VirtualBox

Ticket #20182: VBoxHardening_win7_vb_5.0.32.log

File VBoxHardening_win7_vb_5.0.32.log, 289.8 KB (added by JayK, 4 years ago)

VBoxHardening file from successful launch of vxworks 6.8 in virtualbox 5.0.32

Line 
17c4.4f0: Log file opened: 5.0.32r112930 g_hStartupLog=00000010 g_uNtVerCombined=0x611db110
27c4.4f0: \SystemRoot\System32\ntdll.dll:
37c4.4f0: CreationTime: 2015-11-25T03:56:08.766844500Z
47c4.4f0: LastWriteTime: 2015-10-20T00:48:47.299796500Z
57c4.4f0: ChangeTime: 2015-11-25T14:23:06.915189800Z
67c4.4f0: FileAttributes: 0x20
77c4.4f0: Size: 0x13f600
87c4.4f0: NT Headers: 0xd0
97c4.4f0: Timestamp: 0x56258dbb
107c4.4f0: Machine: 0x14c - i386
117c4.4f0: Timestamp: 0x56258dbb
127c4.4f0: Image Version: 6.1
137c4.4f0: SizeOfImage: 0x141000 (1314816)
147c4.4f0: Resource Dir: 0xe1000 LB 0x5a028
157c4.4f0: ProductName: Microsoft® Windows® Operating System
167c4.4f0: ProductVersion: 6.1.7601.19045
177c4.4f0: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
187c4.4f0: FileDescription: NT Layer DLL
197c4.4f0: \SystemRoot\System32\kernel32.dll:
207c4.4f0: CreationTime: 2015-11-25T03:47:39.091233200Z
217c4.4f0: LastWriteTime: 2015-05-09T03:13:42.222000000Z
227c4.4f0: ChangeTime: 2015-11-25T14:22:41.419358400Z
237c4.4f0: FileAttributes: 0x20
247c4.4f0: Size: 0xd4000
257c4.4f0: NT Headers: 0xf0
267c4.4f0: Timestamp: 0x554d7aff
277c4.4f0: Machine: 0x14c - i386
287c4.4f0: Timestamp: 0x554d7aff
297c4.4f0: Image Version: 6.1
307c4.4f0: SizeOfImage: 0xd4000 (868352)
317c4.4f0: Resource Dir: 0xc7000 LB 0x528
327c4.4f0: ProductName: Microsoft® Windows® Operating System
337c4.4f0: ProductVersion: 6.1.7601.18847
347c4.4f0: FileVersion: 6.1.7601.18847 (win7sp1_gdr.150508-1512)
357c4.4f0: FileDescription: Windows NT BASE API Client DLL
367c4.4f0: \SystemRoot\System32\KernelBase.dll:
377c4.4f0: CreationTime: 2015-11-25T03:47:38.995193500Z
387c4.4f0: LastWriteTime: 2015-05-09T03:13:42.222000000Z
397c4.4f0: ChangeTime: 2015-11-25T14:22:41.523968400Z
407c4.4f0: FileAttributes: 0x20
417c4.4f0: Size: 0x47a00
427c4.4f0: NT Headers: 0xe0
437c4.4f0: Timestamp: 0x554d7b00
447c4.4f0: Machine: 0x14c - i386
457c4.4f0: Timestamp: 0x554d7b00
467c4.4f0: Image Version: 6.1
477c4.4f0: SizeOfImage: 0x4b000 (307200)
487c4.4f0: Resource Dir: 0x47000 LB 0x530
497c4.4f0: ProductName: Microsoft® Windows® Operating System
507c4.4f0: ProductVersion: 6.1.7601.18847
517c4.4f0: FileVersion: 6.1.7601.18847 (win7sp1_gdr.150508-1512)
527c4.4f0: FileDescription: Windows NT BASE API Client DLL
537c4.4f0: \SystemRoot\System32\apisetschema.dll:
547c4.4f0: CreationTime: 2015-11-25T03:56:08.127808000Z
557c4.4f0: LastWriteTime: 2015-10-20T00:35:03.776000000Z
567c4.4f0: ChangeTime: 2015-11-25T14:23:06.911047000Z
577c4.4f0: FileAttributes: 0x20
587c4.4f0: Size: 0x1a00
597c4.4f0: NT Headers: 0xc0
607c4.4f0: Timestamp: 0x56258c72
617c4.4f0: Machine: 0x14c - i386
627c4.4f0: Timestamp: 0x56258c72
637c4.4f0: Image Version: 6.1
647c4.4f0: SizeOfImage: 0x50000 (327680)
657c4.4f0: Resource Dir: 0x30000 LB 0x3f8
667c4.4f0: ProductName: Microsoft® Windows® Operating System
677c4.4f0: ProductVersion: 6.1.7601.19045
687c4.4f0: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
697c4.4f0: FileDescription: ApiSet Schema DLL
707c4.4f0: supR3HardenedWinFindAdversaries: 0x0
717c4.4f0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
727c4.4f0: Calling main()
737c4.4f0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
747c4.4f0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
757c4.4f0: SUPR3HardenedMain: Respawn #1
767c4.4f0: System32: \Device\HarddiskVolume2\Windows\System32
777c4.4f0: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
787c4.4f0: KnownDllPath: C:\Windows\system32
797c4.4f0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
807c4.4f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
817c4.4f0: supR3HardNtEnableThreadCreation:
827c4.4f0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77573911 pvNtTerminateThread=775569c0
837c4.4f0: supR3HardenedWinDoReSpawn(1): New child 7dc.934 [kernel32].
847c4.4f0: supR3HardNtChildGatherData: PebBaseAddress=7ffda000 cbPeb=0x248
857c4.4f0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=77510000 uNtDllChildAddr=77510000
867c4.4f0: supR3HardenedWinSetupChildInit: uLdrInitThunk=77573911
877c4.4f0: supR3HardenedWinSetupChildInit: Start child.
887c4.4f0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
897c4.4f0: supR3HardNtChildPurify: Startup delay kludge #1/0: 265 ms, 0 sleeps
907c4.4f0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
917c4.4f0: *00000000-fffeffff 0x0001/0x0000 0x0000000
927c4.4f0: *00010000-fffeffff 0x0004/0x0004 0x0020000
937c4.4f0: *00030000-0002bfff 0x0002/0x0002 0x0040000
947c4.4f0: 00034000-00027fff 0x0001/0x0000 0x0000000
957c4.4f0: *00040000-0003efff 0x0004/0x0004 0x0020000
967c4.4f0: 00041000-00021fff 0x0001/0x0000 0x0000000
977c4.4f0: *00060000-fff62fff 0x0000/0x0004 0x0020000
987c4.4f0: 0015d000-0015bfff 0x0104/0x0004 0x0020000
997c4.4f0: 0015e000-0015bfff 0x0004/0x0004 0x0020000
1007c4.4f0: 00160000-ff81ffff 0x0001/0x0000 0x0000000
1017c4.4f0: *00aa0000-00aa0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1027c4.4f0: 00aa1000-00b05fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1037c4.4f0: 00b06000-00b06fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1047c4.4f0: 00b07000-00b40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1057c4.4f0: 00b41000-00b41fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1067c4.4f0: 00b42000-00b42fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1077c4.4f0: 00b43000-00b43fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1087c4.4f0: 00b44000-00b44fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1097c4.4f0: 00b45000-00b49fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1107c4.4f0: 00b4a000-00b4cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1117c4.4f0: 00b4d000-00b90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1127c4.4f0: 00b91000-8a211fff 0x0001/0x0000 0x0000000
1137c4.4f0: *77510000-77510fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1147c4.4f0: 77511000-775e7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1157c4.4f0: 775e8000-775edfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1167c4.4f0: 775ee000-775eefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1177c4.4f0: 775ef000-775f0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1187c4.4f0: 775f1000-77650fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1197c4.4f0: 77651000-77531fff 0x0001/0x0000 0x0000000
1207c4.4f0: *77770000-77770fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
1217c4.4f0: 77771000-6ef31fff 0x0001/0x0000 0x0000000
1227c4.4f0: *7ffb0000-7ff8cfff 0x0002/0x0002 0x0040000
1237c4.4f0: 7ffd3000-7ffcbfff 0x0001/0x0000 0x0000000
1247c4.4f0: *7ffda000-7ffd8fff 0x0004/0x0004 0x0020000
1257c4.4f0: 7ffdb000-7ffd6fff 0x0001/0x0000 0x0000000
1267c4.4f0: *7ffdf000-7ffddfff 0x0004/0x0004 0x0020000
1277c4.4f0: *7ffe0000-7ffdefff 0x0002/0x0002 0x0020000
1287c4.4f0: 7ffe1000-7ffd1fff 0x0001/0x0002 0x0020000
1297c4.4f0: apisetschema.dll: timestamp 0x56258c72 (rc=VINF_SUCCESS)
1307c4.4f0: VirtualBox.exe: timestamp 0x587d2ace (rc=VINF_SUCCESS)
1317c4.4f0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1327c4.4f0: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
1337c4.4f0: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
1347c4.4f0: supR3HardNtChildPurify: Done after 296 ms and 0 fixes (loop #0).
1357c4.4f0: supR3HardNtEnableThreadCreation:
1367dc.934: Log file opened: 5.0.32r112930 g_hStartupLog=00000004 g_uNtVerCombined=0x611db100
1377dc.934: supR3HardenedVmProcessInit: uNtDllAddr=77510000 g_uNtVerCombined=0x611db100
1387dc.934: ntdll.dll: timestamp 0x56258dbb (rc=VINF_SUCCESS)
1397dc.934: New simple heap: #1 00260000 LB 0x400000 (for 1314816 allocation)
1407dc.934: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1417dc.934: System32: \Device\HarddiskVolume2\Windows\System32
1427dc.934: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
1437dc.934: KnownDllPath: C:\Windows\system32
1447dc.934: supR3HardenedVmProcessInit: Opening vboxdrv stub...
1457dc.934: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1467dc.934: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1477dc.934: Registered Dll notification callback with NTDLL.
1487dc.934: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
1497dc.934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1507dc.934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000:<flags> [calling]
1517dc.934: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1527dc.934: supR3HardenedDllNotificationCallback: load 758e0000 LB 0x000d4000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
1537dc.934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1547dc.934: supR3HardenedDllNotificationCallback: load 75510000 LB 0x0004b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
1557dc.934: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
1567dc.934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1577dc.934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=758e0000 'C:\Windows\system32\kernel32.dll'
1587dc.934: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77573911 pvNtTerminateThread=775569c0
1597dc.934: \SystemRoot\System32\ntdll.dll:
1607c4.4f0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 312 ms.
1617dc.934: CreationTime: 2015-11-25T03:56:08.766844500Z
1627dc.934: LastWriteTime: 2015-10-20T00:48:47.299796500Z
1637dc.934: ChangeTime: 2015-11-25T14:23:06.915189800Z
1647dc.934: FileAttributes: 0x20
1657dc.934: Size: 0x13f600
1667dc.934: NT Headers: 0xd0
1677dc.934: Timestamp: 0x56258dbb
1687dc.934: Machine: 0x14c - i386
1697dc.934: Timestamp: 0x56258dbb
1707dc.934: Image Version: 6.1
1717dc.934: SizeOfImage: 0x141000 (1314816)
1727dc.934: Resource Dir: 0xe1000 LB 0x5a028
1737dc.934: ProductName: Microsoft® Windows® Operating System
1747dc.934: ProductVersion: 6.1.7601.19045
1757dc.934: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
1767dc.934: FileDescription: NT Layer DLL
1777dc.934: \SystemRoot\System32\kernel32.dll:
1787dc.934: CreationTime: 2015-11-25T03:47:39.091233200Z
1797dc.934: LastWriteTime: 2015-05-09T03:13:42.222000000Z
1807dc.934: ChangeTime: 2015-11-25T14:22:41.419358400Z
1817dc.934: FileAttributes: 0x20
1827dc.934: Size: 0xd4000
1837dc.934: NT Headers: 0xf0
1847dc.934: Timestamp: 0x554d7aff
1857dc.934: Machine: 0x14c - i386
1867dc.934: Timestamp: 0x554d7aff
1877dc.934: Image Version: 6.1
1887dc.934: SizeOfImage: 0xd4000 (868352)
1897dc.934: Resource Dir: 0xc7000 LB 0x528
1907dc.934: ProductName: Microsoft® Windows® Operating System
1917dc.934: ProductVersion: 6.1.7601.18847
1927dc.934: FileVersion: 6.1.7601.18847 (win7sp1_gdr.150508-1512)
1937dc.934: FileDescription: Windows NT BASE API Client DLL
1947dc.934: \SystemRoot\System32\KernelBase.dll:
1957dc.934: CreationTime: 2015-11-25T03:47:38.995193500Z
1967dc.934: LastWriteTime: 2015-05-09T03:13:42.222000000Z
1977dc.934: ChangeTime: 2015-11-25T14:22:41.523968400Z
1987dc.934: FileAttributes: 0x20
1997dc.934: Size: 0x47a00
2007dc.934: NT Headers: 0xe0
2017dc.934: Timestamp: 0x554d7b00
2027dc.934: Machine: 0x14c - i386
2037dc.934: Timestamp: 0x554d7b00
2047dc.934: Image Version: 6.1
2057dc.934: SizeOfImage: 0x4b000 (307200)
2067dc.934: Resource Dir: 0x47000 LB 0x530
2077dc.934: ProductName: Microsoft® Windows® Operating System
2087dc.934: ProductVersion: 6.1.7601.18847
2097dc.934: FileVersion: 6.1.7601.18847 (win7sp1_gdr.150508-1512)
2107dc.934: FileDescription: Windows NT BASE API Client DLL
2117dc.934: \SystemRoot\System32\apisetschema.dll:
2127dc.934: CreationTime: 2015-11-25T03:56:08.127808000Z
2137dc.934: LastWriteTime: 2015-10-20T00:35:03.776000000Z
2147dc.934: ChangeTime: 2015-11-25T14:23:06.911047000Z
2157dc.934: FileAttributes: 0x20
2167dc.934: Size: 0x1a00
2177dc.934: NT Headers: 0xc0
2187dc.934: Timestamp: 0x56258c72
2197dc.934: Machine: 0x14c - i386
2207dc.934: Timestamp: 0x56258c72
2217dc.934: Image Version: 6.1
2227dc.934: SizeOfImage: 0x50000 (327680)
2237dc.934: Resource Dir: 0x30000 LB 0x3f8
2247dc.934: ProductName: Microsoft® Windows® Operating System
2257dc.934: ProductVersion: 6.1.7601.19045
2267dc.934: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
2277dc.934: FileDescription: ApiSet Schema DLL
2287dc.934: supR3HardenedWinFindAdversaries: 0x0
2297dc.934: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2307dc.934: Calling main()
2317dc.934: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
2327dc.934: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2337dc.934: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2347dc.934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2357dc.934: SUPR3HardenedMain: Respawn #2
2367dc.934: supR3HardNtEnableThreadCreation:
2377dc.934: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
2387dc.934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
2397dc.934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000:<flags> [calling]
2407dc.934: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
2417dc.934: supR3HardenedDllNotificationCallback: load 75380000 LB 0x0004c000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
2427dc.934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
2437dc.934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75380000 'C:\Windows\system32\apphelp.dll'
2447dc.934: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77573911 pvNtTerminateThread=775569c0
2457dc.934: supR3HardenedWinDoReSpawn(2): New child cdc.ce0 [kernel32].
2467dc.934: supR3HardNtChildGatherData: PebBaseAddress=7ffd9000 cbPeb=0x248
2477dc.934: supR3HardNtPuChFindNtdll: uNtDllParentAddr=77510000 uNtDllChildAddr=77510000
2487dc.934: supR3HardenedWinSetupChildInit: uLdrInitThunk=77573911
2497dc.934: supR3HardenedWinSetupChildInit: Start child.
2507dc.934: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2517dc.934: supR3HardNtChildPurify: Startup delay kludge #1/0: 265 ms, 0 sleeps
2527dc.934: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2537dc.934: *00000000-fffeffff 0x0001/0x0000 0x0000000
2547dc.934: *00010000-fffeffff 0x0004/0x0004 0x0020000
2557dc.934: *00030000-0002bfff 0x0002/0x0002 0x0040000
2567dc.934: 00034000-00027fff 0x0001/0x0000 0x0000000
2577dc.934: *00040000-0003efff 0x0004/0x0004 0x0020000
2587dc.934: 00041000-ffee1fff 0x0001/0x0000 0x0000000
2597dc.934: *001a0000-000a2fff 0x0000/0x0004 0x0020000
2607dc.934: 0029d000-0029bfff 0x0104/0x0004 0x0020000
2617dc.934: 0029e000-0029bfff 0x0004/0x0004 0x0020000
2627dc.934: 002a0000-ffa9ffff 0x0001/0x0000 0x0000000
2637dc.934: *00aa0000-00aa0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2647dc.934: 00aa1000-00b05fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2657dc.934: 00b06000-00b06fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2667dc.934: 00b07000-00b40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2677dc.934: 00b41000-00b41fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2687dc.934: 00b42000-00b42fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2697dc.934: 00b43000-00b43fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2707dc.934: 00b44000-00b44fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2717dc.934: 00b45000-00b49fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2727dc.934: 00b4a000-00b4cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2737dc.934: 00b4d000-00b90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2747dc.934: 00b91000-8a211fff 0x0001/0x0000 0x0000000
2757dc.934: *77510000-77510fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2767dc.934: 77511000-775e7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2777dc.934: 775e8000-775edfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2787dc.934: 775ee000-775eefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2797dc.934: 775ef000-775f0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2807dc.934: 775f1000-77650fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2817dc.934: 77651000-77531fff 0x0001/0x0000 0x0000000
2827dc.934: *77770000-77770fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
2837dc.934: 77771000-6ef31fff 0x0001/0x0000 0x0000000
2847dc.934: *7ffb0000-7ff8cfff 0x0002/0x0002 0x0040000
2857dc.934: 7ffd3000-7ffccfff 0x0001/0x0000 0x0000000
2867dc.934: *7ffd9000-7ffd7fff 0x0004/0x0004 0x0020000
2877dc.934: 7ffda000-7ffd4fff 0x0001/0x0000 0x0000000
2887dc.934: *7ffdf000-7ffddfff 0x0004/0x0004 0x0020000
2897dc.934: *7ffe0000-7ffdefff 0x0002/0x0002 0x0020000
2907dc.934: 7ffe1000-7ffd1fff 0x0001/0x0002 0x0020000
2917dc.934: apisetschema.dll: timestamp 0x56258c72 (rc=VINF_SUCCESS)
2927dc.934: VirtualBox.exe: timestamp 0x587d2ace (rc=VINF_SUCCESS)
2937dc.934: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2947dc.934: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
2957dc.934: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
2967dc.934: supR3HardNtChildPurify: Done after 296 ms and 0 fixes (loop #0).
2977dc.934: supR3HardenedEarlyCompact: Removed heap 1 (0x260000 LB 0x400000)
298cdc.ce0: Log file opened: 5.0.32r112930 g_hStartupLog=00000004 g_uNtVerCombined=0x611db100
299cdc.ce0: supR3HardenedVmProcessInit: uNtDllAddr=77510000 g_uNtVerCombined=0x611db100
3007dc.934: supR3HardNtEnableThreadCreation:
301cdc.ce0: ntdll.dll: timestamp 0x56258dbb (rc=VINF_SUCCESS)
302cdc.ce0: New simple heap: #1 002a0000 LB 0x400000 (for 1314816 allocation)
303cdc.ce0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
304cdc.ce0: System32: \Device\HarddiskVolume2\Windows\System32
305cdc.ce0: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
306cdc.ce0: KnownDllPath: C:\Windows\system32
307cdc.ce0: supR3HardenedVmProcessInit: Opening vboxdrv...
308cdc.ce0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
309cdc.ce0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
310cdc.ce0: Registered Dll notification callback with NTDLL.
311cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
312cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
313cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000:<flags> [calling]
314cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
315cdc.ce0: supR3HardenedDllNotificationCallback: load 758e0000 LB 0x000d4000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
316cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
317cdc.ce0: supR3HardenedDllNotificationCallback: load 75510000 LB 0x0004b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
318cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
319cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
320cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=758e0000 'C:\Windows\system32\kernel32.dll'
321cdc.ce0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77573911 pvNtTerminateThread=775569c0
322cdc.ce0: \SystemRoot\System32\ntdll.dll:
323cdc.ce0: CreationTime: 2015-11-25T03:56:08.766844500Z
324cdc.ce0: LastWriteTime: 2015-10-20T00:48:47.299796500Z
325cdc.ce0: ChangeTime: 2015-11-25T14:23:06.915189800Z
326cdc.ce0: FileAttributes: 0x20
327cdc.ce0: Size: 0x13f600
3287dc.934: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 16 ms.
329cdc.ce0: NT Headers: 0xd0
330cdc.ce0: Timestamp: 0x56258dbb
331cdc.ce0: Machine: 0x14c - i386
332cdc.ce0: Timestamp: 0x56258dbb
333cdc.ce0: Image Version: 6.1
334cdc.ce0: SizeOfImage: 0x141000 (1314816)
335cdc.ce0: Resource Dir: 0xe1000 LB 0x5a028
336cdc.ce0: ProductName: Microsoft® Windows® Operating System
337cdc.ce0: ProductVersion: 6.1.7601.19045
338cdc.ce0: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
339cdc.ce0: FileDescription: NT Layer DLL
340cdc.ce0: \SystemRoot\System32\kernel32.dll:
341cdc.ce0: CreationTime: 2015-11-25T03:47:39.091233200Z
342cdc.ce0: LastWriteTime: 2015-05-09T03:13:42.222000000Z
343cdc.ce0: ChangeTime: 2015-11-25T14:22:41.419358400Z
344cdc.ce0: FileAttributes: 0x20
345cdc.ce0: Size: 0xd4000
346cdc.ce0: NT Headers: 0xf0
347cdc.ce0: Timestamp: 0x554d7aff
348cdc.ce0: Machine: 0x14c - i386
349cdc.ce0: Timestamp: 0x554d7aff
350cdc.ce0: Image Version: 6.1
351cdc.ce0: SizeOfImage: 0xd4000 (868352)
352cdc.ce0: Resource Dir: 0xc7000 LB 0x528
353cdc.ce0: ProductName: Microsoft® Windows® Operating System
354cdc.ce0: ProductVersion: 6.1.7601.18847
355cdc.ce0: FileVersion: 6.1.7601.18847 (win7sp1_gdr.150508-1512)
356cdc.ce0: FileDescription: Windows NT BASE API Client DLL
357cdc.ce0: \SystemRoot\System32\KernelBase.dll:
358cdc.ce0: CreationTime: 2015-11-25T03:47:38.995193500Z
359cdc.ce0: LastWriteTime: 2015-05-09T03:13:42.222000000Z
360cdc.ce0: ChangeTime: 2015-11-25T14:22:41.523968400Z
361cdc.ce0: FileAttributes: 0x20
362cdc.ce0: Size: 0x47a00
363cdc.ce0: NT Headers: 0xe0
364cdc.ce0: Timestamp: 0x554d7b00
365cdc.ce0: Machine: 0x14c - i386
366cdc.ce0: Timestamp: 0x554d7b00
367cdc.ce0: Image Version: 6.1
368cdc.ce0: SizeOfImage: 0x4b000 (307200)
369cdc.ce0: Resource Dir: 0x47000 LB 0x530
370cdc.ce0: ProductName: Microsoft® Windows® Operating System
371cdc.ce0: ProductVersion: 6.1.7601.18847
372cdc.ce0: FileVersion: 6.1.7601.18847 (win7sp1_gdr.150508-1512)
373cdc.ce0: FileDescription: Windows NT BASE API Client DLL
374cdc.ce0: \SystemRoot\System32\apisetschema.dll:
375cdc.ce0: CreationTime: 2015-11-25T03:56:08.127808000Z
376cdc.ce0: LastWriteTime: 2015-10-20T00:35:03.776000000Z
377cdc.ce0: ChangeTime: 2015-11-25T14:23:06.911047000Z
378cdc.ce0: FileAttributes: 0x20
379cdc.ce0: Size: 0x1a00
380cdc.ce0: NT Headers: 0xc0
381cdc.ce0: Timestamp: 0x56258c72
382cdc.ce0: Machine: 0x14c - i386
383cdc.ce0: Timestamp: 0x56258c72
384cdc.ce0: Image Version: 6.1
385cdc.ce0: SizeOfImage: 0x50000 (327680)
386cdc.ce0: Resource Dir: 0x30000 LB 0x3f8
387cdc.ce0: ProductName: Microsoft® Windows® Operating System
388cdc.ce0: ProductVersion: 6.1.7601.19045
389cdc.ce0: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
390cdc.ce0: FileDescription: ApiSet Schema DLL
391cdc.ce0: supR3HardenedWinFindAdversaries: 0x0
392cdc.ce0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
393cdc.ce0: Calling main()
394cdc.ce0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
395cdc.ce0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
396cdc.ce0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
397cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
398cdc.ce0: SUPR3HardenedMain: Final process, opening VBoxDrv...
399cdc.ce0: supR3HardenedEarlyCompact: Removed heap 1 (0x2a0000 LB 0x400000)
400cdc.ce0: supR3HardNtEnableThreadCreation:
401cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
402cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
403cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e2cbc:C:\Windows\system32 [calling]
404cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
405cdc.ce0: supR3HardenedDllNotificationCallback: load 6bd10000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
406cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
407cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
408cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
409cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6bd10000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
410cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
411cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
412cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6bd10000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
413cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6bd10000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
414cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
415cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
416cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
417cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
418cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
419cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
420cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
421cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
422cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
423cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
424cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
425cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
426cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
427cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
428cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
429cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
430cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
431cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
432cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
433cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
434cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
435cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
436cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
437cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
438cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
439cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
440cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
441cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
442cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
443cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
444cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e2cbc:C:\Windows\system32 [calling]
445cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
446cdc.ce0: supR3HardenedDllNotificationCallback: load 75560000 LB 0x0002f000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
447cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
448cdc.ce0: supR3HardenedDllNotificationCallback: load 76d40000 LB 0x000ac000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
449cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
450cdc.ce0: supR3HardenedDllNotificationCallback: load 755b0000 LB 0x00121000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
451cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
452cdc.ce0: supR3HardenedDllNotificationCallback: load 754e0000 LB 0x0000c000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
453cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
454cdc.ce0: supR3HardenedDllNotificationCallback: load 76e00000 LB 0x000a2000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
455cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
456cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75560000 'C:\Windows\system32\Wintrust.dll'
457cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
458cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
459cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e2cbc:C:\Windows\system32 [calling]
460cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
461cdc.ce0: supR3HardenedDllNotificationCallback: load 75000000 LB 0x00017000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
462cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
463cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75000000 'C:\Windows\system32\bcrypt.dll'
464cdc.ce0: bcrypt.dll loaded at 75000000, BCryptOpenAlgorithmProvider at 75002cda, preloading providers:
465cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
466cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
467cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
468cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
469cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
470cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
471cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
472cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
473cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
474cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
475cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
476cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
477cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
478cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
479cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
480cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
481cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
482cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
483cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
484cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
485cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
486cdc.ce0: supR3HardenedDllNotificationCallback: load 74bd0000 LB 0x0003d000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
487cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
488cdc.ce0: supR3HardenedDllNotificationCallback: load 77170000 LB 0x000a1000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
489cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
490cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
491cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'.
492cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
493cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
494cdc.ce0: supR3HardenedDllNotificationCallback: load 77660000 LB 0x00019000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
495cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
496cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74bd0000 'C:\Windows\system32\bcryptprimitives.dll'
497cdc.ce0: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=008009b0)
498cdc.ce0: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=008010c0)
499cdc.ce0: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00801e18)
500cdc.ce0: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00800908)
501cdc.ce0: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00801f68)
502cdc.ce0: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00802008)
503cdc.ce0: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00801eb8)
504cdc.ce0: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00802178)
505cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
506cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
507cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
508cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
509cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
510cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
511cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
512cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
513cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
514cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
515cdc.ce0: supR3HardenedDllNotificationCallback: load 74ef0000 LB 0x00017000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
516cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
517cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74ef0000 'C:\Windows\system32\CRYPTSP.dll'
518cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
519cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
520cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
521cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
522cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
523cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
524cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
525cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
526cdc.ce0: supR3HardenedDllNotificationCallback: load 74c90000 LB 0x0003b000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
527cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
528cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74c90000 'C:\Windows\system32\rsaenh.dll'
529cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
530cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
531cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77170000 'C:\Windows\system32\ADVAPI32.dll'
532cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
533cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
534cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
535cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
536cdc.ce0: supR3HardenedDllNotificationCallback: load 75400000 LB 0x0000c000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
537cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
538cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75400000 'C:\Windows\system32\CRYPTBASE.dll'
539cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
540cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
541cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=758e0000 'C:\Windows\system32\kernel32.dll'
542cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
543cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
544cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75560000 'C:\Windows\system32\WINTRUST.DLL'
545cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
546cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
547cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=755b0000 'C:\Windows\system32\CRYPT32.dll'
548cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
549cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'advapi32.dll'.
550cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
551cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
552cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
553cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
554cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
555cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
556cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
557cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
558cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
559cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
560cdc.ce0: supR3HardenedDllNotificationCallback: load 76d10000 LB 0x0002b000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
561cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
562cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76d10000 'C:\Windows\system32\imagehlp.dll'
563cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
564cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
565cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74ef0000 'C:\Windows\system32\CRYPTSP.dll'
566cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
567cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
568cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
569cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
570cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
571cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
572cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
573cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
574cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
575cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
576cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
577cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
578cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
579cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
580cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
581cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
582cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
583cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
584cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
585cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
586cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
587cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
588cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
589cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
590cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
591cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
592cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
593cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
594cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
595cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
596cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
597cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
598cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
599cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
600cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
601cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
602cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
603cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
604cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
605cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
606cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
607cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
608cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
609cdc.ce0: supR3HardenedDllNotificationCallback: load 77680000 LB 0x000c9000 C:\Windows\system32\USER32.dll [fFlags=0x0]
610cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
611cdc.ce0: supR3HardenedDllNotificationCallback: load 77420000 LB 0x0004e000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
612cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
613cdc.ce0: supR3HardenedDllNotificationCallback: load 75ed0000 LB 0x0000a000 C:\Windows\system32\LPK.dll [fFlags=0x0]
614cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
615cdc.ce0: supR3HardenedDllNotificationCallback: load 77470000 LB 0x0009d000 C:\Windows\system32\USP10.dll [fFlags=0x0]
616cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
617cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
618cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
619cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77420000 'C:\Windows\system32\gdi32.dll'
620cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
621cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
622cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
623cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
624cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
625cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
626cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
627cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
628cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
629cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
630cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
631cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
632cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
633cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
634cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
635cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
636cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
637cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
638cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
639cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
640cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
641cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
642cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
643cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
644cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
645cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
646cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
647cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
648cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
649cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
650cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
651cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
652cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
653cdc.ce0: supR3HardenedDllNotificationCallback: load 76040000 LB 0x0001f000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
654cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
655cdc.ce0: supR3HardenedDllNotificationCallback: load 75810000 LB 0x000cc000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
656cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
657cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76040000 'C:\Windows\system32\IMM32.DLL'
658cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77680000 'C:\Windows\system32\USER32.dll'
659cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
660cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
661cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
662cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
663cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
664cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
665cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
666cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
667cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
668cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
669cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
670cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
671cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
672cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
673cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
674cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
675cdc.ce0: supR3HardenedDllNotificationCallback: load 75020000 LB 0x00039000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
676cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
677cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75020000 'C:\Windows\system32\ncrypt.dll'
678cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
679cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
680cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75000000 'C:\Windows\system32\bcrypt.dll'
681cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
682cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'.
683cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'profapi.dll'.
684cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
685cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
686cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
687cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
688cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
689cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
690cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
691cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
692cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
693cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
694cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
695cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
696cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
697cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
698cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
699cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
700cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
701cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
702cdc.ce0: supR3HardenedDllNotificationCallback: load 75700000 LB 0x00017000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
703cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
704cdc.ce0: supR3HardenedDllNotificationCallback: load 754f0000 LB 0x0000b000 C:\Windows\system32\profapi.dll [fFlags=0x0]
705cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
706cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75700000 'C:\Windows\system32\USERENV.dll'
707cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
708cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77660000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
709cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
710cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77660000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
711cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
712cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
713cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
714cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
715cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
716cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
717cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
718cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
719cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
720cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
721cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
722cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
723cdc.ce0: supR3HardenedDllNotificationCallback: load 74ad0000 LB 0x00016000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
724cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
725cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74ad0000 'C:\Windows\system32\GPAPI.dll'
726cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
727cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77660000 'API-MS-WIN-Service-Management-L1-1-0.dll'
728cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
729cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
730cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76e00000 'C:\Windows\system32\rpcrt4.dll'
731cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
732cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77660000 'API-MS-WIN-Service-Management-L2-1-0.dll'
733cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
734cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77660000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
735cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
736cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
737cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'crypt32.dll'.
738cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'wldap32.dll'.
739cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
740cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
741cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
742cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
743cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
744cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
745cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
746cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
747cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
748cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
749cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
750cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
751cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
752cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
753cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
754cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
755cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
756cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
757cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
758cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
759cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
760cdc.ce0: supR3HardenedDllNotificationCallback: load 718b0000 LB 0x0001c000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
761cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
762cdc.ce0: supR3HardenedDllNotificationCallback: load 76070000 LB 0x00045000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
763cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
764cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
765cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
766cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718b0000 'C:\Windows\system32\cryptnet.dll'
767cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
768cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
769cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718b0000 'C:\Windows\system32\cryptnet.dll'
770cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
771cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
772cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718b0000 'C:\Windows\system32\cryptnet.dll'
773cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
774cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
775cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718b0000 'C:\Windows\system32\cryptnet.dll'
776cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
777cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
778cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718b0000 'C:\Windows\system32\cryptnet.dll'
779cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
780cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
781cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718b0000 'C:\Windows\system32\cryptnet.dll'
782cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
783cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718b0000 'C:\Windows\system32\cryptnet.dll'
784cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
785cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718b0000 'C:\Windows\system32\cryptnet.dll'
786cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
787cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718b0000 'C:\Windows\system32\cryptnet.dll'
788cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
789cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718b0000 'C:\Windows\system32\cryptnet.dll'
790cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
791cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718b0000 'C:\Windows\system32\cryptnet.dll'
792cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718b0000 'C:\Windows\system32\cryptnet.dll'
793cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
794cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718b0000 'C:\Windows\system32\cryptnet.dll'
795cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
796cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77660000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
797cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
798cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
799cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=754f0000 'C:\Windows\system32\profapi.dll'
800cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
801cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
802cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
803cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
804cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
805cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
806cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
807cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
808cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
809cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
810cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
811cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
812cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
813cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
814cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
815cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
816cdc.ce0: supR3HardenedDllNotificationCallback: load 77220000 LB 0x00057000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
817cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
818cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77220000 'C:\Windows\system32\SHLWAPI.dll'
819cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000 pwszName=\SystemRoot\System32\ntdll.dll
820cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: New context 008b7ba0
821cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
822cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B4DF452093FDAA7DA713F106AEAB7D31AAA8BD52
823cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
824cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77660000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
825cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
826cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77660000 'API-MS-WIN-Service-Management-L1-1-0.dll'
827cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
828cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77660000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
829cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
830cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
831cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77170000 'C:\Windows\system32\ADVAPI32.dll'
832cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
833cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77660000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
834cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
835cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77660000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
836cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_38_for_KB3101746~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\SystemRoot\System32\ntdll.dll'
837cdc.ce0: g_pfnWinVerifyTrust=7556273a
838cdc.ce0: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
839cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
840cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
841cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
842cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B3332A3BF9E00E9C36DC9749A20DEA999CEBDE77
843cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
844cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
845cdc.ce0: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
846cdc.ce0: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
847cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
848cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
849cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
850cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FD7D98679ED68B7C258E60C35F3BA425D140B9
851cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_39_for_KB3040272~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
852cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
853cdc.ce0: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
854cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000378 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
855cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
856cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
857cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A97620B38393821964747185BD0CFB4FF244F0A
858cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
859cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
860cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
861cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000036c pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
862cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
863cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
864cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4274E678F4A09F0955B304F45CFA0547B0F86BC7
865cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
866cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
867cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
868cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000368 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
869cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
870cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
871cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E8D8B40354DD1B3F6FAF80893807AE138984C3EB
872cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_39_for_KB3040272~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
873cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
874cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
875cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000254 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
876cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
877cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
878cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BD66D8D7C0A43466AD80C34E81C083C3C69E195B
879cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
880cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
881cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
882cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001c0 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
883cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
884cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
885cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D9A4C90615FC5B5674208A5401C018FEA2A04A4B
886cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
887cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
888cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
889cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001bc pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
890cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
891cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
892cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=21925C895DA97CB66CCC5FBA910D9ABD265AA276
893cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
894cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
895cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
896cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001a8 pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
897cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
898cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
899cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D56F0B10DF0BBC071EC3118E6BF4B9C85E433C99
900cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_38_for_KB3101746~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
901cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
902cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
903cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000190 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
904cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
905cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
906cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=21CC868DE3508F5C6F6D348B324C1E8AB2969CC6
907cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3033889~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
908cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
909cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
910cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000018c pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
911cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
912cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
913cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB8862BB29C3F539B9BF3A9E49EBC509A515AC5C
914cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
915cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
916cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
917cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000188 pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
918cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
919cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
920cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43A12765C9BE008AD8F89DD9D8ADE42781F3CECF
921cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2957509~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
922cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
923cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
924cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000184 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
925cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
926cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
927cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5B69BB5E518E30563D5F105F9F5A9A0774CF902E
928cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3087039~31bf3856ad364e35~x86~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
929cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
930cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
931cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000180 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
932cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
933cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
934cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F22A2FC845420DBD44B017133D50DFF33EE6D03F
935cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3069392~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
936cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
937cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
938cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000017c pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
939cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
940cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
941cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=46D722AD9F66278A8EBC0D192855961CE6A21050
942cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
943cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
944cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
945cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000178 pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
946cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
947cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
948cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D59F877FD4F27652A01B1936874AFAF3A55572A8
949cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
950cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
951cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
952cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000134 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
953cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
954cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
955cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=685A12871B04F122C1C6F2AA1E429C19211FCD8F
956cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_38_for_KB3101746~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
957cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
958cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
959cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
960cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
961cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
962cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
963cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EFE6B29BE955FB2D869F3B57909DF90693FBBCEB
964cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_57_for_KB3033929~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
965cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
966cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
967cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000124 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
968cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
969cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
970cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=27AAFBF501C7D0BDB48FEA759DB4257783E5749A
971cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_38_for_KB3068708~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
972cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
973cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
974cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000120 pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
975cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
976cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
977cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F9B5837102D5550DADB15CDBE6874779C095378D
978cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_38_for_KB3080149~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
979cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
980cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
981cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
982cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000108 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
983cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
984cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
985cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F0BAB1EFD5C685AC53B020519B5A6984B19E5071
986cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
987cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
988cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
989cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000e8 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
990cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
991cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
992cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=50B466D5DDEDD2D1A524F20B8873F187B62AA69F
993cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2654428~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
994cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
995cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
996cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
997cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
998cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
999cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7068F2E1634BBD478D1FBCF4C463626913EA7285
1000cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1001cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1002cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1003cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1004cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
1005cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
1006cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=75EC13F04473FD191A7C44AD9A7C2B28A625D383
1007cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_38_for_KB3101746~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1008cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1009cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1010cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1011cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000024 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1012cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
1013cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
1014cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=992AF4E9EBEC265515EC875F6F2F14055D1D491D
1015cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3063858~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1016cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1017cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1018cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000001c pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
1019cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
1020cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
1021cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=84623A9DB7C87F822F9F509ECBD6D4DC753E6405
1022cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3063858~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1023cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1024cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1025cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1026cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082fe9c:C:\Windows\system32 [calling]
1027cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=755b0000 'C:\Windows\system32\crypt32.dll'
1028cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1029cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1030cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1031cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1032cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1033cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1034cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1035cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1036cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
1037cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1038cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1039cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1040cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1041cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1042cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1043cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1044cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1045cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1046cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
1047cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1048cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1049cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1050cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1051cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
1052cdc.ce0: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=24
1053cdc.ce0: SUPR3HardenedMain: Load Runtime...
1054cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1055cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1056cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1057cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1058cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1059cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1060cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1061cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1062cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1063cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1064cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1065cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000434 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1066cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
1067cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
1068cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2535224DB54945234E1A0C452639FCBB02F5F364
1069cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
1070cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1071cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1072cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
1073cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'nsi.dll'.
1074cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
1075cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1076cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1077cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1078cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1079cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1080cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1081cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1082cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1083cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1084cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1085cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1086cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1087cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1088cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1089cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1090cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000438 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
1091cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
1092cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
1093cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B5C25EDD170A1CAACC3D49C508AB6F58BD6DE6E2
1094cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
1095cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1096cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
1097cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
1098cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1099cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1100cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1101cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1102cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1103cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1104cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082279c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1105cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1106cdc.ce0: supR3HardenedDllNotificationCallback: load 6ada0000 LB 0x0040c000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1107cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1108cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1109cdc.ce0: supR3HardenedDllNotificationCallback: load 6ace0000 LB 0x000bf000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1110cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1111cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1112cdc.ce0: supR3HardenedDllNotificationCallback: load 6ac70000 LB 0x00069000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1113cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1114cdc.ce0: supR3HardenedDllNotificationCallback: load 759c0000 LB 0x00035000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
1115cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1116cdc.ce0: supR3HardenedDllNotificationCallback: load 76df0000 LB 0x00006000 C:\Windows\system32\NSI.dll [fFlags=0x0]
1117cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
1118cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1119cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
1120cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1121cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1122cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
1123cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1124cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1125cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
1126cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1127cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1128cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
1129cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1130cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1131cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
1132cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1133cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1134cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
1135cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1136cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1137cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1138cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1139cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1140cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1141cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1142cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1143cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1144cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
1145cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1146cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1147cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1148cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1149cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1150cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1151cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1152cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1153cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1154cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1155cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1156cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1157cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1158cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1159cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1160cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1161cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1162cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling]
1163cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1164cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1165cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1166cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1167cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1168cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082fedc:C:\Windows\system32 [calling]
1169cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75560000 'C:\Windows\system32\Wintrust.dll'
1170cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1171cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082fedc:C:\Windows\system32 [calling]
1172cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=755b0000 'C:\Windows\system32\crypt32.dll'
1173cdc.ce0: SUPR3HardenedMain: Load TrustedMain...
1174cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1175cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1176cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
1177cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
1178cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
1179cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtcorevbox4.dll'.
1180cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtguivbox4.dll'.
1181cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
1182cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
1183cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
1184cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1185cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1186cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1187cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1188cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
1189cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
1190cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1191cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1192cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1193cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000478 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
1194cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
1195cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
1196cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0907A64D7756C59C69C1DFBD06460EC89D3A8FBD
1197cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
1198cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1199cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1200cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1201cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
1202cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1203cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1204cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1205cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000458 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1206cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
1207cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
1208cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BCE31FDB944BBD2B4E378704B95BEA36085E5ADA
1209cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3020338~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
1210cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1211cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1212cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1213cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
1214cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1215cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'gdi32.dll'.
1216cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
1217cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1218cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1219cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1220cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000484 pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
1221cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
1222cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
1223cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FAF1DA7C8C4B3B49A52A2B8999865DEDC4F50EC6
1224cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3072633~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
1225cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1226cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1227cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1228cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
1229cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1230cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
1231cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
1232cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1233cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1234cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000494 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
1235cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
1236cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
1237cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7E0E9506F317BDB184E9D79C726FEC46DD5C742F
1238cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3080446~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
1239cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1240cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1241cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
1242cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1243cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1244cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
1245cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1246cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1247cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1248cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1249cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1250cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1251cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1252cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1253cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1254cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
1255cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
1256cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1257cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1258cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1259cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
1260cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1261cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1262cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust
1263cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1264cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1265cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1266cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1267cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
1268cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
1269cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1270cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1271cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1272cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1273cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1274cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
1275cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
1276cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
1277cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
1278cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
1279cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll) WinVerifyTrust
1280cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1281cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1282cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1283cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1284cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1285cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1286cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
1287cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1288cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1289cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll) WinVerifyTrust
1290cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1291cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1292cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1293cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1294cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1295cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1296cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1297cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
1298cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
1299cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1300cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
1301cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1302cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
1303cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1304cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1305cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1306cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1307cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1308cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004c4 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1309cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
1310cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
1311cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4C7570E385B8CF66CB40344231F3E0AA4189574F
1312cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1313cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1314cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1315cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1316cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1317cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1318cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1319cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1320cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
1321cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1322cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1323cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1324cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1325cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1326cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004b8 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
1327cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
1328cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
1329cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6D0AC3B30C2D6C734EBBA3E99BF60B93FDF28E33
1330cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
1331cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1332cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1333cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1334cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1335cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1336cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1337cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1338cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
1339cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1340cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1341cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1342cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004b0 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
1343cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
1344cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
1345cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8AAE7D02045ADA954DBE714C716FEAB98D1A54F0
1346cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
1347cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1348cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1349cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1350cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1351cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
1352cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1353cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1354cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1355cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1356cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1357cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1358cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1359cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1360cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1361cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1362cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
1363cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
1364cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1365cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1366cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
1367cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
1368cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
1369cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1370cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1371cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1372cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1373cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1374cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1375cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1376cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1377cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1378cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1379cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1380cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1381cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1382cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1383cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1384cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1385cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1386cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1387cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1388cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1389cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1390cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1391cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1392cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1393cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1394cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1395cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1396cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1397cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1398cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1399cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1400cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1401cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1402cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1403cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1404cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1405cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1406cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1407cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1408cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1409cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1410cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004d0 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
1411cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
1412cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
1413cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B39657B6044CE5C98BB9FC443679CBDE0E6BE222
1414cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
1415cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1416cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1417cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1418cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1419cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust
1420cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
1421cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1422cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1423cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1424cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1425cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1426cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1427cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1428cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1429cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1430cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1431cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1432cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000047c pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1433cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
1434cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
1435cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1C456ACB19416C5E733133B4582891146F151614
1436cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
1437cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1438cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1439cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1440cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1441cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1442cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1443cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1444cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
1445cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1446cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1447cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1448cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1449cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1450cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1451cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1452cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1453cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1454cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1455cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1456cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1457cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1458cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1459cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1460cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1461cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1462cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1463cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1464cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1465cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1466cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1467cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1468cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1469cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1470cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1471cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1472cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1473cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1474cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1475cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1476cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1477cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1478cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1479cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1480cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1481cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1482cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1483cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1484cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1485cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1486cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1487cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1488cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1489cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1490cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1491cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1492cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1493cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1494cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1495cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1496cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1497cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1498cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1499cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1500cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1501cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1502cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000498 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
1503cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
1504cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
1505cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6F6BC11030E34EE31C1BFA1892BB38C959ED836D
1506cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3059317~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
1507cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1508cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1509cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1510cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1511cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
1512cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
1513cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1514cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1515cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1516cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1517cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1518cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1519cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1520cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1521cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1522cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1523cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1524cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1525cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1526cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1527cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1528cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1529cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
1530cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
1531cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1532cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1533cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1534cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1535cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1536cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1537cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1538cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1539cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1540cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1541cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1542cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1543cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
1544cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
1545cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004c0 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1546cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
1547cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
1548cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=16BBD8EF93DEB2283AA2548BAF76579D798DC50D
1549cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3078667~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
1550cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1551cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1552cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1553cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1554cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
1555cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1556cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1557cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1558cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004c8 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
1559cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
1560cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
1561cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=07B90F6FCFF3E079727E8F6884115307C6E5BA41
1562cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
1563cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1564cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
1565cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
1566cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
1567cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1568cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1569cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
1570cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
1571cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
1572cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1573cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1574cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1575cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1576cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1577cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004ec pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
1578cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
1579cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
1580cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0121BFD26E8D5A165F8B76EDF84833D970DB8D96
1581cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3087039~31bf3856ad364e35~x86~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
1582cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1583cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1584cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1585cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1586cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
1587cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1588cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1589cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1590cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1591cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1592cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1593cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1594cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1595cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1596cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1597cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1598cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
1599cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
1600cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004f4 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
1601cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
1602cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
1603cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EE1631BE6E86D9131380E981EC05320E6DF3FD3A
1604cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
1605cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1606cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1607cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'cfgmgr32.dll'.
1608cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
1609cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
1610cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1611cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1612cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1613cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1614cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1615cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1616cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1617cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1618cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1619cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1620cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1621cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1622cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1623cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004e8 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1624cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
1625cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
1626cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A2D26C675A9F5FB0ABA919E9F71726151CB174F1
1627cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
1628cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1629cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1630cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
1631cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1632cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) WinVerifyTrust
1633cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1634cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1635cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1636cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1637cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1638cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1639cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1640cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1641cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1642cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1643cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1644cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1645cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1646cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1647cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1648cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1649cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1650cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1651cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1652cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1653cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1654cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1655cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1656cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1657cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082279c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1658cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1659cdc.ce0: supR3HardenedDllNotificationCallback: load 69ac0000 LB 0x00817000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
1660cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1661cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1662cdc.ce0: supR3HardenedDllNotificationCallback: load 6aba0000 LB 0x000c8000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
1663cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1664cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1665cdc.ce0: supR3HardenedDllNotificationCallback: load 6bce0000 LB 0x00022000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
1666cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1667cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1668cdc.ce0: supR3HardenedDllNotificationCallback: load 6aab0000 LB 0x000e7000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
1669cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1670cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1671cdc.ce0: supR3HardenedDllNotificationCallback: load 6bcd0000 LB 0x00006000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
1672cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1673cdc.ce0: supR3HardenedDllNotificationCallback: load 77280000 LB 0x0019d000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
1674cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1675cdc.ce0: supR3HardenedDllNotificationCallback: load 75720000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1676cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1677cdc.ce0: supR3HardenedDllNotificationCallback: load 75a00000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1678cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1679cdc.ce0: supR3HardenedDllNotificationCallback: load 75ee0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1680cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1681cdc.ce0: supR3HardenedDllNotificationCallback: load 75750000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1682cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
1683cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1684cdc.ce0: supR3HardenedDllNotificationCallback: load 738c0000 LB 0x00013000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
1685cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1686cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1687cdc.ce0: supR3HardenedDllNotificationCallback: load 6a890000 LB 0x00218000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.dll [fFlags=0x0]
1688cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1689cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
1690cdc.ce0: supR3HardenedDllNotificationCallback: load 6bcc0000 LB 0x00007000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
1691cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
1692cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1693cdc.ce0: supR3HardenedDllNotificationCallback: load 6a610000 LB 0x00274000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
1694cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1695cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1696cdc.ce0: supR3HardenedDllNotificationCallback: load 692b0000 LB 0x00810000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
1697cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1698cdc.ce0: supR3HardenedDllNotificationCallback: load 770f0000 LB 0x0007b000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
1699cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1700cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1701cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1702cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1703cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll)
1704cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
1705cdc.ce0: supR3HardenedDllNotificationCallback: load 69220000 LB 0x00084000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\COMCTL32.dll [fFlags=0x0]
1706cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll [avoiding WinVerifyTrust]
1707cdc.ce0: supR3HardenedDllNotificationCallback: load 760c0000 LB 0x00c4b000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
1708cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1709cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1710cdc.ce0: supR3HardenedDllNotificationCallback: load 70bc0000 LB 0x00032000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
1711cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1712cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
1713cdc.ce0: supR3HardenedDllNotificationCallback: load 71260000 LB 0x00051000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
1714cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
1715cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1716cdc.ce0: supR3HardenedDllNotificationCallback: load 69150000 LB 0x000c1000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
1717cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1718cdc.ce0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll'.
1719cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll' [rescheduled]
1720cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1721cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1722cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1723cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1724cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1725cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1726cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1727cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008229bc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1728cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76040000 'C:\Windows\system32\imm32.dll'
1729cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=69ac0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
1730cdc.ce0: SUPR3HardenedMain: Calling TrustedMain (69ac1040)...
1731cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1732cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082279c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1733cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=70bc0000 'C:\Windows\system32\winmm.dll'
1734cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000058c pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1735cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
1736cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
1737cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BCFB3B3EDEC8C54A3B95DACAFC19DCB9EA6969BD
1738cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
1739cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1740cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1741cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1742cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
1743cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
1744cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1745cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1746cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1747cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1748cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1749cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1750cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1751cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=024dec14:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1752cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1753cdc.ce0: supR3HardenedDllNotificationCallback: load 73e90000 LB 0x00040000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
1754cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1755cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73e90000 'C:\Windows\system32\uxtheme.dll'
1756cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1757cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=024dec14:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1758cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73e90000 'C:\Windows\system32\uxtheme.dll'
1759cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1760cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=024dec14:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1761cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73e90000 'C:\Windows\system32\uxtheme.dll'
1762cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1763cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=024dec14:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1764cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73e90000 'C:\Windows\system32\uxtheme.dll'
1765cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1766cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082279c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1767cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=738c0000 'C:\Windows\system32\dwmapi.dll'
1768cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1769cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082279c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1770cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75400000 'C:\Windows\system32\CRYPTBASE.dll'
1771cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1772cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082279c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1773cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=760c0000 'C:\Windows\system32\shell32.dll'
1774cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1775cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082279c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1776cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=758e0000 'C:\Windows\system32\kernel32.dll'
1777cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1778cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082279c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1779cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73e90000 'C:\Windows\system32\uxtheme.dll'
1780cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1781cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082279c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1782cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73e90000 'C:\Windows\system32\uxtheme.dll'
1783cdc.ce0: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
1784cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082279c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1785cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
1786cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77680000 'C:\Windows\system32\user32.dll'
1787cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1788cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082279c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1789cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73e90000 'C:\Windows\system32\uxtheme.dll'
1790cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77680000 'C:\Windows\system32\user32.dll'
1791cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77170000 'C:\Windows\system32\advapi32.dll'
1792cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
1793cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082279c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1794cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75700000 'C:\Windows\system32\userenv.dll'
1795cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1796cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082279c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1797cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=758e0000 'C:\Windows\system32\kernel32.dll'
1798cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000005ec pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
1799cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
1800cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
1801cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B560B8A95D275325C41DE5897E348BE60192127E
1802cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
1803cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1804cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1805cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1806cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1807cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1808cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
1809cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
1810cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) WinVerifyTrust
1811cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
1812cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1813cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1814cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1815cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1816cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1817cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1818cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1819cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1820cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1821cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1822cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1823cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1824cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1825cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1826cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1827cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082279c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1828cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
1829cdc.ce0: supR3HardenedDllNotificationCallback: load 75be0000 LB 0x00083000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
1830cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
1831cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75be0000 'C:\Windows\system32\CLBCatQ.DLL'
1832cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77170000 'C:\Windows\system32\ADVAPI32.dll'
1833cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
1834cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822934:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1835cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74ef0000 'C:\Windows\system32\CRYPTSP.dll'
1836cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000614 pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
1837cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
1838cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
1839cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A397FD418538BAA1CB6D18B348447E74938F66EA
1840cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
1841cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1842cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
1843cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
1844cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
1845cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1846cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1847cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082213c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1848cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
1849cdc.ce0: supR3HardenedDllNotificationCallback: load 75470000 LB 0x0000e000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
1850cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
1851cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75470000 'C:\Windows\system32\RpcRtRemote.dll'
1852cdc.680: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1853cdc.680: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1854cdc.680: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
1855cdc.680: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
1856cdc.680: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
1857cdc.680: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1858cdc.680: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
1859cdc.680: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
1860cdc.680: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
1861cdc.680: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1862cdc.680: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1863cdc.680: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1864cdc.680: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1865cdc.680: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1866cdc.680: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1867cdc.680: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1868cdc.680: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1869cdc.680: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1870cdc.680: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1871cdc.680: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1872cdc.680: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
1873cdc.680: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
1874cdc.680: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1875cdc.680: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1876cdc.680: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1877cdc.680: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1878cdc.680: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1879cdc.680: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1880cdc.680: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0084e2e4:C:\Program Files\Oracle\VirtualBox;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1881cdc.680: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
1882cdc.680: supR3HardenedDllNotificationCallback: load 68cf0000 LB 0x00453000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
1883cdc.680: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
1884cdc.680: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
1885cdc.680: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1886cdc.680: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=024dec14:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1887cdc.680: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75a00000 'C:\Windows\system32\oleaut32.dll'
1888cdc.680: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000670 pwszName=\Device\HarddiskVolume2\Windows\System32\sxs.dll
1889cdc.680: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
1890cdc.680: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
1891cdc.680: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=79CE8A02BDEAE624679BB2A7290B3C61ADC51853
1892cdc.680: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\sxs.dll'
1893cdc.680: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1894cdc.680: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sxs.dll) WinVerifyTrust
1895cdc.680: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sxs.dll
1896cdc.680: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SXS.DLL (Input=SXS.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008229bc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1897cdc.680: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
1898cdc.680: supR3HardenedDllNotificationCallback: load 75410000 LB 0x0005f000 C:\Windows\system32\SXS.DLL [fFlags=0x0]
1899cdc.680: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
1900cdc.680: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75410000 'C:\Windows\system32\SXS.DLL'
1901cdc.680: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77170000 'C:\Windows\system32\ADVAPI32.dll'
1902cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1903cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822cec:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1904cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75a00000 'C:\Windows\system32\OLEAUT32.dll'
1905cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77170000 'C:\Windows\system32\ADVAPI32.dll'
1906cdc.ce0: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
1907cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822f94:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1908cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
1909cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77420000 'C:\Windows\system32\gdi32.dll'
1910cdc.a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1911cdc.a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1912cdc.a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxPuelMain.dll) WinVerifyTrust
1913cdc.a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxPuelMain.dll
1914cdc.a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1915cdc.a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1916cdc.a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1917cdc.a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1918cdc.a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008235f4:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1919cdc.a80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxPuelMain.dll
1920cdc.a80: supR3HardenedDllNotificationCallback: load 74210000 LB 0x00006000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxPuelMain.DLL [fFlags=0x0]
1921cdc.a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxPuelMain.dll
1922cdc.a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74210000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxPuelMain.DLL'
1923cdc.a80: supR3HardenedDllNotificationCallback: Unload 74210000 LB 0x00006000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxPuelMain.DLL [flags=0x0]
1924cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77680000 'C:\Windows\system32\user32.dll'
1925cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1926cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082334c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1927cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=760c0000 'C:\Windows\system32\shell32.dll'
1928cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1929cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008232c4:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1930cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75ee0000 'C:\Windows\system32\ole32.dll'
1931cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1932cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822cec:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1933cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=760c0000 'C:\Windows\system32\shell32.dll'
1934cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1935cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822cec:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1936cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=760c0000 'C:\Windows\system32\shell32.dll'
1937cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1938cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822cec:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1939cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75ee0000 'C:\Windows\system32\ole32.dll'
1940cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1941cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822cec:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1942cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75a00000 'C:\Windows\system32\OLEAUT32.dll'
1943cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000ac0 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
1944cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
1945cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
1946cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFAE9B283A50E4A3D49C9E7E37A89888A2B4A44D
1947cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
1948cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1949cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1950cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
1951cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1952cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
1953cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1954cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
1955cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
1956cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
1957cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1958cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1959cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1960cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1961cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1962cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1963cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1964cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1965cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1966cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
1967cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
1968cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000ac8 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
1969cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
1970cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
1971cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E79947DA232978EB549EB8D34A29D88973B71D91
1972cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
1973cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1974cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1975cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
1976cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1977cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1978cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
1979cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
1980cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
1981cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1982cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1983cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1984cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1985cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1986cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1987cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1988cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1989cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1990cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1991cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1992cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1993cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1994cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1995cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=024f1114:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1996cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
1997cdc.ce0: supR3HardenedDllNotificationCallback: load 6fc50000 LB 0x0000a000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
1998cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
1999cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2000cdc.ce0: supR3HardenedDllNotificationCallback: load 6fee0000 LB 0x0005c000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
2001cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2002cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6fc50000 'C:\Windows\system32\wbem\wbemprox.dll'
2003cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000af8 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2004cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
2005cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
2006cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3338693857D113001E407F1B201A10C276605B11
2007cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
2008cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2009cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2010cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2011cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
2012cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2013cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2014cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2015cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2016cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2017cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=024f1114:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2018cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2019cdc.ce0: supR3HardenedDllNotificationCallback: load 6f9d0000 LB 0x0000f000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
2020cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2021cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6f9d0000 'C:\Windows\system32\wbem\wbemsvc.dll'
2022cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000afc pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2023cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
2024cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
2025cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8BC82FF6EDA44F553393099F53D4AED926C6283B
2026cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
2027cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2028cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2029cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
2030cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
2031cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
2032cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2033cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
2034cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
2035cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2036cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
2037cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
2038cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000adc pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2039cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
2040cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
2041cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BD41341CF1BA6E0043138C5705ABB177F2ED6AAD
2042cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll'
2043cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2044cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2045cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
2046cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'ws2_32.dll'.
2047cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll) WinVerifyTrust
2048cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2049cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2050cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2051cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2052cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2053cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2054cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2055cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2056cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2057cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2058cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2059cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2060cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2061cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2062cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2063cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2064cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2065cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2066cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2067cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2068cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=024f1114:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2069cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2070cdc.ce0: supR3HardenedDllNotificationCallback: load 6fd50000 LB 0x00096000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
2071cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2072cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2073cdc.ce0: supR3HardenedDllNotificationCallback: load 6fc60000 LB 0x00018000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
2074cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2075cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6fd50000 'C:\Windows\system32\wbem\fastprox.dll'
2076cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75a00000 'C:\Windows\system32\OLEAUT32.dll'
2077cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2078cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008231b4:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2079cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=70bc0000 'C:\Windows\system32\WINMM.dll'
2080cdc.ce0: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll' [redir]
2081cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll [redoing WinVerifyTrust]
2082cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000504 pwszName=\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
2083cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
2084cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
2085cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6F6BC11030E34EE31C1BFA1892BB38C959ED836D
2086cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3059317~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll'
2087cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2088cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll'
2089cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=008231b4:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2090cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=69220000 'C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll'
2091cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000bd0 pwszName=\Device\HarddiskVolume2\Windows\System32\netcfgx.dll
2092cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
2093cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
2094cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EEE76D5DBE9352B9FB1F4A2B953AA4EDA6294F66
2095cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\netcfgx.dll'
2096cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2097cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shlwapi.dll'.
2098cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2099cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
2100cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2101cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2102cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
2103cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'slc.dll'.
2104cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'nsi.dll'.
2105cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2106cdc.6ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\netcfgx.dll) WinVerifyTrust
2107cdc.6ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
2108cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2109cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2110cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000bc0 pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2111cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
2112cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
2113cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FAD8C6B06A9984F1082FA7D63E0B3AAABCA210F6
2114cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
2115cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2116cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2117cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
2118cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
2119cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
2120cdc.6ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
2121cdc.6ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2122cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2123cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2124cdc.6ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2125cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'slc.dll'...
2126cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'slc.dll' -> '\Device\HarddiskVolume2\Windows\System32\slc.dll' [rcNtRedir=0xc0150008]
2127cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000bb8 pwszName=\Device\HarddiskVolume2\Windows\System32\slc.dll
2128cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
2129cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
2130cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D781A9E895276B15847254BB08F9D70D6E21E60A
2131cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\slc.dll'
2132cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2133cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2134cdc.6ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\slc.dll) WinVerifyTrust
2135cdc.6ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\slc.dll
2136cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2137cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2138cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2139cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2140cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2141cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2142cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2143cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2144cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2145cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2146cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2147cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2148cdc.6ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2149cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2150cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2151cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2152cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2153cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
2154cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
2155cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000bc4 pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll
2156cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
2157cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
2158cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83FA279A149B092654B141C0063E129F0A8FF628
2159cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
2160cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2161cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2162cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2163cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
2164cdc.6ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust
2165cdc.6ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2166cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2167cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2168cdc.6ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2169cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2170cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2171cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2172cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2173cdc.6ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2174cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2175cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2176cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2177cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2178cdc.6ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\netcfgx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=027e2cf4:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2179cdc.6ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
2180cdc.6ac: supR3HardenedDllNotificationCallback: load 6fbd0000 LB 0x00067000 C:\Windows\system32\netcfgx.dll [fFlags=0x0]
2181cdc.6ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
2182cdc.6ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\slc.dll
2183cdc.6ac: supR3HardenedDllNotificationCallback: load 73e10000 LB 0x0000a000 C:\Windows\system32\slc.dll [fFlags=0x0]
2184cdc.6ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\slc.dll
2185cdc.6ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2186cdc.6ac: supR3HardenedDllNotificationCallback: load 74a70000 LB 0x0001c000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0]
2187cdc.6ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2188cdc.6ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2189cdc.6ac: supR3HardenedDllNotificationCallback: load 74a60000 LB 0x00007000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0]
2190cdc.6ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2191cdc.6ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6fbd0000 'C:\Windows\system32\netcfgx.dll'
2192cdc.6ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2193cdc.6ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008230a4:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2194cdc.6ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77280000 'C:\Windows\system32\SETUPAPI.dll'
2195cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2196cdc.6ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
2197cdc.6ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
2198cdc.6ac: supR3HardenedDllNotificationCallback: load 74c70000 LB 0x0000e000 C:\Windows\system32\devrtl.DLL [fFlags=0x0]
2199cdc.6ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
2200cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000c10 pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
2201cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0
2202cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0
2203cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CD89866352298A7134AB5603177CD257C074D584
2204cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
2205cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2206cdc.6ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
2207cdc.6ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
2208cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2209cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2210cdc.6ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.dll (Input=WINTRUST.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008230a4:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2211cdc.6ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75560000 'C:\Windows\system32\WINTRUST.dll'
2212cdc.88c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2213cdc.88c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2214cdc.88c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2215cdc.88c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2216cdc.88c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
2217cdc.88c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2218cdc.88c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2219cdc.88c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2220cdc.88c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2221cdc.88c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2222cdc.88c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2223cdc.88c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2224cdc.88c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2225cdc.88c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2226cdc.88c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2227cdc.88c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822f94:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2228cdc.88c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2229cdc.88c: supR3HardenedDllNotificationCallback: load 6c040000 LB 0x00009000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2230cdc.88c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2231cdc.88c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6c040000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2232cdc.88c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77680000 'C:\Windows\system32\User32.dll'
2233cdc.db8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2234cdc.db8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2235cdc.db8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2236cdc.db8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
2237cdc.db8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2238cdc.db8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2239cdc.db8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2240cdc.db8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2241cdc.db8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2242cdc.db8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2243cdc.db8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2244cdc.db8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2245cdc.db8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822f94:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2246cdc.db8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2247cdc.db8: supR3HardenedDllNotificationCallback: load 6c030000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2248cdc.db8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2249cdc.db8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6c030000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2250cdc.2ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2251cdc.2ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2252cdc.2ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2253cdc.2ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
2254cdc.2ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2255cdc.2ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2256cdc.2ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2257cdc.2ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2258cdc.2ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2259cdc.2ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2260cdc.2ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2261cdc.2ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2262cdc.2ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822f94:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2263cdc.2ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2264cdc.2ac: supR3HardenedDllNotificationCallback: load 6c020000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
2265cdc.2ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2266cdc.2ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6c020000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
2267cdc.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2268cdc.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2269cdc.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2270cdc.338: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
2271cdc.338: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2272cdc.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2273cdc.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2274cdc.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2275cdc.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2276cdc.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2277cdc.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2278cdc.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822f94:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2279cdc.338: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2280cdc.338: supR3HardenedDllNotificationCallback: load 6c010000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
2281cdc.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2282cdc.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6c010000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
2283cdc.6ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2284cdc.6ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822f94:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2285cdc.6ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=760c0000 'C:\Windows\system32\Shell32.dll'
2286cdc.6ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75ee0000 'C:\Windows\system32\ole32.dll'
2287cdc.6ac: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00822f94:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2288cdc.6ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77660000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
2289cdc.6ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
2290cdc.6ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822f94:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2291cdc.6ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=754f0000 'C:\Windows\system32\profapi.dll'
2292cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
2293cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2294cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
2295cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
2296cdc.6ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM32.dll) WinVerifyTrust
2297cdc.6ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM32.dll
2298cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2299cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2300cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2301cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2302cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2303cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2304cdc.6ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2305cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2306cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2307cdc.6ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxREM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822f94:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2308cdc.6ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM32.dll
2309cdc.6ac: supR3HardenedDllNotificationCallback: load 6bf20000 LB 0x000e3000 C:\Program Files\Oracle\VirtualBox\VBoxREM32.DLL [fFlags=0x0]
2310cdc.6ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM32.dll
2311cdc.6ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6bf20000 'C:\Program Files\Oracle\VirtualBox\VBoxREM32.DLL'
2312cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2313cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2314cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2315cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2316cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2317cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2318cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2319cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2320cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2321cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2322cdc.6ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
2323cdc.6ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2324cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2325cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2326cdc.6ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2327cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2328cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2329cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2330cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2331cdc.6ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2332cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2333cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2334cdc.6ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2335cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2336cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2337cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2338cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2339cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2340cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2341cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2342cdc.6ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
2343cdc.6ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2344cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2345cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
2346cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2347cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2348cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2349cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2350cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2351cdc.6ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
2352cdc.6ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2353cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2354cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2355cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2356cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2357cdc.6ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2358cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2359cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2360cdc.6ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
2361cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2362cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2363cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2364cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2365cdc.6ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2366cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2367cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2368cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2369cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2370cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2371cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2372cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2373cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2374cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2375cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2376cdc.6ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2377cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2378cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2379cdc.6ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822f94:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2380cdc.6ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2381cdc.6ac: supR3HardenedDllNotificationCallback: load 68470000 LB 0x00850000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
2382cdc.6ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2383cdc.6ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2384cdc.6ac: supR3HardenedDllNotificationCallback: load 6a5c0000 LB 0x00049000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
2385cdc.6ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2386cdc.6ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2387cdc.6ac: supR3HardenedDllNotificationCallback: load 6bee0000 LB 0x00032000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
2388cdc.6ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2389cdc.6ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68470000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
2390cdc.6ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2391cdc.6ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822f94:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2392cdc.6ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
2393cdc.6ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2394cdc.6ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822f94:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2395cdc.6ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6bee0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
2396cdc.840: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2397cdc.840: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2398cdc.840: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2399cdc.840: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
2400cdc.840: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2401cdc.840: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2402cdc.840: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2403cdc.840: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2404cdc.840: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2405cdc.840: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2406cdc.840: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2407cdc.840: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822f94:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2408cdc.840: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2409cdc.840: supR3HardenedDllNotificationCallback: load 6bed0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
2410cdc.840: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2411cdc.840: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6bed0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
2412cdc.d6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75a00000 'C:\Windows\system32\OLEAUT32.dll'
2413cdc.cec: supR3HardenedDllNotificationCallback: Unload 6fbd0000 LB 0x00067000 C:\Windows\system32\netcfgx.dll [flags=0x0]
2414cdc.cec: supR3HardenedDllNotificationCallback: Unload 73e10000 LB 0x0000a000 C:\Windows\system32\slc.dll [flags=0x0]
2415cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77680000 'C:\Windows\system32\user32.dll'

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy