d24: FileAttributes: 0x20
714f4.d24: Size: 0x126358
814f4.d24: NT Headers: 0xd0
914f4.d24: Timestamp: 0x4cb73436
1014f4.d24: Machine: 0x14c - i386
1114f4.d24: Timestamp: 0x4cb73436
1214f4.d24: Image Version: 6.0
1314f4.d24: SizeOfImage: 0x128000 (1212416)
1414f4.d24: Resource Dir: 0xd0000 LB 0x52be0
1514f4.d24: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1614f4.d24: [Raw version resource data: 0xd00f0 LB 0x380, codepage 0x0 (reserved 0x0)]
1714f4.d24: ProductName: Microsoft® Windows® Operating System
1814f4.d24: ProductVersion: 6.0.6002.18327
1914f4.d24: FileVersion: 6.0.6002.18327 (vistasp2_gdr.101014-0432)
2014f4.d24: FileDescription: NT Layer DLL
2114f4.d24: \SystemRoot\System32\kernel32.dll:
2214f4.d24: CreationTime: 2018-03-27T19:18:05.897525200Z
2314f4.d24: LastWriteTime: 2011-04-12T16:07:38.431000000Z
2414f4.d24: ChangeTime: 2018-03-28T15:59:19.258353500Z
2514f4.d24: FileAttributes: 0x20
2614f4.d24: Size: 0xd9e00
2714f4.d24: NT Headers: 0xe8
2814f4.d24: Timestamp: 0x4da47967
2914f4.d24: Machine: 0x14c - i386
3014f4.d24: Timestamp: 0x4da47967
3114f4.d24: Image Version: 6.0
3214f4.d24: SizeOfImage: 0xdc000 (901120)
3314f4.d24: Resource Dir: 0xd1000 LB 0x528
3414f4.d24: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3514f4.d24: [Raw version resource data: 0xd10b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3614f4.d24: ProductName: Microsoft® Windows® Operating System
3714f4.d24: ProductVersion: 6.0.6002.18449
3814f4.d24: FileVersion: 6.0.6002.18449 (vistasp2_gdr.110412-0338)
3914f4.d24: FileDescription: Windows NT BASE API Client DLL
4014f4.d24: NtOpenDirectoryObject failed on \Driver: 0xc0000022
4114f4.d24: supR3HardenedWinFindAdversaries: 0x20
4214f4.d24: \SystemRoot\System32\drivers\mfeavfk.sys:
4314f4.d24: CreationTime: 2008-07-01T15:09:15.112880500Z
4414f4.d24: LastWriteTime: 2007-07-24T06:40:36.000000000Z
4514f4.d24: ChangeTime: 2018-03-18T08:37:35.446403500Z
4614f4.d24: FileAttributes: 0x20
4714f4.d24: Size: 0x135c8
4814f4.d24: NT Headers: 0xf0
4914f4.d24: Timestamp: 0x469baed6
5014f4.d24: Machine: 0x14c - i386
5114f4.d24: Timestamp: 0x469baed6
5214f4.d24: Image Version: 0.0
5314f4.d24: SizeOfImage: 0x11b80 (72576)
5414f4.d24: Resource Dir: 0x10ca0 LB 0x388
5514f4.d24: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
5614f4.d24: [Raw version resource data: 0x10d00 LB 0x328, codepage 0x0 (reserved 0x0)]
5714f4.d24: ProductName: SYSCORE.14.0.0.284.x86
5814f4.d24: FileVersion: SYSCORE.14.0.0.284.x86
5914f4.d24: PrivateBuild: SYSCORE.14.0.0.284.x86 F15,F16,F19
6014f4.d24: FileDescription: Anti-Virus File System Filter Driver
6114f4.d24: \SystemRoot\System32\drivers\mfehidk.sys:
6214f4.d24: CreationTime: 2008-07-01T15:09:14.956880500Z
6314f4.d24: LastWriteTime: 2007-07-21T08:08:24.000000000Z
6414f4.d24: ChangeTime: 2018-03-18T08:37:35.446403500Z
6514f4.d24: FileAttributes: 0x20
6614f4.d24: Size: 0x31248
6714f4.d24: NT Headers: 0xf8
6814f4.d24: Timestamp: 0x469bae34
6914f4.d24: Machine: 0x14c - i386
7014f4.d24: Timestamp: 0x469bae34
7114f4.d24: Image Version: 0.0
7214f4.d24: SizeOfImage: 0x2f800 (194560)
7314f4.d24: Resource Dir: 0x2c980 LB 0x398
7414f4.d24: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7514f4.d24: [Raw version resource data: 0x2c9e0 LB 0x338, codepage 0x0 (reserved 0x0)]
7614f4.d24: ProductName: SYSCORE.14.0.0.284.x86
7714f4.d24: FileVersion: SYSCORE.14.0.0.284.x86
7814f4.d24: PrivateBuild: SYSCORE.14.0.0.284.x86 F14,F15,F16,F18,F20
7914f4.d24: FileDescription: Host Intrusion Detection Link Driver
8014f4.d24: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
8114f4.d24: Calling main()
8214f4.d24: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
8314f4.d24: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
8414f4.d24: SUPR3HardenedMain: Respawn #1
8514f4.d24: System32: \Device\HarddiskVolume2\Windows\System32
8614f4.d24: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
8714f4.d24: KnownDllPath: C:\Windows\system32
8814f4.d24: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
8914f4.d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
9014f4.d24: supR3HardNtEnableThreadCreation:
9114f4.d24: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77331500 pvNtTerminateThread=77355354
9214f4.d24: supR3HardenedWinDoReSpawn(1): New child 12ec.17fc [kernel32].
9314f4.d24: supR3HardNtChildGatherData: PebBaseAddress=7ffd4000 cbPeb=0x38
9414f4.d24: supR3HardNtPuChFindNtdll: uNtDllParentAddr=772f0000 uNtDllChildAddr=772f0000
9514f4.d24: supR3HardenedWinSetupChildInit: uLdrInitThunk=77331500
9614f4.d24: supR3HardenedWinSetupChildInit: Start child.
9714f4.d24: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
9814f4.d24: supR3HardNtChildPurify: Startup delay kludge #1/0: 570 ms, 0 sleeps
9914f4.d24: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
10014f4.d24: *00000000-0000ffff 0x0001/0x0000 0x0000000
10114f4.d24: *00010000-0002ffff 0x0004/0x0004 0x0020000
10214f4.d24: *00030000-00033fff 0x0002/0x0002 0x0040000
10314f4.d24: 00034000-0019ffff 0x0001/0x0000 0x0000000
10414f4.d24: *001a0000-0029cfff 0x0000/0x0004 0x0020000
10514f4.d24: 0029d000-0029dfff 0x0104/0x0004 0x0020000
10614f4.d24: 0029e000-0029ffff 0x0004/0x0004 0x0020000
10714f4.d24: 002a0000-0139ffff 0x0001/0x0000 0x0000000
10814f4.d24: *013a0000-013a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
10914f4.d24: 013a1000-01406fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
11014f4.d24: 01407000-01407fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
11114f4.d24: 01408000-01441fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
11214f4.d24: 01442000-01442fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
11314f4.d24: 01443000-01443fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
11414f4.d24: 01444000-01444fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
11514f4.d24: 01445000-01445fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
11614f4.d24: 01446000-0144afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
11714f4.d24: 0144b000-0144dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
11814f4.d24: 0144e000-01491fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
11914f4.d24: 01492000-772effff 0x0001/0x0000 0x0000000
12014f4.d24: *772f0000-772f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
12114f4.d24: 772f1000-773b4fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
12214f4.d24: 773b5000-773bffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
12314f4.d24: 773c0000-77417fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
12414f4.d24: 77418000-7ffaffff 0x0001/0x0000 0x0000000
12514f4.d24: *7ffb0000-7ffd2fff 0x0002/0x0002 0x0040000
12614f4.d24: 7ffd3000-7ffd3fff 0x0001/0x0000 0x0000000
12714f4.d24: *7ffd4000-7ffd4fff 0x0004/0x0004 0x0020000
12814f4.d24: 7ffd5000-7ffdefff 0x0001/0x0000 0x0000000
12914f4.d24: *7ffdf000-7ffdffff 0x0004/0x0004 0x0020000
13014f4.d24: *7ffe0000-7ffe0fff 0x0002/0x0002 0x0020000
13114f4.d24: 7ffe1000-7ffeffff 0x0001/0x0002 0x0020000
13214f4.d24: VirtualBox.exe: timestamp 0x5a942d7e (rc=VINF_SUCCESS)
13314f4.d24: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
13414f4.d24: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
13514f4.d24: supR3HardNtChildPurify: Done after 662 ms and 0 fixes (loop #0).
13612ec.17fc: Log file opened: 5.2.8r121009 g_hStartupLog=00000004 g_uNtVerCombined=0x60177200
13712ec.17fc: supR3HardenedVmProcessInit: uNtDllAddr=772f0000 g_uNtVerCombined=0x60177200
13814f4.d24: supR3HardNtEnableThreadCreation:
13912ec.17fc: ntdll.dll: timestamp 0x4cb73436 (rc=VINF_SUCCESS)
14012ec.17fc: New simple heap: #1 002a0000 LB 0x400000 (for 1212416 allocation)
14112ec.17fc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
14212ec.17fc: System32: \Device\HarddiskVolume2\Windows\System32
14312ec.17fc: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
14412ec.17fc: KnownDllPath: C:\Windows\system32
14512ec.17fc: supR3HardenedVmProcessInit: Opening vboxdrv stub...
14612ec.17fc: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
14712ec.17fc: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
14812ec.17fc: Registered Dll notification callback with NTDLL.
14912ec.17fc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
15012ec.17fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
15112ec.17fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000:<flags> [calling]
15212ec.17fc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
15312ec.17fc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
15412ec.17fc: supR3HardenedDllNotificationCallback: load 76010000 LB 0x000dc000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
15512ec.17fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
15612ec.17fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76010000 'C:\Windows\system32\kernel32.dll'
15712ec.17fc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77331500 pvNtTerminateThread=77355354
15814f4.d24: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 48 ms.
15912ec.17fc: \SystemRoot\System32\ntdll.dll:
16012ec.17fc: CreationTime: 2018-03-27T20:09:37.799125200Z
16112ec.17fc: LastWriteTime: 2010-10-15T13:48:59.897528200Z
16212ec.17fc: ChangeTime: 2018-03-28T15:58:42.801153500Z
16312ec.17fc: FileAttributes: 0x20
16412ec.17fc: Size: 0x126358
16512ec.17fc: NT Headers: 0xd0
16612ec.17fc: Timestamp: 0x4cb73436
16712ec.17fc: Machine: 0x14c - i386
16812ec.17fc: Timestamp: 0x4cb73436
16912ec.17fc: Image Version: 6.0
17012ec.17fc: SizeOfImage: 0x128000 (1212416)
17112ec.17fc: Resource Dir: 0xd0000 LB 0x52be0
17212ec.17fc: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
17312ec.17fc: [Raw version resource data: 0xd00f0 LB 0x380, codepage 0x0 (reserved 0x0)]
17412ec.17fc: ProductName: Microsoft® Windows® Operating System
17512ec.17fc: ProductVersion: 6.0.6002.18327
17612ec.17fc: FileVersion: 6.0.6002.18327 (vistasp2_gdr.101014-0432)
17712ec.17fc: FileDescription: NT Layer DLL
17812ec.17fc: \SystemRoot\System32\kernel32.dll:
17912ec.17fc: CreationTime: 2018-03-27T19:18:05.897525200Z
18012ec.17fc: LastWriteTime: 2011-04-12T16:07:38.431000000Z
18112ec.17fc: ChangeTime: 2018-03-28T15:59:19.258353500Z
18212ec.17fc: FileAttributes: 0x20
18312ec.17fc: Size: 0xd9e00
18412ec.17fc: NT Headers: 0xe8
18512ec.17fc: Timestamp: 0x4da47967
18612ec.17fc: Machine: 0x14c - i386
18712ec.17fc: Timestamp: 0x4da47967
18812ec.17fc: Image Version: 6.0
18912ec.17fc: SizeOfImage: 0xdc000 (901120)
19012ec.17fc: Resource Dir: 0xd1000 LB 0x528
19112ec.17fc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
19212ec.17fc: [Raw version resource data: 0xd10b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
19312ec.17fc: ProductName: Microsoft® Windows® Operating System
19412ec.17fc: ProductVersion: 6.0.6002.18449
19512ec.17fc: FileVersion: 6.0.6002.18449 (vistasp2_gdr.110412-0338)
19612ec.17fc: FileDescription: Windows NT BASE API Client DLL
19712ec.17fc: NtOpenDirectoryObject failed on \Driver: 0xc0000022
19812ec.17fc: supR3HardenedWinFindAdversaries: 0x20
19912ec.17fc: \SystemRoot\System32\drivers\mfeavfk.sys:
20012ec.17fc: CreationTime: 2008-07-01T15:09:15.112880500Z
20112ec.17fc: LastWriteTime: 2007-07-24T06:40:36.000000000Z
20212ec.17fc: ChangeTime: 2018-03-18T08:37:35.446403500Z
20312ec.17fc: FileAttributes: 0x20
20412ec.17fc: Size: 0x135c8
20512ec.17fc: NT Headers: 0xf0
20612ec.17fc: Timestamp: 0x469baed6
20712ec.17fc: Machine: 0x14c - i386
20812ec.17fc: Timestamp: 0x469baed6
20912ec.17fc: Image Version: 0.0
21012ec.17fc: SizeOfImage: 0x11b80 (72576)
21112ec.17fc: Resource Dir: 0x10ca0 LB 0x388
21212ec.17fc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
21312ec.17fc: [Raw version resource data: 0x10d00 LB 0x328, codepage 0x0 (reserved 0x0)]
21412ec.17fc: ProductName: SYSCORE.14.0.0.284.x86
21512ec.17fc: FileVersion: SYSCORE.14.0.0.284.x86
21612ec.17fc: PrivateBuild: SYSCORE.14.0.0.284.x86 F15,F16,F19
21712ec.17fc: FileDescription: Anti-Virus File System Filter Driver
21812ec.17fc: \SystemRoot\System32\drivers\mfehidk.sys:
21912ec.17fc: CreationTime: 2008-07-01T15:09:14.956880500Z
22012ec.17fc: LastWriteTime: 2007-07-21T08:08:24.000000000Z
22112ec.17fc: ChangeTime: 2018-03-18T08:37:35.446403500Z
22212ec.17fc: FileAttributes: 0x20
22312ec.17fc: Size: 0x31248
22412ec.17fc: NT Headers: 0xf8
22512ec.17fc: Timestamp: 0x469bae34
22612ec.17fc: Machine: 0x14c - i386
22712ec.17fc: Timestamp: 0x469bae34
22812ec.17fc: Image Version: 0.0
22912ec.17fc: SizeOfImage: 0x2f800 (194560)
23012ec.17fc: Resource Dir: 0x2c980 LB 0x398
23112ec.17fc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
23212ec.17fc: [Raw version resource data: 0x2c9e0 LB 0x338, codepage 0x0 (reserved 0x0)]
23312ec.17fc: ProductName: SYSCORE.14.0.0.284.x86
23412ec.17fc: FileVersion: SYSCORE.14.0.0.284.x86
23512ec.17fc: PrivateBuild: SYSCORE.14.0.0.284.x86 F14,F15,F16,F18,F20
23612ec.17fc: FileDescription: Host Intrusion Detection Link Driver
23712ec.17fc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
23812ec.17fc: Calling main()
23912ec.17fc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
24012ec.17fc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
24112ec.17fc: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
24212ec.17fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
24312ec.17fc: SUPR3HardenedMain: Respawn #2
24412ec.17fc: supR3HardNtEnableThreadCreation:
24512ec.17fc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
24612ec.17fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
24712ec.17fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000:<flags> [calling]
24812ec.17fc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
24912ec.17fc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
25012ec.17fc: supR3HardenedDllNotificationCallback: load 757a0000 LB 0x0002c000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
25112ec.17fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
25212ec.17fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=757a0000 'C:\Windows\system32\apphelp.dll'
25312ec.17fc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77331500 pvNtTerminateThread=77355354
25412ec.17fc: supR3HardenedWinDoReSpawn(2): New child 14c.1510 [kernel32].
25512ec.17fc: supR3HardNtChildGatherData: PebBaseAddress=7ffd8000 cbPeb=0x38
25612ec.17fc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=772f0000 uNtDllChildAddr=772f0000
25712ec.17fc: supR3HardenedWinSetupChildInit: uLdrInitThunk=77331500
25812ec.17fc: supR3HardenedWinSetupChildInit: Start child.
25912ec.17fc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 34 ms.
26012ec.17fc: supR3HardNtChildPurify: Startup delay kludge #1/0: 514 ms, 0 sleeps
26112ec.17fc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
26212ec.17fc: *00000000-0000ffff 0x0001/0x0000 0x0000000
26312ec.17fc: *00010000-0002ffff 0x0004/0x0004 0x0020000
26412ec.17fc: *00030000-00033fff 0x0002/0x0002 0x0040000
26512ec.17fc: 00034000-000dffff 0x0001/0x0000 0x0000000
26612ec.17fc: *000e0000-001dcfff 0x0000/0x0004 0x0020000
26712ec.17fc: 001dd000-001ddfff 0x0104/0x0004 0x0020000
26812ec.17fc: 001de000-001dffff 0x0004/0x0004 0x0020000
26912ec.17fc: 001e0000-0139ffff 0x0001/0x0000 0x0000000
27012ec.17fc: *013a0000-013a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
27112ec.17fc: 013a1000-01406fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
27212ec.17fc: 01407000-01407fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
27312ec.17fc: 01408000-01441fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
27412ec.17fc: 01442000-01442fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
27512ec.17fc: 01443000-01443fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
27612ec.17fc: 01444000-01444fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
27712ec.17fc: 01445000-01445fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
27812ec.17fc: 01446000-0144afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
27912ec.17fc: 0144b000-0144dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
28012ec.17fc: 0144e000-01491fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
28112ec.17fc: 01492000-772effff 0x0001/0x0000 0x0000000
28212ec.17fc: *772f0000-772f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
28312ec.17fc: 772f1000-773b4fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
28412ec.17fc: 773b5000-773bffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
28512ec.17fc: 773c0000-77417fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
28612ec.17fc: 77418000-7ffaffff 0x0001/0x0000 0x0000000
28712ec.17fc: *7ffb0000-7ffd2fff 0x0002/0x0002 0x0040000
28812ec.17fc: 7ffd3000-7ffd7fff 0x0001/0x0000 0x0000000
28912ec.17fc: *7ffd8000-7ffd8fff 0x0004/0x0004 0x0020000
29012ec.17fc: 7ffd9000-7ffdefff 0x0001/0x0000 0x0000000
29112ec.17fc: *7ffdf000-7ffdffff 0x0004/0x0004 0x0020000
29212ec.17fc: *7ffe0000-7ffe0fff 0x0002/0x0002 0x0020000
29312ec.17fc: 7ffe1000-7ffeffff 0x0001/0x0002 0x0020000
29412ec.17fc: VirtualBox.exe: timestamp 0x5a942d7e (rc=VINF_SUCCESS)
29512ec.17fc: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
29612ec.17fc: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
29712ec.17fc: supR3HardNtChildPurify: Done after 559 ms and 0 fixes (loop #0).
29812ec.17fc: supR3HardenedEarlyCompact: Removed heap 1 (0x2a0000 LB 0x400000)
29912ec.17fc: supR3HardNtEnableThreadCreation:
30014c.1510: Log file opened: 5.2.8r121009 g_hStartupLog=00000004 g_uNtVerCombined=0x60177200
30114c.1510: supR3HardenedVmProcessInit: uNtDllAddr=772f0000 g_uNtVerCombined=0x60177200
30214c.1510: ntdll.dll: timestamp 0x4cb73436 (rc=VINF_SUCCESS)
30314c.1510: New simple heap: #1 002e0000 LB 0x400000 (for 1212416 allocation)
30414c.1510: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
30514c.1510: System32: \Device\HarddiskVolume2\Windows\System32
30614c.1510: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
30714c.1510: KnownDllPath: C:\Windows\system32
30814c.1510: supR3HardenedVmProcessInit: Opening vboxdrv...
30914c.1510: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
31014c.1510: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
31114c.1510: Registered Dll notification callback with NTDLL.
31214c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
31314c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
31414c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000:<flags> [calling]
31514c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
31614c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
31714c.1510: supR3HardenedDllNotificationCallback: load 76010000 LB 0x000dc000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
31814c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
31914c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76010000 'C:\Windows\system32\kernel32.dll'
32014c.1510: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77331500 pvNtTerminateThread=77355354
32112ec.17fc: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 112 ms.
32214c.1510: \SystemRoot\System32\ntdll.dll:
32314c.1510: CreationTime: 2018-03-27T20:09:37.799125200Z
32414c.1510: LastWriteTime: 2010-10-15T13:48:59.897528200Z
32514c.1510: ChangeTime: 2018-03-28T15:58:42.801153500Z
32614c.1510: FileAttributes: 0x20
32714c.1510: Size: 0x126358
32814c.1510: NT Headers: 0xd0
32914c.1510: Timestamp: 0x4cb73436
33014c.1510: Machine: 0x14c - i386
33114c.1510: Timestamp: 0x4cb73436
33214c.1510: Image Version: 6.0
33314c.1510: SizeOfImage: 0x128000 (1212416)
33414c.1510: Resource Dir: 0xd0000 LB 0x52be0
33514c.1510: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
33614c.1510: [Raw version resource data: 0xd00f0 LB 0x380, codepage 0x0 (reserved 0x0)]
33714c.1510: ProductName: Microsoft® Windows® Operating System
33814c.1510: ProductVersion: 6.0.6002.18327
33914c.1510: FileVersion: 6.0.6002.18327 (vistasp2_gdr.101014-0432)
34014c.1510: FileDescription: NT Layer DLL
34114c.1510: \SystemRoot\System32\kernel32.dll:
34214c.1510: CreationTime: 2018-03-27T19:18:05.897525200Z
34314c.1510: LastWriteTime: 2011-04-12T16:07:38.431000000Z
34414c.1510: ChangeTime: 2018-03-28T15:59:19.258353500Z
34514c.1510: FileAttributes: 0x20
34614c.1510: Size: 0xd9e00
34714c.1510: NT Headers: 0xe8
34814c.1510: Timestamp: 0x4da47967
34914c.1510: Machine: 0x14c - i386
35014c.1510: Timestamp: 0x4da47967
35114c.1510: Image Version: 6.0
35214c.1510: SizeOfImage: 0xdc000 (901120)
35314c.1510: Resource Dir: 0xd1000 LB 0x528
35414c.1510: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
35514c.1510: [Raw version resource data: 0xd10b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
35614c.1510: ProductName: Microsoft® Windows® Operating System
35714c.1510: ProductVersion: 6.0.6002.18449
35814c.1510: FileVersion: 6.0.6002.18449 (vistasp2_gdr.110412-0338)
35914c.1510: FileDescription: Windows NT BASE API Client DLL
36014c.1510: NtOpenDirectoryObject failed on \Driver: 0xc0000022
36114c.1510: supR3HardenedWinFindAdversaries: 0x20
36214c.1510: \SystemRoot\System32\drivers\mfeavfk.sys:
36314c.1510: CreationTime: 2008-07-01T15:09:15.112880500Z
36414c.1510: LastWriteTime: 2007-07-24T06:40:36.000000000Z
36514c.1510: ChangeTime: 2018-03-18T08:37:35.446403500Z
36614c.1510: FileAttributes: 0x20
36714c.1510: Size: 0x135c8
36814c.1510: NT Headers: 0xf0
36914c.1510: Timestamp: 0x469baed6
37014c.1510: Machine: 0x14c - i386
37114c.1510: Timestamp: 0x469baed6
37214c.1510: Image Version: 0.0
37314c.1510: SizeOfImage: 0x11b80 (72576)
37414c.1510: Resource Dir: 0x10ca0 LB 0x388
37514c.1510: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
37614c.1510: [Raw version resource data: 0x10d00 LB 0x328, codepage 0x0 (reserved 0x0)]
37714c.1510: ProductName: SYSCORE.14.0.0.284.x86
37814c.1510: FileVersion: SYSCORE.14.0.0.284.x86
37914c.1510: PrivateBuild: SYSCORE.14.0.0.284.x86 F15,F16,F19
38014c.1510: FileDescription: Anti-Virus File System Filter Driver
38114c.1510: \SystemRoot\System32\drivers\mfehidk.sys:
38214c.1510: CreationTime: 2008-07-01T15:09:14.956880500Z
38314c.1510: LastWriteTime: 2007-07-21T08:08:24.000000000Z
38414c.1510: ChangeTime: 2018-03-18T08:37:35.446403500Z
38514c.1510: FileAttributes: 0x20
38614c.1510: Size: 0x31248
38714c.1510: NT Headers: 0xf8
38814c.1510: Timestamp: 0x469bae34
38914c.1510: Machine: 0x14c - i386
39014c.1510: Timestamp: 0x469bae34
39114c.1510: Image Version: 0.0
39214c.1510: SizeOfImage: 0x2f800 (194560)
39314c.1510: Resource Dir: 0x2c980 LB 0x398
39414c.1510: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
39514c.1510: [Raw version resource data: 0x2c9e0 LB 0x338, codepage 0x0 (reserved 0x0)]
39614c.1510: ProductName: SYSCORE.14.0.0.284.x86
39714c.1510: FileVersion: SYSCORE.14.0.0.284.x86
39814c.1510: PrivateBuild: SYSCORE.14.0.0.284.x86 F14,F15,F16,F18,F20
39914c.1510: FileDescription: Host Intrusion Detection Link Driver
40014c.1510: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
40114c.1510: Calling main()
40214c.1510: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
40314c.1510: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
40414c.1510: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
40514c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
40614c.1510: SUPR3HardenedMain: Final process, opening VBoxDrv...
40714c.1510: supR3HardenedEarlyCompact: Removed heap 1 (0x2e0000 LB 0x400000)
40814c.1510: supR3HardNtEnableThreadCreation:
40914c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
41014c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
41114c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d2538:C:\Windows\system32 [calling]
41214c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
41314c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
41414c.1510: supR3HardenedDllNotificationCallback: load 73350000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
41514c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
41614c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
41714c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d2790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
41814c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73350000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
41914c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
42014c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d2790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
42114c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73350000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
42214c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73350000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
42314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
42414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'crypt32.dll'.
42514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
42614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
42714c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msasn1.dll'.
42814c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'imagehlp.dll'.
42914c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
43014c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
43114c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
43214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
43314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
43414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
43514c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
43614c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
43714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imagehlp.dll'...
43814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'imagehlp.dll' -> '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll' [rcNtRedir=0xc0150008]
43914c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
44014c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
44114c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
44214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
44314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
44414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
44514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
44614c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
44714c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
44814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
44914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
45014c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
45114c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
45214c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
45314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
45414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
45514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
45614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
45714c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
45814c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
45914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
46014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
46114c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'advapi32.dll'.
46214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
46314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
46414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
46514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
46614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'userenv.dll'.
46714c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
46814c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
46914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
47014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
47114c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
47214c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
47314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
47414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume2\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
47514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
47614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
47714c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'secur32.dll'.
47814c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
47914c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
48014c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
48114c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
48214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
48314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
48414c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
48514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
48614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
48714c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
48814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
48914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
49014c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
49114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
49214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
49314c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
49414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
49514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
49614c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
49714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
49814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
49914c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
50014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
50114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
50214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
50314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
50414c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
50514c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
50614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
50714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
50814c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
50914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
51014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
51114c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
51214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
51314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
51414c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
51514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
51614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
51714c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
51814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
51914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
52014c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
52114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
52214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
52314c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
52414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
52514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
52614c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
52714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
52814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
52914c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
53014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
53114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
53214c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
53314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'secur32.dll'...
53414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'secur32.dll' -> '\Device\HarddiskVolume2\Windows\System32\secur32.dll' [rcNtRedir=0xc0150008]
53514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
53614c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\secur32.dll)
53714c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\secur32.dll
53814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
53914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
54014c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
54114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
54214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
54314c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
54414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
54514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
54614c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
54714c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d2538:C:\Windows\system32 [calling]
54814c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
54914c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
55014c.1510: supR3HardenedDllNotificationCallback: load 74ab0000 LB 0x0002d000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
55114c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
55214c.1510: supR3HardenedDllNotificationCallback: load 75ae0000 LB 0x000aa000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
55314c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
55414c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
55514c.1510: supR3HardenedDllNotificationCallback: load 75520000 LB 0x000f2000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
55614c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
55714c.1510: supR3HardenedDllNotificationCallback: load 75c20000 LB 0x000c6000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
55814c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
55914c.1510: supR3HardenedDllNotificationCallback: load 765b0000 LB 0x000c3000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
56014c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
56114c.1510: supR3HardenedDllNotificationCallback: load 76730000 LB 0x0009d000 C:\Windows\system32\USER32.dll [fFlags=0x0]
56214c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
56314c.1510: supR3HardenedDllNotificationCallback: load 75e00000 LB 0x0004b000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
56414c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
56514c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
56614c.1510: supR3HardenedDllNotificationCallback: load 75310000 LB 0x00012000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
56714c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
56814c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
56914c.1510: supR3HardenedDllNotificationCallback: load 75870000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
57014c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
57114c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\secur32.dll [lacks WinVerifyTrust]
57214c.1510: supR3HardenedDllNotificationCallback: load 75850000 LB 0x00014000 C:\Windows\system32\Secur32.dll [fFlags=0x0]
57314c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\secur32.dll [lacks WinVerifyTrust]
57414c.1510: supR3HardenedDllNotificationCallback: load 77430000 LB 0x00029000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
57514c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
57614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
57714c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
57814c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
57914c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msctf.dll'.
58014c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
58114c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
58214c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
58314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
58414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
58514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
58614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
58714c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
58814c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
58914c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'imm32.dll'.
59014c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
59114c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
59214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
59314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
59414c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
59514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
59614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
59714c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
59814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
59914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
60014c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
60114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
60214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
60314c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
60414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
60514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
60614c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
60714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
60814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
60914c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
61014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
61114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
61214c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
61314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
61414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
61514c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
61614c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d2ba0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
61714c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
61814c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
61914c.1510: supR3HardenedDllNotificationCallback: load 764c0000 LB 0x0001e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
62014c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
62114c.1510: supR3HardenedDllNotificationCallback: load 77480000 LB 0x000c8000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
62214c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
62314c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=764c0000 'C:\Windows\system32\IMM32.DLL'
62414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
62514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
62614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'usp10.dll'.
62714c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
62814c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
62914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
63014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
63114c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
63214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
63314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
63414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
63514c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
63614c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
63714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
63814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
63914c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
64014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
64114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
64214c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
64314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
64414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
64514c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
64614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
64714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
64814c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
64914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
65014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
65114c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
65214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
65314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
65414c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
65514c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\LPK.DLL (Input=LPK.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007ea560:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
65614c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
65714c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
65814c.1510: supR3HardenedDllNotificationCallback: load 77420000 LB 0x00009000 C:\Windows\system32\LPK.DLL [fFlags=0x0]
65914c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
66014c.1510: supR3HardenedDllNotificationCallback: load 764e0000 LB 0x0007d000 C:\Windows\system32\USP10.dll [fFlags=0x0]
66114c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
66214c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
66314c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007ea770:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
66414c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75e00000 'C:\Windows\system32\gdi32.dll'
66514c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77420000 'C:\Windows\system32\LPK.DLL'
66614c.1510: \Device\HarddiskVolume2\Program Files\Google\Google Desktop Search\GOEC62~1.DLL: Owner is administrators group.
66714c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
66814c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
66914c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
67014c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Program Files\Google\Google Desktop Search\GOEC62~1.DLL)
67114c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Google\Google Desktop Search\GOEC62~1.DLL
67214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
67314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
67414c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
67514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
67614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
67714c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
67814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
67914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
68014c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
68114c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
68214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
68314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
68414c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll)
68514c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
68614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
68714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
68814c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)
68914c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
69014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
69114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
69214c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
69314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
69414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
69514c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
69614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
69714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
69814c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
69914c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007eafe8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
70014c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Program Files\Google\Google Desktop Search\GOEC62~1.DLL [lacks WinVerifyTrust]
70114c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Program Files\Google\Google Desktop Search\GOEC62~1.DLL [lacks WinVerifyTrust]
70214c.1510: supR3HardenedDllNotificationCallback: load 48000000 LB 0x0001f000 C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL [fFlags=0x0]
70314c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Program Files\Google\Google Desktop Search\GOEC62~1.DLL [lacks WinVerifyTrust]
70414c.1510: supR3HardenedDllNotificationCallback: load 76680000 LB 0x0002d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
70514c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll [lacks WinVerifyTrust]
70614c.1510: supR3HardenedDllNotificationCallback: load 77470000 LB 0x00006000 C:\Windows\system32\NSI.dll [fFlags=0x0]
70714c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust]
70814c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
70914c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d2b90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
71014c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=765b0000 'C:\Windows\system32\rpcrt4.dll'
71114c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
71214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
71314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
71414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
71514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'wldap32.dll'.
71614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'samlib.dll'.
71714c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
71814c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ntmarta.dll)
71914c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntmarta.dll
72014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
72114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
72214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
72314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
72414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
72514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
72614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
72714c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ole32.dll)
72814c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
72914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'samlib.dll'...
73014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'samlib.dll' -> '\Device\HarddiskVolume2\Windows\System32\samlib.dll' [rcNtRedir=0xc0150008]
73114c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
73214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
73314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
73414c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\samlib.dll)
73514c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\samlib.dll
73614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
73714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
73814c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
73914c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
74014c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
74114c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'psapi.dll'.
74214c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
74314c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
74414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
74514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
74614c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
74714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
74814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
74914c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
75014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
75114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
75214c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
75314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
75414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
75514c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
75614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
75714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
75814c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\psapi.dll)
75914c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\psapi.dll
76014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
76114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
76214c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll [lacks WinVerifyTrust]
76314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
76414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
76514c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
76614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
76714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
76814c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
76914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
77014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
77114c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
77214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
77314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
77414c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
77514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
77614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
77714c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
77814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
77914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
78014c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
78114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
78214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
78314c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
78414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
78514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
78614c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
78714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
78814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
78914c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
79014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
79114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
79214c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
79314c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\NTMARTA.DLL (Input=NTMARTA.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007ecb58:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
79414c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ntmarta.dll [lacks WinVerifyTrust]
79514c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ntmarta.dll [lacks WinVerifyTrust]
79614c.1510: supR3HardenedDllNotificationCallback: load 75820000 LB 0x00021000 C:\Windows\system32\NTMARTA.DLL [fFlags=0x0]
79714c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ntmarta.dll [lacks WinVerifyTrust]
79814c.1510: supR3HardenedDllNotificationCallback: load 76560000 LB 0x00049000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
79914c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
80014c.1510: supR3HardenedDllNotificationCallback: load 759b0000 LB 0x00007000 C:\Windows\system32\PSAPI.DLL [fFlags=0x0]
80114c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\psapi.dll [lacks WinVerifyTrust]
80214c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\samlib.dll [lacks WinVerifyTrust]
80314c.1510: supR3HardenedDllNotificationCallback: load 75800000 LB 0x00011000 C:\Windows\system32\SAMLIB.dll [fFlags=0x0]
80414c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\samlib.dll [lacks WinVerifyTrust]
80514c.1510: supR3HardenedDllNotificationCallback: load 762e0000 LB 0x00145000 C:\Windows\system32\ole32.dll [fFlags=0x0]
80614c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ole32.dll [lacks WinVerifyTrust]
80714c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75820000 'C:\Windows\system32\NTMARTA.DLL'
80814c.1510: supR3HardenedDllNotificationCallback: Unload 48000000 LB 0x0001f000 C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL [flags=0x0]
80914c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000142 'C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL'
81014c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
81114c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007f36c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
81214c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75520000 'C:\Windows\system32\CRYPT32.dll'
81314c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
81414c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007f3ec0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
81514c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75520000 'C:\Windows\system32\CRYPT32.dll'
81614c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
81714c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007f3ec0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
81814c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75520000 'C:\Windows\system32\CRYPT32.dll'
81914c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
82014c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007f3ec0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
82114c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75520000 'C:\Windows\system32\CRYPT32.dll'
82214c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
82314c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007f3ec0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
82414c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75520000 'C:\Windows\system32\CRYPT32.dll'
82514c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
82614c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007f3ec0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
82714c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75520000 'C:\Windows\system32\CRYPT32.dll'
82814c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
82914c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75520000 'C:\Windows\system32\CRYPT32.dll'
83014c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74ab0000 'C:\Windows\system32\Wintrust.dll'
83114c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
83214c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
83314c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
83414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
83514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
83614c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
83714c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007f5560:C:\Windows\system32 [calling]
83814c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
83914c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
84014c.1510: supR3HardenedDllNotificationCallback: load 752c0000 LB 0x00045000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
84114c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
84214c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=752c0000 'C:\Windows\system32\bcrypt.dll'
84314c.1510: bcrypt.dll loaded at 752c0000, BCryptOpenAlgorithmProvider at 752c3e82, preloading providers:
84414c.1510: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=007f66e8)
84514c.1510: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=007f6788)
84614c.1510: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=007f6828)
84714c.1510: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=007f68c8)
84814c.1510: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=007f6a08)
84914c.1510: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=007f6aa8)
85014c.1510: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=007f6968)
85114c.1510: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=007f6c08)
85214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
85314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
85414c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
85514c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
85614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
85714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
85814c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
85914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
86014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
86114c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
86214c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (Input=rsaenh.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007f6dc0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
86314c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
86414c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
86514c.1510: supR3HardenedDllNotificationCallback: load 74ba0000 LB 0x0003b000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
86614c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
86714c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74ba0000 'C:\Windows\system32\rsaenh.dll'
86814c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\psapi.dll [lacks WinVerifyTrust]
86914c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\psapi.dll (Input=psapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007fedd8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
87014c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=759b0000 'C:\Windows\system32\psapi.dll'
87114c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
87214c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75c20000 'C:\Windows\system32\advapi32.dll'
87314c.1510: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
87414c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll)
87514c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
87614c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007fedd8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
87714c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=772f0000 'C:\Windows\system32\ntdll.dll'
87814c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
87914c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008004b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
88014c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74ab0000 'C:\Windows\system32\WINTRUST.DLL'
88114c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
88214c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75520000 'C:\Windows\system32\CRYPT32.dll'
88314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
88414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'crypt32.dll'.
88514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'userenv.dll'.
88614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
88714c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
88814c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
88914c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
89014c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
89114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
89214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
89314c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
89414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
89514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
89614c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
89714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
89814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
89914c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
90014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
90114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume2\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
90214c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
90314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
90414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
90514c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
90614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
90714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
90814c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
90914c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00812fa8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
91014c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
91114c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
91214c.1510: supR3HardenedDllNotificationCallback: load 75620000 LB 0x00035000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
91314c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
91414c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75620000 'C:\Windows\system32\ncrypt.dll'
91514c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
91614c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008031b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
91714c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75620000 'C:\Windows\system32\ncrypt.dll'
91814c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
91914c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
92014c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
92114c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
92214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'slc.dll'.
92314c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
92414c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
92514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'slc.dll'...
92614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'slc.dll' -> '\Device\HarddiskVolume2\Windows\System32\slc.dll' [rcNtRedir=0xc0150008]
92714c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
92814c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
92914c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
93014c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\SLC.dll)
93114c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SLC.dll
93214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
93314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
93414c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
93514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
93614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
93714c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
93814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
93914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
94014c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
94114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
94214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
94314c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
94414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
94514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
94614c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
94714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
94814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
94914c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
95014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
95114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
95214c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
95314c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082f210:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
95414c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
95514c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
95614c.1510: supR3HardenedDllNotificationCallback: load 74dc0000 LB 0x00015000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
95714c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
95814c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\SLC.dll [lacks WinVerifyTrust]
95914c.1510: supR3HardenedDllNotificationCallback: load 751f0000 LB 0x0003a000 C:\Windows\system32\slc.dll [fFlags=0x0]
96014c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\SLC.dll [lacks WinVerifyTrust]
96114c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74dc0000 'C:\Windows\system32\GPAPI.dll'
96214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
96314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
96414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'crypt32.dll'.
96514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'wldap32.dll'.
96614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sensapi.dll'.
96714c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shlwapi.dll'.
96814c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
96914c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
97014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
97114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
97214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
97314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
97414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
97514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
97614c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
97714c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
97814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sensapi.dll'...
97914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'sensapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\sensapi.dll' [rcNtRedir=0xc0150008]
98014c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
98114c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
98214c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\SensApi.dll)
98314c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SensApi.dll
98414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
98514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
98614c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
98714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
98814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
98914c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
99014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
99114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
99214c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
99314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
99414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
99514c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
99614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
99714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
99814c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
99914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
100014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
100114c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
100214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
100314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
100414c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
100514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
100614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
100714c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
100814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
100914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
101014c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
101114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
101214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
101314c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
101414c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00845c88:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
101514c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
101614c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
101714c.1510: supR3HardenedDllNotificationCallback: load 6d640000 LB 0x0001b000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
101814c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
101914c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\SensApi.dll [lacks WinVerifyTrust]
102014c.1510: supR3HardenedDllNotificationCallback: load 6f2a0000 LB 0x00006000 C:\Windows\system32\SensApi.dll [fFlags=0x0]
102114c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\SensApi.dll [lacks WinVerifyTrust]
102214c.1510: supR3HardenedDllNotificationCallback: load 76280000 LB 0x00059000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
102314c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
102414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
102514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
102614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
102714c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'shlwapi.dll'.
102814c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
102914c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll)
103014c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
103114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
103214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
103314c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
103414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
103514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
103614c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
103714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
103814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
103914c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
104014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
104114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
104214c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
104314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
104414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
104514c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
104614c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00846780:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
104714c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll [lacks WinVerifyTrust]
104814c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll [lacks WinVerifyTrust]
104914c.1510: supR3HardenedDllNotificationCallback: load 748a0000 LB 0x0019e000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll [fFlags=0x0]
105014c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll [lacks WinVerifyTrust]
105114c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=748a0000 'C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll'
105214c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
105314c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00847100:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
105414c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d640000 'C:\Windows\system32\cryptnet.dll'
105514c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
105614c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00847100:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
105714c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d640000 'C:\Windows\system32\cryptnet.dll'
105814c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
105914c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00847100:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
106014c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d640000 'C:\Windows\system32\cryptnet.dll'
106114c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
106214c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00847100:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
106314c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d640000 'C:\Windows\system32\cryptnet.dll'
106414c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
106514c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00847100:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
106614c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d640000 'C:\Windows\system32\cryptnet.dll'
106714c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
106814c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d640000 'C:\Windows\system32\cryptnet.dll'
106914c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
107014c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d640000 'C:\Windows\system32\cryptnet.dll'
107114c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
107214c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d640000 'C:\Windows\system32\cryptnet.dll'
107314c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
107414c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d640000 'C:\Windows\system32\cryptnet.dll'
107514c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
107614c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d640000 'C:\Windows\system32\cryptnet.dll'
107714c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
107814c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d640000 'C:\Windows\system32\cryptnet.dll'
107914c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d640000 'C:\Windows\system32\cryptnet.dll'
108014c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
108114c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
108214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
108314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
108414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'shlwapi.dll'.
108514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
108614c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shell32.dll)
108714c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
108814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
108914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
109014c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
109114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
109214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
109314c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
109414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
109514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
109614c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
109714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
109814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
109914c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
110014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
110114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
110214c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
110314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
110414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
110514c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
110614c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHELL32.dll (Input=SHELL32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00847100:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
110714c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust]
110814c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust]
110914c.1510: supR3HardenedDllNotificationCallback: load 767d0000 LB 0x00b11000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
111014c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust]
111114c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll [lacks WinVerifyTrust]
111214c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00847758:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
111314c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=748a0000 'C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll'
111414c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll [lacks WinVerifyTrust]
111514c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00847850:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
111614c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=748a0000 'C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll'
111714c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\SHELL32.dll'
111814c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ole32.dll [lacks WinVerifyTrust]
111914c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008497d8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
112014c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=762e0000 'C:\Windows\system32\ole32.dll'
112114c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
112214c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008477d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
112314c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75870000 'C:\Windows\system32\USERENV.dll'
112414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
112514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
112614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
112714c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'psapi.dll'.
112814c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\netapi32.dll)
112914c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\netapi32.dll
113014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
113114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
113214c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\psapi.dll [lacks WinVerifyTrust]
113314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
113414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
113514c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
113614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
113714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
113814c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
113914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
114014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
114114c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
114214c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\NETAPI32.dll (Input=NETAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00847100:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
114314c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\netapi32.dll [lacks WinVerifyTrust]
114414c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\netapi32.dll [lacks WinVerifyTrust]
114514c.1510: supR3HardenedDllNotificationCallback: load 75660000 LB 0x00076000 C:\Windows\system32\NETAPI32.dll [fFlags=0x0]
114614c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\netapi32.dll [lacks WinVerifyTrust]
114714c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75660000 'C:\Windows\system32\NETAPI32.dll'
114814c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
114914c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008477d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
115014c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75870000 'C:\Windows\system32\USERENV.dll'
115114c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
115214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
115314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
115414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
115514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
115614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
115714c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll)
115814c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
115914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
116014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
116114c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
116214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
116314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
116414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
116514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
116614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
116714c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll)
116814c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
116914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
117014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
117114c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
117214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
117314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
117414c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
117514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
117614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
117714c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
117814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
117914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
118014c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
118114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
118214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
118314c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
118414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
118514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
118614c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
118714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
118814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
118914c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
119014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
119114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
119214c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
119314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
119414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
119514c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
119614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
119714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
119814c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
119914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
120014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
120114c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ole32.dll [lacks WinVerifyTrust]
120214c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\setupapi.dll (Input=setupapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00849428:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
120314c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [lacks WinVerifyTrust]
120414c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [lacks WinVerifyTrust]
120514c.1510: supR3HardenedDllNotificationCallback: load 760f0000 LB 0x0018a000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
120614c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [lacks WinVerifyTrust]
120714c.1510: supR3HardenedDllNotificationCallback: load 76430000 LB 0x0008d000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
120814c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll [lacks WinVerifyTrust]
120914c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=760f0000 'C:\Windows\system32\setupapi.dll'
121014c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
121114c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
121214c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cabinet.dll)
121314c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cabinet.dll
121414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
121514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
121614c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ole32.dll [lacks WinVerifyTrust]
121714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
121814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
121914c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
122014c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Cabinet.dll (Input=Cabinet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00847100:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
122114c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cabinet.dll [lacks WinVerifyTrust]
122214c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cabinet.dll [lacks WinVerifyTrust]
122314c.1510: supR3HardenedDllNotificationCallback: load 730b0000 LB 0x00015000 C:\Windows\system32\Cabinet.dll [fFlags=0x0]
122414c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cabinet.dll [lacks WinVerifyTrust]
122514c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=730b0000 'C:\Windows\system32\Cabinet.dll'
122614c.1510: supR3HardenedDllNotificationCallback: Unload 760f0000 LB 0x0018a000 C:\Windows\system32\setupapi.dll [flags=0x0]
122714c.1510: supR3HardenedDllNotificationCallback: Unload 76430000 LB 0x0008d000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
122814c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
122914c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d640000 'C:\Windows\system32\cryptnet.dll'
123014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000 pwszName=\SystemRoot\System32\ntdll.dll
123114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: New context 007f1658
123214c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
123314c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FF3535799C51EB44CD83404949908B76DF91F6DB
123414c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_6_for_KB2393802~31bf3856ad364e35~x86~~6.0.1.3.cat'; file='\SystemRoot\System32\ntdll.dll'
123514c.1510: g_pfnWinVerifyTrust=74ab3428
123614c.1510: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
123714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000ec pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
123814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
123914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
124014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6F7B0D4323581E660C11511C260C4FBFF94DCD5B
124114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
124214c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
124314c.1510: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
124414c.1510: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
124514c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
124614c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
124714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
124814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C0F63A903A98FF6A9032B2073360C3D229D092DF
124914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB978601~31bf3856ad364e35~x86~~6.0.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
125014c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
125114c.1510: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
125214c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000454 pwszName=\Device\HarddiskVolume2\Windows\System32\cabinet.dll
125314c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
125414c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
125514c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E611AD13DD4A53E14526E51AA2EB858B6B9D57F
125614c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.cat'; file='\Device\HarddiskVolume2\Windows\System32\cabinet.dll'
125714c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
125814c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cabinet.dll'
125914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000440 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
126014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
126114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
126214c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C558DDE5582A72FE2DEB0C9F94C40B519C7A9B0D
126314c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2476490~31bf3856ad364e35~x86~~6.0.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
126414c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
126514c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
126614c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000434 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
126714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
126814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
126914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=641561B00DC41E3AD71E274BA2145275F0211E92
127014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
127114c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
127214c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
127314c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000041c pwszName=\Device\HarddiskVolume2\Windows\System32\netapi32.dll
127414c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
127514c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
127614c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E84BD01474D369B14701D687932A14CC61D8FB8B
127714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\netapi32.dll'
127814c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
127914c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\netapi32.dll'
128014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000003ec pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
128114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
128214c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
128314c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BF550864F519612984C66700EF7F60432C966806
128414c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2483185~31bf3856ad364e35~x86~~6.0.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
128514c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
128614c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll'
128714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000003d8 pwszName=\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
128814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
128914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
129014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=35C0962CF759B3B3659D66723F630C7482957CE2
129114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2296011~31bf3856ad364e35~x86~~6.0.1.3.cat'; file='\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll'
129214c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
129314c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll'
129414c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000003c8 pwszName=\Device\HarddiskVolume2\Windows\System32\SensApi.dll
129514c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
129614c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
129714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3B41EE7BB0EBB266C5891A2EC2B303B4835F69F5
129814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume2\Windows\System32\SensApi.dll'
129914c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
130014c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SensApi.dll'
130114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000003c4 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
130214c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
130314c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
130414c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66F873C89A72D8FEE80463F760740BF03B43F4E5
130514c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2483185~31bf3856ad364e35~x86~~6.0.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
130614c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
130714c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
130814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000003c0 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
130914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
131014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
131114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=532D5E3F9709C5E16AD9FD4D08AA5349626D125E
131214c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
131314c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
131414c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
131514c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000002e0 pwszName=\Device\HarddiskVolume2\Windows\System32\SLC.dll
131614c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
131714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
131814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1328E3A55E3BC9F880665E0EE187DB6F12668091
131914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\SLC.dll'
132014c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
132114c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SLC.dll'
132214c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000002dc pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
132314c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
132414c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
132514c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CECA98D06B01D1B0375515D3C03E461D00DA2A71
132614c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
132714c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
132814c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
132914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000248 pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
133014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
133114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
133214c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=33DCD9DDD628373850CB286105CEA8D12CCEDEAF
133314c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
133414c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
133514c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
133614c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntdll.dll'
133714c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
133814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001e8 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
133914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
134014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
134114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=45AA3F104A9030AAA77B62E76F282F3A7DC474FA
134214c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
134314c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
134414c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
134514c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000184 pwszName=\Device\HarddiskVolume2\Windows\System32\psapi.dll
134614c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
134714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
134814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C2C462C2A700D41B0B6D3E0058280EBA5049E2DF
134914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume2\Windows\System32\psapi.dll'
135014c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
135114c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\psapi.dll'
135214c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000180 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
135314c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
135414c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
135514c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4DA3D5AF5FE3732E7846F48830ABEFCD2E513DA4
135614c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
135714c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
135814c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
135914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000017c pwszName=\Device\HarddiskVolume2\Windows\System32\samlib.dll
136014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
136114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
136214c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BF6E1C33CE180F908D113062679C18C695673BCA
136314c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\samlib.dll'
136414c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
136514c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\samlib.dll'
136614c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000174 pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
136714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
136814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
136914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=400C8C14D24E9AB9F3076B56ECE11705127C74D1
137014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_8_for_KB979687~31bf3856ad364e35~x86~~6.0.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
137114c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
137214c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ole32.dll'
137314c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000178 pwszName=\Device\HarddiskVolume2\Windows\System32\ntmarta.dll
137414c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
137514c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
137614c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0D049B7CE7658FD351F0E9F31FCF5FD934966175
137714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntmarta.dll'
137814c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
137914c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntmarta.dll'
138014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000013c pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
138114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
138214c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
138314c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28799D3F50281C7B616DBC7F6635BC5F3991F3C
138414c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
138514c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
138614c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\nsi.dll'
138714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000138 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
138814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
138914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
139014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F7186185261A4CEF974384C1E629BF91E444F236
139114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
139214c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
139314c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
139414c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000134 pwszName=\Device\HarddiskVolume2\Program Files\Google\Google Desktop Search\GOEC62~1.DLL
139514c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
139614c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
139714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C0CC173DD605BB8AFCBA5725B25702DAB6374B9F
139814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
139914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: New context 007f1658
140014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
140114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C0CC173DD605BB8AFCBA5725B25702DAB6374B9F
140214c.1510: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
140314c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
140414c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Google\Google Desktop Search\GOEC62~1.DLL'
140514c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000012c pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
140614c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
140714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
140814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A6B87D28C569B5F001EACDBA146D425B1FBA4477
140914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB981322~31bf3856ad364e35~x86~~6.0.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
141014c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
141114c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
141214c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000128 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
141314c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
141414c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
141514c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9E4721D9BF2AD6136FEABE540CE0786DD1C67E85
141614c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2507618~31bf3856ad364e35~x86~~6.0.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
141714c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
141814c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
141914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000010c pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
142014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
142114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
142214c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4CA6C83A93BF839C1EDA0F0DCD4EB6E5BC4082D7
142314c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
142414c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
142514c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
142614c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000110 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
142714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
142814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
142914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=141BE7DBBE80C24F35BE31B8CB35950CA1CFDFC8
143014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
143114c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
143214c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
143314c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000fc pwszName=\Device\HarddiskVolume2\Windows\System32\secur32.dll
143414c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
143514c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
143614c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8EB32246B274867F030E4718F18052C87F3250A7
143714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB975467~31bf3856ad364e35~x86~~6.0.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\secur32.dll'
143814c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
143914c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\secur32.dll'
144014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000f8 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
144114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
144214c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
144314c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EAA8A47531DCB5DF61076BACE46A53BA796A9273
144414c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
144514c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
144614c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
144714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000f4 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
144814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
144914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
145014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D57D0C824328DDDBF8DDB3AF8805D546C083069E
145114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
145214c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
145314c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
145414c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000f0 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
145514c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
145614c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
145714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8CCF37979CF416BB75494D62213CC930137296D9
145814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
145914c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
146014c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
146114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000e8 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
146214c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
146314c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
146414c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C598BF1BAEAFFA0C758D08B6D004BA120BA2680
146514c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
146614c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
146714c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
146814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
146914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
147014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
147114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0CF2D3399816685DD64EF14614CF8487FBC369D6
147214c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
147314c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
147414c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
147514c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
147614c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
147714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
147814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6AC440C819CED7F29F5887C1C6708A4E84B86A31
147914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB974571~31bf3856ad364e35~x86~~6.0.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
148014c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
148114c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
148214c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
148314c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
148414c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
148514c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8FF927E8E649D4E7EC3728F864C15E6E83956BDC
148614c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
148714c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
148814c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
148914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
149014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
149114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
149214c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=820910CD57150547DA50DC0DBBE876D9B47EBF61
149314c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB970238~31bf3856ad364e35~x86~~6.0.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
149414c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
149514c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
149614c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
149714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000001c pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
149814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
149914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
150014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0C769FE5C84C7D7EBF555E1D8E7903636F7DE02F
150114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2533623~31bf3856ad364e35~x86~~6.0.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
150214c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
150314c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
150414c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75520000 'C:\Windows\system32\crypt32.dll'
150514c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
150614c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
150714c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
150814c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
150914c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
151014c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
151114c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
151214c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
151314c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
151414c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
151514c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
151614c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
151714c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
151814c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
151914c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
152014c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
152114c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
152214c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
152314c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
152414c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
152514c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
152614c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
152714c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
152814c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
152914c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
153014c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
153114c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
153214c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
153314c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
153414c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
153514c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
153614c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
153714c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
153814c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
153914c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
154014c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
154114c.1510: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=36
154214c.1510: SUPR3HardenedMain: Load Runtime...
154314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
154414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
154514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
154614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
154714c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
154814c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
154914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
155014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
155114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
155214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
155314c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
155414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
155514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
155614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
155714c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
155814c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
155914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
156014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
156114c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
156214c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
156314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
156414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
156514c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
156614c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00837758:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
156714c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
156814c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
156914c.1510: supR3HardenedDllNotificationCallback: load 68740000 LB 0x00478000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
157014c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
157114c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
157214c.1510: supR3HardenedDllNotificationCallback: load 6bd60000 LB 0x000bf000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
157314c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
157414c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
157514c.1510: supR3HardenedDllNotificationCallback: load 6a450000 LB 0x00069000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
157614c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
157714c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
157814c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=012d7ad0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
157914c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
158014c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
158114c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=012d7ad0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
158214c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
158314c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
158414c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=012d7ad0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
158514c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
158614c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
158714c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=012d7ad0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
158814c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
158914c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
159014c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=012d7ad0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
159114c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
159214c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
159314c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
159414c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
159514c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
159614c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
159714c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
159814c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
159914c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
160014c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=012d7ad0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
160114c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
160214c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
160314c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
160414c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
160514c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
160614c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
160714c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
160814c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
160914c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
161014c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
161114c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
161214c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
161314c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
161414c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
161514c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
161614c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
161714c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
161814c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=012d7ad0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
161914c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
162014c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
162114c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
162214c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
162314c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
162414c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
162514c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0085ecf8:C:\Windows\system32 [calling]
162614c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74ab0000 'C:\Windows\system32\Wintrust.dll'
162714c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75520000 'C:\Windows\system32\crypt32.dll'
162814c.1510: SUPR3HardenedMain: Load TrustedMain...
162914c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
163014c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
163114c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
163214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
163314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
163414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
163514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
163614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
163714c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5printsupportvbox.dll'.
163814c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5openglvbox.dll'.
163914c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'user32.dll'.
164014c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'advapi32.dll'.
164114c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'shell32.dll'.
164214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'ole32.dll'.
164314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
164414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
164514c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
164614c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
164714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
164814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
164914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004f4 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
165014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
165114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
165214c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EBDA0D97E1AD6F79767E167835AECCE0B7F7B3ED
165314c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
165414c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
165514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
165614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
165714c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
165814c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
165914c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
166014c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
166114c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'oleacc.dll'.
166214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'rpcrt4.dll'.
166314c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
166414c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
166514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
166614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
166714c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
166814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
166914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
167014c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
167114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
167214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
167314c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
167414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
167514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
167614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
167714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
167814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
167914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
168014c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
168114c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
168214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
168314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
168414c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
168514c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
168614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
168714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
168814c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
168914c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
169014c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
169114c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
169214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
169314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
169414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
169514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
169614c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
169714c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
169814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
169914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
170014c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
170114c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
170214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
170314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
170414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
170514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
170614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
170714c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
170814c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
170914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
171014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
171114c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
171214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
171314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
171414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
171514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
171614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
171714c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
171814c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust
171914c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
172014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
172114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
172214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
172314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
172414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
172514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
172614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
172714c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
172814c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
172914c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
173014c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) WinVerifyTrust
173114c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
173214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
173314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
173414c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
173514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
173614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
173714c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
173814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
173914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
174014c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
174114c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
174214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
174314c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
174414c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
174514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
174614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
174714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
174814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
174914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000051c pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
175014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
175114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
175214c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9FFE8DD93F4B7C85D01E0C821A4AEE883FB8E9F0
175314c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
175414c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
175514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
175614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
175714c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
175814c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
175914c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
176014c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
176114c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
176214c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
176314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
176414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
176514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
176614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
176714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000510 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
176814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
176914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
177014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2DC0A2208075D8D770A49D428C496335A9493681
177114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
177214c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
177314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
177414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
177514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'dciman32.dll'.
177614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
177714c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
177814c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'setupapi.dll'.
177914c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'dwmapi.dll'.
178014c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
178114c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
178214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
178314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
178414c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000524 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
178514c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
178614c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
178714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=92E78F25B68780C5A3083490E5F5D1D892FA5859
178814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
178914c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
179014c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
179114c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
179214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
179314c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
179414c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
179514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
179614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
179714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
179814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
179914c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
180014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
180114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
180214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
180314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
180414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
180514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
180614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
180714c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
180814c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
180914c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
181014c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
181114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
181214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
181314c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
181414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
181514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
181614c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
181714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
181814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
181914c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
182014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
182114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
182214c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000520 pwszName=\Device\HarddiskVolume2\Windows\System32\mpr.dll
182314c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
182414c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
182514c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=365BC38FF0354C92194B4B9C03D3E47D8ACAEA2F
182614c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\mpr.dll'
182714c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
182814c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
182914c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
183014c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll) WinVerifyTrust
183114c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
183214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
183314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
183414c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
183514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
183614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
183714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
183814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
183914c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
184014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
184114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
184214c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
184314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
184414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
184514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
184614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
184714c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
184814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
184914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
185014c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
185114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
185214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
185314c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
185414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
185514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
185614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
185714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
185814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
185914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
186014c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
186114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
186214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
186314c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
186414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
186514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
186614c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
186714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
186814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
186914c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
187014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
187114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
187214c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
187314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
187414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
187514c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
187614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
187714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
187814c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
187914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
188014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
188114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
188214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
188314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
188414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
188514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
188614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
188714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000540 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
188814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
188914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
189014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=457D31445169107D4861265C9C3E19B639F927EF
189114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
189214c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
189314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
189414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shlwapi.dll'.
189514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
189614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
189714c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
189814c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comctl32.dll'.
189914c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'shell32.dll'.
190014c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
190114c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
190214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
190314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
190414c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000538 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
190514c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
190614c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
190714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1CD4382B047CE70B406FD191C1C3A2B7759C357F
190814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_23_for_KB2117917~31bf3856ad364e35~x86~~6.0.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
190914c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
191014c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
191114c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
191214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
191314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
191414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
191514c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust
191614c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
191714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
191814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
191914c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
192014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
192114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
192214c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
192314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
192414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
192514c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
192614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
192714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
192814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
192914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
193014c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
193114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
193214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
193314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
193414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
193514c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
193614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
193714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
193814c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
193914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
194014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
194114c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
194214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
194314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
194414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleacc.dll'...
194514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleacc.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleacc.dll' [rcNtRedir=0xc0150008]
194614c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000548 pwszName=\Device\HarddiskVolume2\Windows\System32\oleacc.dll
194714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
194814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
194914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=25CD43BC49CFB3DE8C4A6F4EBD96ACBA53716F06
195014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleacc.dll'
195114c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
195214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
195314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
195414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
195514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
195614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
195714c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
195814c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
195914c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleacc.dll) WinVerifyTrust
196014c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleacc.dll
196114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
196214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
196314c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
196414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
196514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
196614c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
196714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
196814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
196914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
197014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
197114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
197214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
197314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
197414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
197514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
197614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
197714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
197814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
197914c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
198014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
198114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
198214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
198314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
198414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
198514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
198614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
198714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
198814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
198914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
199014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
199114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
199214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
199314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
199414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
199514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
199614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
199714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
199814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
199914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
200014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
200114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
200214c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
200314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
200414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
200514c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000054c pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
200614c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
200714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
200814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AF3541492BF925290FE715287CC854A38F3506C2
200914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_6_for_KB2296011~31bf3856ad364e35~x86~~6.0.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
201014c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
201114c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
201214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
201314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
201414c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
201514c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
201614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
201714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
201814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
201914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
202014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
202114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
202214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
202314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
202414c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
202514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
202614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
202714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
202814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
202914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
203014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
203114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
203214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
203314c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
203414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
203514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
203614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
203714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
203814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
203914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
204014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
204114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
204214c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
204314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
204414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
204514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
204614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
204714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000052c pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
204814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
204914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
205014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CCDDBC56A74100552BB90AFFA59095F702D856D0
205114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
205214c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
205314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
205414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
205514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
205614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
205714c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
205814c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
205914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
206014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
206114c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
206214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
206314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
206414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
206514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
206614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
206714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
206814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000564 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
206914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
207014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
207114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7F4CE6CF821E8E0890BA137CA712B54267683EDB
207214c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2507618~31bf3856ad364e35~x86~~6.0.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
207314c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
207414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
207514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
207614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
207714c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
207814c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
207914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
208014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
208114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
208214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
208314c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
208414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
208514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
208614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
208714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
208814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
208914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
209014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
209114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
209214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
209314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
209414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
209514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
209614c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
209714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
209814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
209914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
210014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
210114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
210214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
210314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
210414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
210514c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00837758:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
210614c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
210714c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
210814c.1510: supR3HardenedDllNotificationCallback: load 67500000 LB 0x0091e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
210914c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
211014c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
211114c.1510: supR3HardenedDllNotificationCallback: load 6d310000 LB 0x000cb000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
211214c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
211314c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
211414c.1510: supR3HardenedDllNotificationCallback: load 6d4e0000 LB 0x00023000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
211514c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
211614c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
211714c.1510: supR3HardenedDllNotificationCallback: load 6d220000 LB 0x000e5000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
211814c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
211914c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
212014c.1510: supR3HardenedDllNotificationCallback: load 6dd00000 LB 0x00006000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
212114c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
212214c.1510: supR3HardenedDllNotificationCallback: load 760f0000 LB 0x0018a000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
212314c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
212414c.1510: supR3HardenedDllNotificationCallback: load 76430000 LB 0x0008d000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
212514c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
212614c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
212714c.1510: supR3HardenedDllNotificationCallback: load 750e0000 LB 0x0000c000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
212814c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
212914c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
213014c.1510: supR3HardenedDllNotificationCallback: load 695f0000 LB 0x00265000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.dll [fFlags=0x0]
213114c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
213214c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
213314c.1510: supR3HardenedDllNotificationCallback: load 73060000 LB 0x00007000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
213414c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
213514c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
213614c.1510: supR3HardenedDllNotificationCallback: load 69160000 LB 0x00482000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
213714c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
213814c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
213914c.1510: supR3HardenedDllNotificationCallback: load 75230000 LB 0x00014000 C:\Windows\system32\MPR.dll [fFlags=0x0]
214014c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
214114c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
214214c.1510: supR3HardenedDllNotificationCallback: load 669f0000 LB 0x004d7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
214314c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
214414c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
214514c.1510: supR3HardenedDllNotificationCallback: load 682e0000 LB 0x0045a000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
214614c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
214714c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
214814c.1510: supR3HardenedDllNotificationCallback: load 6b580000 LB 0x00044000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
214914c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
215014c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
215114c.1510: supR3HardenedDllNotificationCallback: load 74850000 LB 0x00042000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
215214c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
215314c.1510: supR3HardenedDllNotificationCallback: load 766b0000 LB 0x00073000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
215414c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
215514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
215614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
215714c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
215814c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll)
215914c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll
216014c.1510: supR3HardenedDllNotificationCallback: load 6ff60000 LB 0x00085000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\COMCTL32.dll [fFlags=0x0]
216114c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll [avoiding WinVerifyTrust]
216214c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
216314c.1510: supR3HardenedDllNotificationCallback: load 6af00000 LB 0x00046000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
216414c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
216514c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
216614c.1510: supR3HardenedDllNotificationCallback: load 73100000 LB 0x00032000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
216714c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
216814c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleacc.dll
216914c.1510: supR3HardenedDllNotificationCallback: load 74f30000 LB 0x00039000 C:\Windows\system32\OLEACC.dll [fFlags=0x0]
217014c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleacc.dll
217114c.1510: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll'.
217214c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll' [rescheduled]
217314c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
217414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
217514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
217614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
217714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
217814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
217914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
218014c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
218114c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=764c0000 'C:\Windows\system32\imm32.dll'
218214c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75c20000 'C:\Windows\system32\ADVAPI32.DLL'
218314c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=67500000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
218414c.1510: SUPR3HardenedMain: Calling TrustedMain (675014a0)...
218514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
218614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
218714c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
218814c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
218914c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
219014c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
219114c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
219214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
219314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
219414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
219514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
219614c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
219714c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
219814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
219914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
220014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
220114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
220214c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
220314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
220414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
220514c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
220614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
220714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
220814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
220914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
221014c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
221114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
221214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
221314c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
221414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
221514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
221614c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
221714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
221814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
221914c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
222014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
222114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
222214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
222314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
222414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
222514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
222614c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
222714c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
222814c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
222914c.1510: supR3HardenedDllNotificationCallback: load 6a0b0000 LB 0x000f3000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
223014c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
223114c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6a0b0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
223214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
223314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
223414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
223514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
223614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'secur32.dll'.
223714c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'firewallapi.dll'.
223814c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcss.dll)
223914c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcss.dll
224014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000005b0 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcss.dll
224114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
224214c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
224314c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=15A1D7682FD0A6E91D5801A59FA0C80F152B0414
224414c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcss.dll'
224514c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
224614c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcss.dll'
224714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000005b4 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
224814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
224914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
225014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F70E6A9C3CA48A924A263F00940F6925D4256A70
225114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
225214c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
225314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
225414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
225514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
225614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
225714c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
225814c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
225914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
226014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
226114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
226214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
226314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
226414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
226514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
226614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
226714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'firewallapi.dll'...
226814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'firewallapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\firewallapi.dll' [rcNtRedir=0xc0150008]
226914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000005cc pwszName=\Device\HarddiskVolume2\Windows\System32\FirewallAPI.dll
227014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
227114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
227214c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3E38E93EB4C6F5A4EDD7A03B17ED3BB85457D661
227314c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\FirewallAPI.dll'
227414c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
227514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
227614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
227714c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
227814c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
227914c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
228014c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'version.dll'.
228114c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\FirewallAPI.dll) WinVerifyTrust
228214c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\FirewallAPI.dll
228314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'secur32.dll'...
228414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'secur32.dll' -> '\Device\HarddiskVolume2\Windows\System32\secur32.dll' [rcNtRedir=0xc0150008]
228514c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\secur32.dll
228614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
228714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
228814c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
228914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
229014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
229114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
229214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
229314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
229414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
229514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
229614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
229714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000005d4 pwszName=\Device\HarddiskVolume2\Windows\System32\version.dll
229814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
229914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
230014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5767DD68E8AC237BC924031B2EED8CC2D38E7180
230114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\version.dll'
230214c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
230314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
230414c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\version.dll) WinVerifyTrust
230514c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll
230614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
230714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
230814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
230914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
231014c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
231114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
231214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
231314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
231414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
231514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
231614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
231714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
231814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
231914c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (Input=uxtheme.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
232014c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
232114c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
232214c.1510: supR3HardenedDllNotificationCallback: load 740a0000 LB 0x0003f000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
232314c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
232414c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=740a0000 'C:\Windows\system32\uxtheme.dll'
232514c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
232614c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (Input=uxtheme.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01383070:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
232714c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=740a0000 'C:\Windows\system32\uxtheme.dll'
232814c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
232914c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (Input=uxtheme.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01383070:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
233014c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=740a0000 'C:\Windows\system32\uxtheme.dll'
233114c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
233214c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (Input=uxtheme.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01383070:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
233314c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=740a0000 'C:\Windows\system32\uxtheme.dll'
233414c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76730000 'C:\Windows\system32\user32.dll'
233514c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\shell32.dll'
233614c.1510: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
233714c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Windows\system32\wintab32.dll'
233814c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
233914c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01383070:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
234014c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73100000 'C:\Windows\system32\winmm.dll'
234114c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
234214c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01383070:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
234314c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73100000 'C:\Windows\system32\winmm.dll'
234414c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\shell32.dll'
234514c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
234614c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01383070:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
234714c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=740a0000 'C:\Windows\system32\uxtheme.dll'
234814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000005a8 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
234914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
235014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
235114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=08091F55483AD818DD771B8FC59617E4BD7AD7FC
235214c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
235314c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
235414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
235514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
235614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
235714c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
235814c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
235914c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ksuser.dll'.
236014c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'mmdevapi.dll'.
236114c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'avrt.dll'.
236214c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
236314c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
236414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
236514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
236614c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000005b8 pwszName=\Device\HarddiskVolume2\Windows\System32\avrt.dll
236714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
236814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
236914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8D97A63B9E3BC9C3480ED3CD37DC289C5AE96F8D
237014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.cat'; file='\Device\HarddiskVolume2\Windows\System32\avrt.dll'
237114c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
237214c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
237314c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
237414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
237514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
237614c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000005c8 pwszName=\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
237714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
237814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
237914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B74A8B7C9F25816C926A8DE1D08F2839BD25D9C9
238014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll'
238114c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
238214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
238314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
238414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
238514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
238614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
238714c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
238814c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shlwapi.dll'.
238914c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
239014c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
239114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
239214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
239314c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000005f8 pwszName=\Device\HarddiskVolume2\Windows\System32\ksuser.dll
239414c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
239514c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
239614c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7D5BEE7280E1AA7379595A66D1276EACACBF0A2B
239714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ksuser.dll'
239814c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
239914c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
240014c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
240114c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
240214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
240314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
240414c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
240514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
240614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
240714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
240814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
240914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
241014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
241114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
241214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
241314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
241414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
241514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
241614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
241714c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
241814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
241914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
242014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
242114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
242214c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
242314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
242414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
242514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
242614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
242714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
242814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
242914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
243014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
243114c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01383070:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
243214c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
243314c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
243414c.1510: supR3HardenedDllNotificationCallback: load 72ed0000 LB 0x0002f000 C:\Windows\system32\wdmaud.drv [fFlags=0x0]
243514c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
243614c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
243714c.1510: supR3HardenedDllNotificationCallback: load 72ec0000 LB 0x00004000 C:\Windows\system32\ksuser.dll [fFlags=0x0]
243814c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
243914c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
244014c.1510: supR3HardenedDllNotificationCallback: load 730d0000 LB 0x00028000 C:\Windows\system32\MMDevAPI.DLL [fFlags=0x0]
244114c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
244214c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
244314c.1510: supR3HardenedDllNotificationCallback: load 73f50000 LB 0x00007000 C:\Windows\system32\AVRT.dll [fFlags=0x0]
244414c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
244514c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72ed0000 'C:\Windows\system32\wdmaud.drv'
244614c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
244714c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
244814c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72ed0000 'C:\Windows\system32\wdmaud.drv'
244914c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
245014c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
245114c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=730d0000 'C:\Windows\system32\MMDevAPI.DLL'
245214c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
245314c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
245414c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72ed0000 'C:\Windows\system32\wdmaud.drv'
245514c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
245614c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
245714c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=730d0000 'C:\Windows\system32\MMDEVAPI.DLL'
245814c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
245914c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
246014c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72ed0000 'C:\Windows\system32\wdmaud.drv'
246114c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
246214c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
246314c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72ed0000 'C:\Windows\system32\wdmaud.drv'
246414c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
246514c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
246614c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=760f0000 'C:\Windows\system32\SETUPAPI.dll'
246714c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
246814c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.dll (Input=WINTRUST.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
246914c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74ab0000 'C:\Windows\system32\WINTRUST.dll'
247014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000614 pwszName=\Device\HarddiskVolume2\Windows\System32\AudioSes.dll
247114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
247214c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
247314c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3C4226A9557DFFA61CFF44C96F97A5695D46CD74
247414c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\AudioSes.dll'
247514c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
247614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
247714c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
247814c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
247914c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
248014c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
248114c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
248214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'mmdevapi.dll'.
248314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'audioeng.dll'.
248414c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
248514c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
248614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'audioeng.dll'...
248714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'audioeng.dll' -> '\Device\HarddiskVolume2\Windows\System32\audioeng.dll' [rcNtRedir=0xc0150008]
248814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000005fc pwszName=\Device\HarddiskVolume2\Windows\System32\AudioEng.dll
248914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
249014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
249114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F107262B591007A5007F4C60D2FA161859DDF051
249214c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\AudioEng.dll'
249314c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
249414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
249514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
249614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
249714c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
249814c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
249914c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'psapi.dll'.
250014c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'avrt.dll'.
250114c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioEng.dll) WinVerifyTrust
250214c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioEng.dll
250314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
250414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
250514c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
250614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
250714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
250814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
250914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
251014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
251114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
251214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
251314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
251414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
251514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
251614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
251714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
251814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
251914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
252014c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
252114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
252214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
252314c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\psapi.dll
252414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
252514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
252614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
252714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
252814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
252914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
253014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
253114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
253214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
253314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
253414c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
253514c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
253614c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
253714c.1510: supR3HardenedDllNotificationCallback: load 71c00000 LB 0x00021000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0]
253814c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
253914c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioEng.dll
254014c.1510: supR3HardenedDllNotificationCallback: load 71b90000 LB 0x00066000 C:\Windows\system32\audioeng.dll [fFlags=0x0]
254114c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioEng.dll
254214c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=71c00000 'C:\Windows\system32\AUDIOSES.DLL'
254314c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
254414c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
254514c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72ed0000 'C:\Windows\system32\wdmaud.drv'
254614c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72ed0000 'C:\Windows\system32\wdmaud.drv'
254714c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72ed0000 'C:\Windows\system32\wdmaud.drv'
254814c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72ed0000 'C:\Windows\system32\wdmaud.drv'
254914c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72ed0000 'C:\Windows\system32\wdmaud.drv'
255014c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72ed0000 'C:\Windows\system32\wdmaud.drv'
255114c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72ed0000 'C:\Windows\system32\wdmaud.drv'
255214c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72ed0000 'C:\Windows\system32\wdmaud.drv'
255314c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
255414c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
255514c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72ed0000 'C:\Windows\system32\wdmaud.drv'
255614c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000618 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
255714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
255814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
255914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3C8EE2167F1C689FBE7F47D4D1F8E8BFB9FA858
256014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
256114c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
256214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
256314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
256414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
256514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
256614c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
256714c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
256814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
256914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
257014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000638 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.dll
257114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
257214c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
257314c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DD44A40D03EA386AD0F936A0CA22C89E9BA719CB
257414c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.dll'
257514c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
257614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
257714c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
257814c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
257914c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
258014c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
258114c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
258214c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
258314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
258414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
258514c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
258614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
258714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
258814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
258914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
259014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
259114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
259214c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
259314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
259414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
259514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
259614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
259714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
259814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
259914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
260014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
260114c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
260214c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
260314c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
260414c.1510: supR3HardenedDllNotificationCallback: load 71b20000 LB 0x00009000 C:\Windows\system32\msacm32.drv [fFlags=0x0]
260514c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
260614c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
260714c.1510: supR3HardenedDllNotificationCallback: load 71b00000 LB 0x00014000 C:\Windows\system32\MSACM32.dll [fFlags=0x0]
260814c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
260914c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=71b20000 'C:\Windows\system32\msacm32.drv'
261014c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
261114c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
261214c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=71b20000 'C:\Windows\system32\msacm32.drv'
261314c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
261414c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
261514c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=71b20000 'C:\Windows\system32\msacm32.drv'
261614c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
261714c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
261814c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=71b20000 'C:\Windows\system32\msacm32.drv'
261914c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
262014c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
262114c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=71b20000 'C:\Windows\system32\msacm32.drv'
262214c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
262314c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
262414c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=71b20000 'C:\Windows\system32\msacm32.drv'
262514c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000063c pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
262614c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
262714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
262814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9EA8FBB325A6B30D60F800843F9D493C2E7184FF
262914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
263014c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
263114c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
263214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
263314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
263414c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
263514c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
263614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
263714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
263814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
263914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
264014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
264114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
264214c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
264314c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
264414c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
264514c.1510: supR3HardenedDllNotificationCallback: load 71af0000 LB 0x00007000 C:\Windows\system32\midimap.dll [fFlags=0x0]
264614c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
264714c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=71af0000 'C:\Windows\system32\midimap.dll'
264814c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
264914c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
265014c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=71af0000 'C:\Windows\system32\midimap.dll'
265114c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
265214c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
265314c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=71af0000 'C:\Windows\system32\midimap.dll'
265414c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
265514c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
265614c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=71af0000 'C:\Windows\system32\midimap.dll'
265714c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75c20000 'C:\Windows\system32\advapi32.dll'
265814c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
265914c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
266014c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75870000 'C:\Windows\system32\userenv.dll'
266114c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
266214c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
266314c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76010000 'C:\Windows\system32\kernel32.dll'
266414c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000644 pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
266514c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
266614c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
266714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03C3E2D2EE38C21866AD93B1776BCD5D74BD06C0
266814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
266914c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
267014c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
267114c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
267214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
267314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
267414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
267514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
267614c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) WinVerifyTrust
267714c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
267814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
267914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
268014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
268114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
268214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
268314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
268414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
268514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
268614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
268714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
268814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
268914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
269014c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
269114c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
269214c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
269314c.1510: supR3HardenedDllNotificationCallback: load 75b90000 LB 0x00084000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
269414c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
269514c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75b90000 'C:\Windows\system32\CLBCatQ.DLL'
269614c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
269714c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLE32.dll (Input=OLE32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
269814c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=762e0000 'C:\Windows\system32\OLE32.dll'
269914c.1444: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
270014c.1444: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
270114c.1444: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
270214c.1444: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
270314c.1444: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
270414c.1444: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
270514c.1444: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
270614c.1444: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
270714c.1444: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
270814c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
270914c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
271014c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
271114c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
271214c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
271314c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
271414c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
271514c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
271614c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
271714c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
271814c.1444: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
271914c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
272014c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
272114c.1444: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
272214c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
272314c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
272414c.1444: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
272514c.1444: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
272614c.1444: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
272714c.1444: supR3HardenedDllNotificationCallback: load 66560000 LB 0x00490000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
272814c.1444: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
272914c.1444: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=66560000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
273014c.1444: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
273114c.1444: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
273214c.1444: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
273314c.1444: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
273414c.1444: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
273514c.1444: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
273614c.1444: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStubLegacy.dll) WinVerifyTrust
273714c.1444: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStubLegacy.dll
273814c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
273914c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
274014c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
274114c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
274214c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
274314c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
274414c.1444: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
274514c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
274614c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
274714c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
274814c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
274914c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
275014c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
275114c.1444: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStubLegacy.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
275214c.1444: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStubLegacy.dll
275314c.1444: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStubLegacy.dll
275414c.1444: supR3HardenedDllNotificationCallback: load 69aa0000 LB 0x00070000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStubLegacy.dll [fFlags=0x0]
275514c.1444: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStubLegacy.dll
275614c.1444: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=69aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStubLegacy.dll'
275714c.1444: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76430000 'C:\Windows\system32\oleaut32.dll'
275814c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75e00000 'C:\Windows\system32\gdi32.dll'
275914c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\shell32.dll'
276014c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=762e0000 'C:\Windows\system32\ole32.dll'
276114c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\shell32.dll'
276214c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\shell32.dll'
276314c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=762e0000 'C:\Windows\system32\ole32.dll'
276414c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76430000 'C:\Windows\system32\OLEAUT32.dll'
276514c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000009c8 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
276614c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
276714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
276814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C67CEB14B249F2A4B62F3F8614B044CD0CBFD656
276914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
277014c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
277114c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
277214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
277314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
277414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
277514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
277614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
277714c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
277814c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
277914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
278014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
278114c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
278214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
278314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
278414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
278514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
278614c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
278714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
278814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
278914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
279014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
279114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000009cc pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
279214c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
279314c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
279414c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9D66D0BA8D26C0B7D86E0BF2CB4C4C6A2CE04AB5
279514c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
279614c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
279714c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
279814c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
279914c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
280014c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
280114c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
280214c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
280314c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
280414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
280514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
280614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
280714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
280814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
280914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
281014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
281114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
281214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
281314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
281414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
281514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
281614c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02ae0da0:C:\Windows\system32\wbem;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
281714c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
281814c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
281914c.1510: supR3HardenedDllNotificationCallback: load 6e170000 LB 0x0000b000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
282014c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
282114c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
282214c.1510: supR3HardenedDllNotificationCallback: load 6e590000 LB 0x0005b000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
282314c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
282414c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e170000 'C:\Windows\system32\wbem\wbemprox.dll'
282514c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000009f4 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
282614c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
282714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
282814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=26D4515A7F14B33628C2A738291B215B537E267A
282914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
283014c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
283114c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
283214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
283314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
283414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
283514c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
283614c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
283714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
283814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
283914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
284014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
284114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
284214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
284314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
284414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
284514c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02ae2f50:C:\Windows\system32\wbem;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
284614c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
284714c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
284814c.1510: supR3HardenedDllNotificationCallback: load 6e0e0000 LB 0x00010000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
284914c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
285014c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e0e0000 'C:\Windows\system32\wbem\wbemsvc.dll'
285114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000009fc pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
285214c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
285314c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
285414c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D54CB66D98D7F57AD86A87884B091B6C98BAA885
285514c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
285614c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
285714c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
285814c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
285914c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
286014c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
286114c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
286214c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
286314c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
286414c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
286514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
286614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
286714c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000009dc pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
286814c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
286914c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
287014c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=351D7D271EDA34F44BC265EB68426AFBA3CE1154
287114c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll'
287214c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
287314c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
287414c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'dnsapi.dll'.
287514c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
287614c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'wldap32.dll'.
287714c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'netapi32.dll'.
287814c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
287914c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'secur32.dll'.
288014c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ws2_32.dll'.
288114c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll) WinVerifyTrust
288214c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
288314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
288414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
288514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
288614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
288714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
288814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
288914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
289014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
289114c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
289214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
289314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
289414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
289514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
289614c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
289714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'secur32.dll'...
289814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'secur32.dll' -> '\Device\HarddiskVolume2\Windows\System32\secur32.dll' [rcNtRedir=0xc0150008]
289914c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\secur32.dll
290014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
290114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
290214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netapi32.dll'...
290314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'netapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\netapi32.dll' [rcNtRedir=0xc0150008]
290414c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netapi32.dll
290514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
290614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
290714c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
290814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
290914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
291014c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dnsapi.dll'...
291114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'dnsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dnsapi.dll' [rcNtRedir=0xc0150008]
291214c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000a08 pwszName=\Device\HarddiskVolume2\Windows\System32\dnsapi.dll
291314c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
291414c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
291514c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AF63A52F8BCA6C97942D09CCFF782FD115E1DB1C
291614c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2509553~31bf3856ad364e35~x86~~6.0.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dnsapi.dll'
291714c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
291814c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
291914c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
292014c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
292114c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
292214c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dnsapi.dll) WinVerifyTrust
292314c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dnsapi.dll
292414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
292514c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
292614c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
292714c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
292814c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
292914c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
293014c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
293114c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
293214c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
293314c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
293414c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
293514c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02ae9e90:C:\Windows\system32\wbem;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
293614c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
293714c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
293814c.1510: supR3HardenedDllNotificationCallback: load 6df10000 LB 0x00099000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
293914c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
294014c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
294114c.1510: supR3HardenedDllNotificationCallback: load 75270000 LB 0x00018000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
294214c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
294314c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dnsapi.dll
294414c.1510: supR3HardenedDllNotificationCallback: load 75290000 LB 0x0002c000 C:\Windows\system32\DNSAPI.dll [fFlags=0x0]
294514c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dnsapi.dll
294614c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6df10000 'C:\Windows\system32\wbem\fastprox.dll'
294714c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73100000 'C:\Windows\system32\WINMM.dll'
294814c.12e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
294914c.12e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
295014c.12e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
295114c.12e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
295214c.12e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
295314c.12e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
295414c.12e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
295514c.12e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
295614c.12e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
295714c.12e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
295814c.12e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
295914c.12e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
296014c.12e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
296114c.12e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
296214c.12e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
296314c.12e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02ae0f68:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
296414c.12e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
296514c.12e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
296614c.12e0: supR3HardenedDllNotificationCallback: load 70390000 LB 0x00009000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
296714c.12e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
296814c.12e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=70390000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
296914c.12e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76730000 'C:\Windows\system32\User32.dll'
297014c.1254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
297114c.1254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
297214c.1254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
297314c.1254: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
297414c.1254: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
297514c.1254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
297614c.1254: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
297714c.1254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
297814c.1254: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
297914c.1254: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
298014c.1254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
298114c.1254: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
298214c.1254: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
298314c.1254: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02ae0f68:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
298414c.1254: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
298514c.1254: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
298614c.1254: supR3HardenedDllNotificationCallback: load 6d930000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
298714c.1254: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
298814c.1254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d930000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
298914c.f4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
299014c.f4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
299114c.f4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
299214c.f4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
299314c.f4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
299414c.f4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
299514c.f4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
299614c.f4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
299714c.f4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
299814c.f4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
299914c.f4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
300014c.f4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02ae0f68:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
300114c.f4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
300214c.f4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
300314c.f4c: supR3HardenedDllNotificationCallback: load 6d920000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
300414c.f4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
300514c.f4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d920000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
300614c.1090: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
300714c.1090: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
300814c.1090: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
300914c.1090: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
301014c.1090: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
301114c.1090: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
301214c.1090: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
301314c.1090: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
301414c.1090: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
301514c.1090: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
301614c.1090: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
301714c.1090: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02ae0f68:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
301814c.1090: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
301914c.1090: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
302014c.1090: supR3HardenedDllNotificationCallback: load 6d840000 LB 0x00009000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
302114c.1090: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
302214c.1090: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d840000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
302314c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\Shell32.dll'
302414c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
302514c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
302614c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
302714c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
302814c.14ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM64.dll) WinVerifyTrust
302914c.14ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM64.dll
303014c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
303114c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
303214c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
303314c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
303414c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
303514c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
303614c.14ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
303714c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
303814c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
303914c.14ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxREM64.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02ae0f68:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
304014c.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM64.dll
304114c.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM64.dll
304214c.14ac: supR3HardenedDllNotificationCallback: load 67ec0000 LB 0x0014c000 C:\Program Files\Oracle\VirtualBox\VBoxREM64.DLL [fFlags=0x0]
304314c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM64.dll
304414c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=67ec0000 'C:\Program Files\Oracle\VirtualBox\VBoxREM64.DLL'
304514c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
304614c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
304714c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
304814c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
304914c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
305014c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
305114c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
305214c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
305314c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
305414c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
305514c.14ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
305614c.14ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
305714c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
305814c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
305914c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000c70 pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
306014c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
306114c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
306214c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A0B7219CD66039E2566D8C40CB2214705F343A41
306314c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
306414c.14ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
306514c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
306614c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
306714c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dhcpcsvc.dll'.
306814c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'dhcpcsvc6.dll'.
306914c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'nsi.dll'.
307014c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'winnsi.dll'.
307114c.14ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
307214c.14ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
307314c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
307414c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
307514c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
307614c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
307714c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
307814c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
307914c.14ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
308014c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
308114c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
308214c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
308314c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
308414c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
308514c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
308614c.14ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
308714c.14ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
308814c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
308914c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
309014c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
309114c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
309214c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
309314c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
309414c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
309514c.14ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
309614c.14ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
309714c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
309814c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
309914c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
310014c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
310114c.14ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
310214c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
310314c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
310414c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
310514c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
310614c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
310714c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
310814c.14ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
310914c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
311014c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
311114c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
311214c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
311314c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
311414c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
311514c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
311614c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
311714c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
311814c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
311914c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
312014c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
312114c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000c58 pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll
312214c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
312314c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
312414c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3B80DCF6370714DA0596BC3C92476B6401605009
312514c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
312614c.14ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
312714c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
312814c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
312914c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
313014c.14ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust
313114c.14ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
313214c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
313314c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
313414c.14ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
313514c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dhcpcsvc6.dll'...
313614c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'dhcpcsvc6.dll' -> '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll' [rcNtRedir=0xc0150008]
313714c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000c7c pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
313814c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
313914c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
314014c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=ECE2CB2EE2EE563C4F7D166E7226607B1BEFC564
314114c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
314214c.14ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
314314c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
314414c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
314514c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
314614c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
314714c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'nsi.dll'.
314814c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'winnsi.dll'.
314914c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dnsapi.dll'.
315014c.14ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll) WinVerifyTrust
315114c.14ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
315214c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dhcpcsvc.dll'...
315314c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'dhcpcsvc.dll' -> '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll' [rcNtRedir=0xc0150008]
315414c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000c5c pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
315514c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
315614c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
315714c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=ABFFFB3D45677EF13EC9B78D8FCE6316F289F619
315814c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
315914c.14ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
316014c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
316114c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
316214c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dnsapi.dll'.
316314c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
316414c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'secur32.dll'.
316514c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
316614c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'nsi.dll'.
316714c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'winnsi.dll'.
316814c.14ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll) WinVerifyTrust
316914c.14ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
317014c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
317114c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
317214c.14ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
317314c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
317414c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
317514c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
317614c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
317714c.14ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
317814c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
317914c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
318014c.14ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
318114c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
318214c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
318314c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'secur32.dll'...
318414c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'secur32.dll' -> '\Device\HarddiskVolume2\Windows\System32\secur32.dll' [rcNtRedir=0xc0150008]
318514c.14ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\secur32.dll
318614c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
318714c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
318814c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dnsapi.dll'...
318914c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'dnsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dnsapi.dll' [rcNtRedir=0xc0150008]
319014c.14ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dnsapi.dll
319114c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
319214c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
319314c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
319414c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
319514c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dnsapi.dll'...
319614c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'dnsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dnsapi.dll' [rcNtRedir=0xc0150008]
319714c.14ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dnsapi.dll
319814c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
319914c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
320014c.14ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
320114c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
320214c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
320314c.14ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
320414c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
320514c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
320614c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
320714c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
320814c.14ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
320914c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
321014c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
321114c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
321214c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
321314c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
321414c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
321514c.14ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
321614c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
321714c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
321814c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
321914c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
322014c.14ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02ae0f68:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
322114c.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
322214c.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
322314c.14ac: supR3HardenedDllNotificationCallback: load 63a50000 LB 0x0094c000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
322414c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
322514c.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
322614c.14ac: supR3HardenedDllNotificationCallback: load 703e0000 LB 0x00050000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
322714c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
322814c.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
322914c.14ac: supR3HardenedDllNotificationCallback: load 69880000 LB 0x0005b000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
323014c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
323114c.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
323214c.14ac: supR3HardenedDllNotificationCallback: load 75190000 LB 0x00019000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0]
323314c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
323414c.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
323514c.14ac: supR3HardenedDllNotificationCallback: load 75150000 LB 0x00035000 C:\Windows\system32\dhcpcsvc.DLL [fFlags=0x0]
323614c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
323714c.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
323814c.14ac: supR3HardenedDllNotificationCallback: load 75140000 LB 0x00007000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0]
323914c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
324014c.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
324114c.14ac: supR3HardenedDllNotificationCallback: load 75110000 LB 0x00022000 C:\Windows\system32\dhcpcsvc6.DLL [fFlags=0x0]
324214c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
324314c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=63a50000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
324414c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
324514c.14ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02ae0f68:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
324614c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=66560000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
324714c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
324814c.14ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02ae0f68:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
324914c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=69880000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
325014c.15b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
325114c.15b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
325214c.15b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
325314c.15b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
325414c.15b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
325514c.15b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
325614c.15b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
325714c.15b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
325814c.15b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
325914c.15b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
326014c.15b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
326114c.15b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
326214c.15b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02ae0f68:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
326314c.15b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
326414c.15b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
326514c.15b0: supR3HardenedDllNotificationCallback: load 6d6f0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
326614c.15b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
326714c.15b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d6f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
326814c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76430000 'C:\Windows\system32\OLEAUT32.dll'
326914c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
327014c.14ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02ae0f68:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
327114c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75190000 'C:\Windows\system32\Iphlpapi.dll'
327214c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
327314c.14ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02aea128:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
327414c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75190000 'C:\Windows\system32\IPHLPAPI.DLL'
327514c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
327614c.14ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02aea128:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
327714c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75190000 'C:\Windows\system32\IPHLPAPI.DLL'
327814c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
327914c.14ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02afdd28:C:\Windows\System32;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
328014c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=730d0000 'C:\Windows\System32\MMDevApi.dll'
328114c.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=760f0000 'C:\Windows\system32\SETUPAPI.DLL'
328214c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000e40 pwszName=\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
328314c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
328414c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
328514c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9AB450F96B20736D899B978F94FD1071ED1BFD20
328614c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.cat'; file='\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll'
328714c.14ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
328814c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
328914c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
329014c.14ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll) WinVerifyTrust
329114c.14ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
329214c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
329314c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
329414c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
329514c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
329614c.14ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WTSAPI32.dll (Input=WTSAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02aea128:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
329714c.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
329814c.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
329914c.14ac: supR3HardenedDllNotificationCallback: load 74290000 LB 0x0000a000 C:\Windows\system32\WTSAPI32.dll [fFlags=0x0]
330014c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
330114c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74290000 'C:\Windows\system32\WTSAPI32.dll'
330214c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76730000 'C:\Windows\system32\USER32.dll'
330314c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000e50 pwszName=\Device\HarddiskVolume2\Windows\System32\winsta.dll
330414c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
330514c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
330614c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D0BDA81D62D7A0C9E5C690D4983E731746E8338D
330714c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.cat'; file='\Device\HarddiskVolume2\Windows\System32\winsta.dll'
330814c.14ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
330914c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
331014c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
331114c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
331214c.14ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winsta.dll) WinVerifyTrust
331314c.14ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winsta.dll
331414c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
331514c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
331614c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
331714c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
331814c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
331914c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
332014c.14ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINSTA.dll (Input=WINSTA.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02aea128:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
332114c.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winsta.dll
332214c.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winsta.dll
332314c.14ac: supR3HardenedDllNotificationCallback: load 74f00000 LB 0x00025000 C:\Windows\system32\WINSTA.dll [fFlags=0x0]
332414c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winsta.dll
332514c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74f00000 'C:\Windows\system32\WINSTA.dll'
332614c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winsta.dll
332714c.14ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winsta.dll (Input=winsta.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02aea128:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
332814c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74f00000 'C:\Windows\system32\winsta.dll'
332914c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000e54 pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
333014c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
333114c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
333214c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3A271B7E4EAC5D6AB2B1670324DC31D37AE25EC6
333314c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
333414c.14ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
333514c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
333614c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
333714c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
333814c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
333914c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
334014c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
334114c.14ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
334214c.14ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
334314c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
334414c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
334514c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000e74 pwszName=\Device\HarddiskVolume2\Windows\System32\powrprof.dll
334614c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658
334714c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658
334814c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F8E343330044956DDDBAE4D620067DAE1981E5C4
334914c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\powrprof.dll'
335014c.14ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
335114c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
335214c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
335314c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
335414c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
335514c.14ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll) WinVerifyTrust
335614c.14ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
335714c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
335814c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
335914c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
336014c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
336114c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
336214c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
336314c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
336414c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
336514c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
336614c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
336714c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
336814c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
336914c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
337014c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
337114c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
337214c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
337314c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
337414c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
337514c.14ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (Input=dsound.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02aea128:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
337614c.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
337714c.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
337814c.14ac: supR3HardenedDllNotificationCallback: load 6d510000 LB 0x00070000 C:\Windows\system32\dsound.dll [fFlags=0x0]
337914c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
338014c.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
338114c.14ac: supR3HardenedDllNotificationCallback: load 74b50000 LB 0x0001a000 C:\Windows\system32\POWRPROF.dll [fFlags=0x0]
338214c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
338314c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
338414c.14ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02aea2f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
338514c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d510000 'C:\Windows\system32\dsound.dll'
338614c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d510000 'C:\Windows\system32\dsound.dll'
338714c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
338814c.14ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02aea128:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
338914c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d510000 'C:\Windows\system32\dsound.dll'
339014c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73100000 'C:\Windows\system32\winmm.dll'
339114c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73100000 'C:\Windows\system32\winmm.dll'
339214c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73100000 'C:\Windows\system32\winmm.dll'
339314c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73100000 'C:\Windows\system32\winmm.dll'
339414c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
339514c.14ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02aea128:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
339614c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73100000 'C:\Windows\system32\winmm.dll'
339714c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73100000 'C:\Windows\system32\winmm.dll'
339814c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73100000 'C:\Windows\system32\winmm.dll'
339914c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
340014c.14ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02aea128:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
340114c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d510000 'C:\Windows\system32\dsound.dll'
340214c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73100000 'C:\Windows\system32\winmm.dll'
340314c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\shell32.dll'
340414c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
340514c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02aea128:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
340614c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\shell32.dll'
340714c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\shell32.dll'
340814c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\shell32.dll'
340914c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\shell32.dll'
341014c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\shell32.dll'
341114c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\shell32.dll'
341214c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\shell32.dll'
341314c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\shell32.dll'
341414c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\shell32.dll'
341514c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\shell32.dll'
341614c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\shell32.dll'

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy