13fc.f84: Log file opened: 5.0.12r104815 g_hStartupLog=00000010 g_uNtVerCombined=0x611db110 13fc.f84: \SystemRoot\System32\ntdll.dll: 13fc.f84: CreationTime: 2015-11-11T01:40:25.748046800Z 13fc.f84: LastWriteTime: 2015-10-20T00:48:47.299796500Z 13fc.f84: ChangeTime: 2015-11-11T01:51:39.761718700Z 13fc.f84: FileAttributes: 0x20 13fc.f84: Size: 0x13f600 13fc.f84: NT Headers: 0xd0 13fc.f84: Timestamp: 0x56258dbb 13fc.f84: Machine: 0x14c - i386 13fc.f84: Timestamp: 0x56258dbb 13fc.f84: Image Version: 6.1 13fc.f84: SizeOfImage: 0x141000 (1314816) 13fc.f84: Resource Dir: 0xe1000 LB 0x5a028 13fc.f84: ProductName: Microsoft® Windows® Operating System 13fc.f84: ProductVersion: 6.1.7601.19045 13fc.f84: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254) 13fc.f84: FileDescription: NT Layer DLL 13fc.f84: \SystemRoot\System32\kernel32.dll: 13fc.f84: CreationTime: 2015-06-10T01:18:16.643554600Z 13fc.f84: LastWriteTime: 2015-05-09T03:13:42.222000000Z 13fc.f84: ChangeTime: 2015-06-11T00:25:36.694335900Z 13fc.f84: FileAttributes: 0x20 13fc.f84: Size: 0xd4000 13fc.f84: NT Headers: 0xf0 13fc.f84: Timestamp: 0x554d7aff 13fc.f84: Machine: 0x14c - i386 13fc.f84: Timestamp: 0x554d7aff 13fc.f84: Image Version: 6.1 13fc.f84: SizeOfImage: 0xd4000 (868352) 13fc.f84: Resource Dir: 0xc7000 LB 0x528 13fc.f84: ProductName: Microsoft® Windows® Operating System 13fc.f84: ProductVersion: 6.1.7601.18847 13fc.f84: FileVersion: 6.1.7601.18847 (win7sp1_gdr.150508-1512) 13fc.f84: FileDescription: Windows NT BASE API Client DLL 13fc.f84: \SystemRoot\System32\KernelBase.dll: 13fc.f84: CreationTime: 2015-06-10T01:18:16.706054600Z 13fc.f84: LastWriteTime: 2015-05-09T03:13:42.222000000Z 13fc.f84: ChangeTime: 2015-06-11T00:25:36.764648400Z 13fc.f84: FileAttributes: 0x20 13fc.f84: Size: 0x47a00 13fc.f84: NT Headers: 0xe0 13fc.f84: Timestamp: 0x554d7b00 13fc.f84: Machine: 0x14c - i386 13fc.f84: Timestamp: 0x554d7b00 13fc.f84: Image Version: 6.1 13fc.f84: SizeOfImage: 0x4b000 (307200) 13fc.f84: Resource Dir: 0x47000 LB 0x530 13fc.f84: ProductName: Microsoft® Windows® Operating System 13fc.f84: ProductVersion: 6.1.7601.18847 13fc.f84: FileVersion: 6.1.7601.18847 (win7sp1_gdr.150508-1512) 13fc.f84: FileDescription: Windows NT BASE API Client DLL 13fc.f84: \SystemRoot\System32\apisetschema.dll: 13fc.f84: CreationTime: 2015-11-11T01:40:23.794921800Z 13fc.f84: LastWriteTime: 2015-10-20T00:35:03.776000000Z 13fc.f84: ChangeTime: 2015-11-11T01:51:45.983398400Z 13fc.f84: FileAttributes: 0x20 13fc.f84: Size: 0x1a00 13fc.f84: NT Headers: 0xc0 13fc.f84: Timestamp: 0x56258c72 13fc.f84: Machine: 0x14c - i386 13fc.f84: Timestamp: 0x56258c72 13fc.f84: Image Version: 6.1 13fc.f84: SizeOfImage: 0x50000 (327680) 13fc.f84: Resource Dir: 0x30000 LB 0x3f8 13fc.f84: ProductName: Microsoft® Windows® Operating System 13fc.f84: ProductVersion: 6.1.7601.19045 13fc.f84: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254) 13fc.f84: FileDescription: ApiSet Schema DLL 13fc.f84: supR3HardenedWinFindAdversaries: 0x0 13fc.f84: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\VirtualBox' 13fc.f84: Calling main() 13fc.f84: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 13fc.f84: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\VirtualBox' 13fc.f84: SUPR3HardenedMain: Respawn #1 13fc.f84: System32: \Device\HarddiskVolume1\Windows\System32 13fc.f84: WinSxS: \Device\HarddiskVolume1\Windows\winsxs 13fc.f84: KnownDllPath: C:\Windows\system32 13fc.f84: '\Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe' has no imports 13fc.f84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe) 13fc.f84: supR3HardNtEnableThreadCreation: 13fc.f84: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77dc3911 pvNtTerminateThread=77da69c0 13fc.f84: supR3HardenedWinDoReSpawn(1): New child d64.1424 [kernel32]. 13fc.f84: supR3HardNtChildGatherData: PebBaseAddress=7ffd9000 cbPeb=0x248 13fc.f84: supR3HardNtPuChFindNtdll: uNtDllParentAddr=77d60000 uNtDllChildAddr=77d60000 13fc.f84: supR3HardenedWinSetupChildInit: uLdrInitThunk=77dc3911 13fc.f84: supR3HardenedWinSetupChildInit: Start child. 13fc.f84: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 31 ms. 13fc.f84: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 0 sleeps 13fc.f84: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 13fc.f84: *00000000-fffeffff 0x0001/0x0000 0x0000000 13fc.f84: *00010000-fffeffff 0x0004/0x0004 0x0020000 13fc.f84: *00030000-0002bfff 0x0002/0x0002 0x0040000 13fc.f84: 00034000-00027fff 0x0001/0x0000 0x0000000 13fc.f84: *00040000-0003efff 0x0004/0x0004 0x0020000 13fc.f84: 00041000-00031fff 0x0001/0x0000 0x0000000 13fc.f84: *00050000-0004efff 0x0004/0x0004 0x0020000 13fc.f84: 00051000-fffa1fff 0x0001/0x0000 0x0000000 13fc.f84: *00100000-00002fff 0x0000/0x0004 0x0020000 13fc.f84: 001fd000-001fafff 0x0104/0x0004 0x0020000 13fc.f84: 001ff000-001fdfff 0x0004/0x0004 0x0020000 13fc.f84: 00200000-ff20ffff 0x0001/0x0000 0x0000000 13fc.f84: *011f0000-011f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe 13fc.f84: 011f1000-01267fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe 13fc.f84: 01268000-01268fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe 13fc.f84: 01269000-012a2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe 13fc.f84: 012a3000-012a3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe 13fc.f84: 012a4000-012a4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe 13fc.f84: 012a5000-012a5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe 13fc.f84: 012a6000-012a6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe 13fc.f84: 012a7000-012abfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe 13fc.f84: 012ac000-012aefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe 13fc.f84: 012af000-012f2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe 13fc.f84: 012f3000-8a885fff 0x0001/0x0000 0x0000000 13fc.f84: *77d60000-77d60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 13fc.f84: 77d61000-77e37fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 13fc.f84: 77e38000-77e3dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 13fc.f84: 77e3e000-77e3efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 13fc.f84: 77e3f000-77e40fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 13fc.f84: 77e41000-77ea0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 13fc.f84: 77ea1000-77d81fff 0x0001/0x0000 0x0000000 13fc.f84: *77fc0000-77fc0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll 13fc.f84: 77fc1000-6ffe1fff 0x0001/0x0000 0x0000000 13fc.f84: *7ffa0000-7ff6cfff 0x0002/0x0002 0x0040000 13fc.f84: 7ffd3000-7ffccfff 0x0001/0x0000 0x0000000 13fc.f84: *7ffd9000-7ffd7fff 0x0004/0x0004 0x0020000 13fc.f84: 7ffda000-7ffd4fff 0x0001/0x0000 0x0000000 13fc.f84: *7ffdf000-7ffddfff 0x0004/0x0004 0x0020000 13fc.f84: *7ffe0000-7ffdefff 0x0002/0x0002 0x0020000 13fc.f84: 7ffe1000-7ffd1fff 0x0001/0x0002 0x0020000 13fc.f84: apisetschema.dll: timestamp 0x56258c72 (rc=VINF_SUCCESS) 13fc.f84: VirtualBox.exe: timestamp 0x56743212 (rc=VINF_SUCCESS) 13fc.f84: '\Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe' has no imports 13fc.f84: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports 13fc.f84: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports 13fc.f84: supR3HardNtChildPurify: Done after 308 ms and 0 fixes (loop #0). d64.1424: Log file opened: 5.0.12r104815 g_hStartupLog=00000004 g_uNtVerCombined=0x611db110 d64.1424: supR3HardenedVmProcessInit: uNtDllAddr=77d60000 d64.1424: ntdll.dll: timestamp 0x56258dbb (rc=VINF_SUCCESS) d64.1424: New simple heap: #1 00300000 LB 0x400000 (for 1314816 allocation) d64.1424: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\VirtualBox' d64.1424: System32: \Device\HarddiskVolume1\Windows\System32 d64.1424: WinSxS: \Device\HarddiskVolume1\Windows\winsxs d64.1424: KnownDllPath: C:\Windows\system32 d64.1424: supR3HardenedVmProcessInit: Opening vboxdrv stub... 13fc.f84: supR3HardNtEnableThreadCreation: d64.1424: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... d64.1424: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... d64.1424: Registered Dll notification callback with NTDLL. d64.1424: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll) d64.1424: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll d64.1424: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000: [calling] d64.1424: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] d64.1424: supR3HardenedDllNotificationCallback: load 77c80000 LB 0x000d4000 C:\Windows\system32\kernel32.dll [fFlags=0x0] d64.1424: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] d64.1424: supR3HardenedDllNotificationCallback: load 75f80000 LB 0x0004b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] d64.1424: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll) d64.1424: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll d64.1424: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77c80000 'C:\Windows\system32\kernel32.dll' d64.1424: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77dc3911 pvNtTerminateThread=77da69c0 d64.1424: \SystemRoot\System32\ntdll.dll: d64.1424: CreationTime: 2015-11-11T01:40:25.748046800Z d64.1424: LastWriteTime: 2015-10-20T00:48:47.299796500Z d64.1424: ChangeTime: 2015-11-11T01:51:39.761718700Z d64.1424: FileAttributes: 0x20 d64.1424: Size: 0x13f600 d64.1424: NT Headers: 0xd0 d64.1424: Timestamp: 0x56258dbb d64.1424: Machine: 0x14c - i386 d64.1424: Timestamp: 0x56258dbb d64.1424: Image Version: 6.1 d64.1424: SizeOfImage: 0x141000 (1314816) d64.1424: Resource Dir: 0xe1000 LB 0x5a028 d64.1424: ProductName: Microsoft® Windows® Operating System d64.1424: ProductVersion: 6.1.7601.19045 d64.1424: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254) d64.1424: FileDescription: NT Layer DLL 13fc.f84: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 40 ms. d64.1424: \SystemRoot\System32\kernel32.dll: d64.1424: CreationTime: 2015-06-10T01:18:16.643554600Z d64.1424: LastWriteTime: 2015-05-09T03:13:42.222000000Z d64.1424: ChangeTime: 2015-06-11T00:25:36.694335900Z d64.1424: FileAttributes: 0x20 d64.1424: Size: 0xd4000 d64.1424: NT Headers: 0xf0 d64.1424: Timestamp: 0x554d7aff d64.1424: Machine: 0x14c - i386 d64.1424: Timestamp: 0x554d7aff d64.1424: Image Version: 6.1 d64.1424: SizeOfImage: 0xd4000 (868352) d64.1424: Resource Dir: 0xc7000 LB 0x528 d64.1424: ProductName: Microsoft® Windows® Operating System d64.1424: ProductVersion: 6.1.7601.18847 d64.1424: FileVersion: 6.1.7601.18847 (win7sp1_gdr.150508-1512) d64.1424: FileDescription: Windows NT BASE API Client DLL d64.1424: \SystemRoot\System32\KernelBase.dll: d64.1424: CreationTime: 2015-06-10T01:18:16.706054600Z d64.1424: LastWriteTime: 2015-05-09T03:13:42.222000000Z d64.1424: ChangeTime: 2015-06-11T00:25:36.764648400Z d64.1424: FileAttributes: 0x20 d64.1424: Size: 0x47a00 d64.1424: NT Headers: 0xe0 d64.1424: Timestamp: 0x554d7b00 d64.1424: Machine: 0x14c - i386 d64.1424: Timestamp: 0x554d7b00 d64.1424: Image Version: 6.1 d64.1424: SizeOfImage: 0x4b000 (307200) d64.1424: Resource Dir: 0x47000 LB 0x530 d64.1424: ProductName: Microsoft® Windows® Operating System d64.1424: ProductVersion: 6.1.7601.18847 d64.1424: FileVersion: 6.1.7601.18847 (win7sp1_gdr.150508-1512) d64.1424: FileDescription: Windows NT BASE API Client DLL d64.1424: \SystemRoot\System32\apisetschema.dll: d64.1424: CreationTime: 2015-11-11T01:40:23.794921800Z d64.1424: LastWriteTime: 2015-10-20T00:35:03.776000000Z d64.1424: ChangeTime: 2015-11-11T01:51:45.983398400Z d64.1424: FileAttributes: 0x20 d64.1424: Size: 0x1a00 d64.1424: NT Headers: 0xc0 d64.1424: Timestamp: 0x56258c72 d64.1424: Machine: 0x14c - i386 d64.1424: Timestamp: 0x56258c72 d64.1424: Image Version: 6.1 d64.1424: SizeOfImage: 0x50000 (327680) d64.1424: Resource Dir: 0x30000 LB 0x3f8 d64.1424: ProductName: Microsoft® Windows® Operating System d64.1424: ProductVersion: 6.1.7601.19045 d64.1424: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254) d64.1424: FileDescription: ApiSet Schema DLL d64.1424: supR3HardenedWinFindAdversaries: 0x0 d64.1424: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\VirtualBox' d64.1424: Calling main() d64.1424: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 d64.1424: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\VirtualBox' d64.1424: '\Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe' has no imports d64.1424: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe) d64.1424: SUPR3HardenedMain: Respawn #2 d64.1424: supR3HardNtEnableThreadCreation: d64.1424: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\embdtrst.dll) d64.1424: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\embdtrst.dll d64.1424: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\EmbdTrst.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d29f4:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] d64.1424: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\embdtrst.dll [lacks WinVerifyTrust] d64.1424: supR3HardenedDllNotificationCallback: load 75aa0000 LB 0x00005000 C:\Windows\system32\EmbdTrst.DLL [fFlags=0x0] d64.1424: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\embdtrst.dll [lacks WinVerifyTrust] d64.1424: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75aa0000 'C:\Windows\system32\EmbdTrst.DLL' d64.1424: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\apphelp.dll) d64.1424: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\apphelp.dll d64.1424: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000: [calling] d64.1424: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust] d64.1424: supR3HardenedDllNotificationCallback: load 759e0000 LB 0x0004c000 C:\Windows\system32\apphelp.dll [fFlags=0x0] d64.1424: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust] d64.1424: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=759e0000 'C:\Windows\system32\apphelp.dll' d64.1424: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77dc3911 pvNtTerminateThread=77da69c0 d64.1424: supR3HardenedWinDoReSpawn(2): New child 1478.1738 [kernel32]. d64.1424: supR3HardNtChildGatherData: PebBaseAddress=7ffdf000 cbPeb=0x248 d64.1424: supR3HardNtPuChFindNtdll: uNtDllParentAddr=77d60000 uNtDllChildAddr=77d60000 d64.1424: supR3HardenedWinSetupChildInit: uLdrInitThunk=77dc3911 d64.1424: supR3HardenedWinSetupChildInit: Start child. d64.1424: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 23 ms. d64.1424: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 0 sleeps d64.1424: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION d64.1424: *00000000-fffeffff 0x0001/0x0000 0x0000000 d64.1424: *00010000-fffeffff 0x0004/0x0004 0x0020000 d64.1424: *00030000-0002bfff 0x0002/0x0002 0x0040000 d64.1424: 00034000-00027fff 0x0001/0x0000 0x0000000 d64.1424: *00040000-0003efff 0x0004/0x0004 0x0020000 d64.1424: 00041000-00031fff 0x0001/0x0000 0x0000000 d64.1424: *00050000-fff52fff 0x0000/0x0004 0x0020000 d64.1424: 0014d000-0014afff 0x0104/0x0004 0x0020000 d64.1424: 0014f000-0014dfff 0x0004/0x0004 0x0020000 d64.1424: *00150000-0014efff 0x0004/0x0004 0x0020000 d64.1424: 00151000-ff0b1fff 0x0001/0x0000 0x0000000 d64.1424: *011f0000-011f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe d64.1424: 011f1000-01267fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe d64.1424: 01268000-01268fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe d64.1424: 01269000-012a2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe d64.1424: 012a3000-012a3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe d64.1424: 012a4000-012a4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe d64.1424: 012a5000-012a5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe d64.1424: 012a6000-012a6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe d64.1424: 012a7000-012abfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe d64.1424: 012ac000-012aefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe d64.1424: 012af000-012f2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe d64.1424: 012f3000-8a885fff 0x0001/0x0000 0x0000000 d64.1424: *77d60000-77d60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll d64.1424: 77d61000-77e37fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll d64.1424: 77e38000-77e3dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll d64.1424: 77e3e000-77e3efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll d64.1424: 77e3f000-77e40fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll d64.1424: 77e41000-77ea0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll d64.1424: 77ea1000-77d81fff 0x0001/0x0000 0x0000000 d64.1424: *77fc0000-77fc0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll d64.1424: 77fc1000-6ffe1fff 0x0001/0x0000 0x0000000 d64.1424: *7ffa0000-7ff6cfff 0x0002/0x0002 0x0040000 d64.1424: 7ffd3000-7ffc7fff 0x0001/0x0000 0x0000000 d64.1424: *7ffde000-7ffdcfff 0x0004/0x0004 0x0020000 d64.1424: *7ffdf000-7ffddfff 0x0004/0x0004 0x0020000 d64.1424: *7ffe0000-7ffdefff 0x0002/0x0002 0x0020000 d64.1424: 7ffe1000-7ffd1fff 0x0001/0x0002 0x0020000 d64.1424: apisetschema.dll: timestamp 0x56258c72 (rc=VINF_SUCCESS) d64.1424: VirtualBox.exe: timestamp 0x56743212 (rc=VINF_SUCCESS) d64.1424: '\Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe' has no imports d64.1424: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports d64.1424: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports d64.1424: supR3HardNtChildPurify: Done after 308 ms and 0 fixes (loop #0). 1478.1738: Log file opened: 5.0.12r104815 g_hStartupLog=00000004 g_uNtVerCombined=0x611db110 1478.1738: supR3HardenedVmProcessInit: uNtDllAddr=77d60000 1478.1738: ntdll.dll: timestamp 0x56258dbb (rc=VINF_SUCCESS) 1478.1738: New simple heap: #1 00260000 LB 0x400000 (for 1314816 allocation) d64.1424: supR3HardenedEarlyCompact: Removed heap 1 (0x300000 LB 0x400000) d64.1424: supR3HardNtEnableThreadCreation: 1478.1738: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\VirtualBox' 1478.1738: System32: \Device\HarddiskVolume1\Windows\System32 1478.1738: WinSxS: \Device\HarddiskVolume1\Windows\winsxs 1478.1738: KnownDllPath: C:\Windows\system32 1478.1738: supR3HardenedVmProcessInit: Opening vboxdrv... 1478.1738: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 1478.1738: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 1478.1738: Registered Dll notification callback with NTDLL. 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000: [calling] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 77c80000 LB 0x000d4000 C:\Windows\system32\kernel32.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 75f80000 LB 0x0004b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77c80000 'C:\Windows\system32\kernel32.dll' 1478.1738: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77dc3911 pvNtTerminateThread=77da69c0 d64.1424: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 64 ms. 1478.1738: \SystemRoot\System32\ntdll.dll: 1478.1738: CreationTime: 2015-11-11T01:40:25.748046800Z 1478.1738: LastWriteTime: 2015-10-20T00:48:47.299796500Z 1478.1738: ChangeTime: 2015-11-11T01:51:39.761718700Z 1478.1738: FileAttributes: 0x20 1478.1738: Size: 0x13f600 1478.1738: NT Headers: 0xd0 1478.1738: Timestamp: 0x56258dbb 1478.1738: Machine: 0x14c - i386 1478.1738: Timestamp: 0x56258dbb 1478.1738: Image Version: 6.1 1478.1738: SizeOfImage: 0x141000 (1314816) 1478.1738: Resource Dir: 0xe1000 LB 0x5a028 1478.1738: ProductName: Microsoft® Windows® Operating System 1478.1738: ProductVersion: 6.1.7601.19045 1478.1738: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254) 1478.1738: FileDescription: NT Layer DLL 1478.1738: \SystemRoot\System32\kernel32.dll: 1478.1738: CreationTime: 2015-06-10T01:18:16.643554600Z 1478.1738: LastWriteTime: 2015-05-09T03:13:42.222000000Z 1478.1738: ChangeTime: 2015-06-11T00:25:36.694335900Z 1478.1738: FileAttributes: 0x20 1478.1738: Size: 0xd4000 1478.1738: NT Headers: 0xf0 1478.1738: Timestamp: 0x554d7aff 1478.1738: Machine: 0x14c - i386 1478.1738: Timestamp: 0x554d7aff 1478.1738: Image Version: 6.1 1478.1738: SizeOfImage: 0xd4000 (868352) 1478.1738: Resource Dir: 0xc7000 LB 0x528 1478.1738: ProductName: Microsoft® Windows® Operating System 1478.1738: ProductVersion: 6.1.7601.18847 1478.1738: FileVersion: 6.1.7601.18847 (win7sp1_gdr.150508-1512) 1478.1738: FileDescription: Windows NT BASE API Client DLL 1478.1738: \SystemRoot\System32\KernelBase.dll: 1478.1738: CreationTime: 2015-06-10T01:18:16.706054600Z 1478.1738: LastWriteTime: 2015-05-09T03:13:42.222000000Z 1478.1738: ChangeTime: 2015-06-11T00:25:36.764648400Z 1478.1738: FileAttributes: 0x20 1478.1738: Size: 0x47a00 1478.1738: NT Headers: 0xe0 1478.1738: Timestamp: 0x554d7b00 1478.1738: Machine: 0x14c - i386 1478.1738: Timestamp: 0x554d7b00 1478.1738: Image Version: 6.1 1478.1738: SizeOfImage: 0x4b000 (307200) 1478.1738: Resource Dir: 0x47000 LB 0x530 1478.1738: ProductName: Microsoft® Windows® Operating System 1478.1738: ProductVersion: 6.1.7601.18847 1478.1738: FileVersion: 6.1.7601.18847 (win7sp1_gdr.150508-1512) 1478.1738: FileDescription: Windows NT BASE API Client DLL 1478.1738: \SystemRoot\System32\apisetschema.dll: 1478.1738: CreationTime: 2015-11-11T01:40:23.794921800Z 1478.1738: LastWriteTime: 2015-10-20T00:35:03.776000000Z 1478.1738: ChangeTime: 2015-11-11T01:51:45.983398400Z 1478.1738: FileAttributes: 0x20 1478.1738: Size: 0x1a00 1478.1738: NT Headers: 0xc0 1478.1738: Timestamp: 0x56258c72 1478.1738: Machine: 0x14c - i386 1478.1738: Timestamp: 0x56258c72 1478.1738: Image Version: 6.1 1478.1738: SizeOfImage: 0x50000 (327680) 1478.1738: Resource Dir: 0x30000 LB 0x3f8 1478.1738: ProductName: Microsoft® Windows® Operating System 1478.1738: ProductVersion: 6.1.7601.19045 1478.1738: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254) 1478.1738: FileDescription: ApiSet Schema DLL 1478.1738: supR3HardenedWinFindAdversaries: 0x0 1478.1738: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\VirtualBox' 1478.1738: Calling main() 1478.1738: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 1478.1738: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\VirtualBox' 1478.1738: '\Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe' has no imports 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe) 1478.1738: SUPR3HardenedMain: Final process, opening VBoxDrv... 1478.1738: supR3HardenedEarlyCompact: Removed heap 1 (0x260000 LB 0x400000) 1478.1738: supR3HardNtEnableThreadCreation: 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSupLib.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSupLib.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d24c4:C:\Windows\system32 [calling] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 74a90000 LB 0x00005000 C:\Program Files\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74a90000 'C:\Program Files\VirtualBox\VBoxSupLib.DLL' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74a90000 'C:\Program Files\VirtualBox\VBoxSupLib.DLL' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74a90000 'C:\Program Files\VirtualBox\VBoxSupLib.DLL' 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\wintrust.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wintrust.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msasn1.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msasn1.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\crypt32.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\crypt32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msvcrt.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcrt.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d24c4:C:\Windows\system32 [calling] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 75f10000 LB 0x0002f000 C:\Windows\system32\Wintrust.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 770e0000 LB 0x000ac000 C:\Windows\system32\msvcrt.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 75d90000 LB 0x00121000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 75d50000 LB 0x0000c000 C:\Windows\system32\MSASN1.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 77260000 LB 0x000a2000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75f10000 'C:\Windows\system32\Wintrust.dll' 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\bcrypt.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcrypt.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d24c4:C:\Windows\system32 [calling] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 75710000 LB 0x00017000 C:\Windows\system32\bcrypt.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75710000 'C:\Windows\system32\bcrypt.dll' 1478.1738: bcrypt.dll loaded at 75710000, BCryptOpenAlgorithmProvider at 75712cda, preloading providers: 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\advapi32.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\advapi32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 75280000 LB 0x0003d000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 77820000 LB 0x000a0000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\sechost.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sechost.dll 1478.1738: supR3HardenedDllNotificationCallback: load 77eb0000 LB 0x00019000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\sechost.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75280000 'C:\Windows\system32\bcryptprimitives.dll' 1478.1738: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=007effe0) 1478.1738: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=007f0630) 1478.1738: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=007f13e8) 1478.1738: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=007eff38) 1478.1738: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=007f1538) 1478.1738: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=007f15d8) 1478.1738: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=007f1488) 1478.1738: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=007f1748) 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptsp.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptsp.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 75590000 LB 0x00017000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75590000 'C:\Windows\system32\CRYPTSP.dll' 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rsaenh.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rsaenh.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 75340000 LB 0x0003b000 C:\Windows\system32\rsaenh.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75340000 'C:\Windows\system32\rsaenh.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77820000 'C:\Windows\system32\ADVAPI32.dll' 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptbase.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptbase.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 75a30000 LB 0x0000c000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75a30000 'C:\Windows\system32\CRYPTBASE.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77c80000 'C:\Windows\system32\kernel32.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75f10000 'C:\Windows\system32\WINTRUST.DLL' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75d90000 'C:\Windows\system32\CRYPT32.dll' 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'advapi32.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\imagehlp.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\imagehlp.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imagehlp.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 76070000 LB 0x0002b000 C:\Windows\system32\imagehlp.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imagehlp.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76070000 'C:\Windows\system32\imagehlp.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75590000 'C:\Windows\system32\CRYPTSP.dll' 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\user32.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\user32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\gdi32.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gdi32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume1\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\lpk.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\lpk.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume1\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\usp10.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\usp10.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 77190000 LB 0x000c9000 C:\Windows\system32\USER32.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 77bd0000 LB 0x0004e000 C:\Windows\system32\GDI32.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 77ef0000 LB 0x0000a000 C:\Windows\system32\LPK.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\lpk.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 77530000 LB 0x0009d000 C:\Windows\system32\USP10.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\usp10.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll' 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\imm32.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\imm32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume1\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msctf.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msctf.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 77ed0000 LB 0x0001f000 C:\Windows\system32\IMM32.DLL [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 77460000 LB 0x000cc000 C:\Windows\system32\MSCTF.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msctf.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77ed0000 'C:\Windows\system32\IMM32.DLL' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.dll' 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\ncrypt.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ncrypt.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\ncrypt.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 75730000 LB 0x00039000 C:\Windows\system32\ncrypt.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\ncrypt.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75730000 'C:\Windows\system32\ncrypt.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75710000 'C:\Windows\system32\bcrypt.dll' 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'crypt32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp71.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr71.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\aetsprov.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\aetsprov.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr71.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr71.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcr71.dll' [rcNtRedir=0xc0150008] 1478.1738: \Device\HarddiskVolume1\Windows\System32\msvcr71.dll: Owner is administrators group. 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msvcr71.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcr71.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp71.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp71.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcp71.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr71.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msvcp71.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcp71.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr71.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr71.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcr71.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcr71.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\aetsprov.dll (Input=aetsprov.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\aetsprov.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 10000000 LB 0x00012000 C:\Windows\system32\aetsprov.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\aetsprov.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcp71.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 7c3a0000 LB 0x0007b000 C:\Windows\system32\MSVCP71.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcp71.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcr71.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 7c340000 LB 0x00056000 C:\Windows\system32\MSVCR71.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcr71.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=10000000 'C:\Windows\system32\aetsprov.dll' 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'hid.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'setupapi.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'winscard.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\aetpkss1.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\aetpkss1.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\ole32.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ole32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winscard.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'winscard.dll' -> '\Device\HarddiskVolume1\Windows\System32\winscard.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\WinSCard.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\WinSCard.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\setupapi.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\setupapi.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hid.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'hid.dll' -> '\Device\HarddiskVolume1\Windows\System32\hid.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\hid.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\hid.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume1\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'cfgmgr32.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\devobj.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\devobj.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'gdi32.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\oleaut32.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\oleaut32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\ole32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\aetpkss1.dll (Input=aetpkss1.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\aetpkss1.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 008d0000 LB 0x000c0000 C:\Windows\system32\aetpkss1.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\aetpkss1.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\hid.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 74630000 LB 0x00009000 C:\Windows\system32\HID.DLL [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\hid.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 77a30000 LB 0x0019d000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 75d60000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 760a0000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 778c0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\ole32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 75ef0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\devobj.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\WinSCard.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 6b850000 LB 0x00023000 C:\Windows\system32\WinSCard.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\WinSCard.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77c80000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=008d0000 'C:\Windows\system32\aetpkss1.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\WinSCard.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winscard.dll (Input=winscard.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6b850000 'C:\Windows\system32\winscard.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77eb0000 'API-MS-WIN-Service-Management-L1-1-0.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77260000 'C:\Windows\system32\rpcrt4.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77eb0000 'API-MS-WIN-Service-Management-L2-1-0.dll' 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\winsta.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winsta.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINSTA.dll (Input=WINSTA.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\winsta.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 75220000 LB 0x00029000 C:\Windows\system32\WINSTA.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\winsta.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75220000 'C:\Windows\system32\WINSTA.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77820000 'C:\Windows\system32\ADVAPI32.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77eb0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77260000 'C:\Windows\system32\RPCRT4.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77eb0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll' 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\wtsapi32.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wtsapi32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WTSAPI32.dll (Input=WTSAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wtsapi32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 741d0000 LB 0x0000d000 C:\Windows\system32\WTSAPI32.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wtsapi32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=741d0000 'C:\Windows\system32\WTSAPI32.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\winsta.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINSTA.dll (Input=WINSTA.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75220000 'C:\Windows\system32\WINSTA.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75a30000 'C:\Windows\system32\CRYPTBASE.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\aetcmgr.dll': 0 (NtPath=\??\C:\Windows\system32\aetcmgr.dll; Input=aetcmgr.dll; rcNtGetDll=0xc0000135 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\aetcmgr.dll (Input=aetcmgr.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\aetcmgr.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.dll (Input=WINTRUST.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75f10000 'C:\Windows\system32\WINTRUST.dll' 1478.9e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\aetpkss1.dll [lacks WinVerifyTrust] 1478.9e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\aetpkss1.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.9e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=008d0000 'C:\Windows\system32\aetpkss1.dll' 1478.123c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\aetpkss1.dll [lacks WinVerifyTrust] 1478.123c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\aetpkss1.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.123c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=008d0000 'C:\Windows\system32\aetpkss1.dll' 1478.123c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust] 1478.123c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.123c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75d60000 'C:\Windows\system32\CFGMGR32.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77eb0000 'API-MS-Win-Security-SDDL-L1-1-0.dll' 1478.1738: supR3HardenedDllNotificationCallback: Unload 008d0000 LB 0x000c0000 C:\Windows\system32\aetpkss1.dll [flags=0x0] 1478.1738: supR3HardenedDllNotificationCallback: Unload 6b850000 LB 0x00023000 C:\Windows\system32\WinSCard.dll [flags=0x0] 1478.1738: supR3HardenedDllNotificationCallback: Unload 77a30000 LB 0x0019d000 C:\Windows\system32\SETUPAPI.dll [flags=0x0] 1478.1738: supR3HardenedDllNotificationCallback: Unload 75ef0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [flags=0x0] 1478.1738: supR3HardenedDllNotificationCallback: Unload 760a0000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [flags=0x0] 1478.1738: supR3HardenedDllNotificationCallback: Unload 778c0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [flags=0x0] 1478.1738: supR3HardenedDllNotificationCallback: Unload 74630000 LB 0x00009000 C:\Windows\system32\HID.DLL [flags=0x0] 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'profapi.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\userenv.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\userenv.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\profapi.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\profapi.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\userenv.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 75f50000 LB 0x00017000 C:\Windows\system32\USERENV.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\userenv.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 75d40000 LB 0x0000b000 C:\Windows\system32\profapi.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\profapi.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75f50000 'C:\Windows\system32\USERENV.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77eb0000 'API-MS-Win-Security-SDDL-L1-1-0.dll' 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\gpapi.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gpapi.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gpapi.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 75160000 LB 0x00016000 C:\Windows\system32\GPAPI.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gpapi.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75160000 'C:\Windows\system32\GPAPI.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77eb0000 'API-MS-WIN-Service-Management-L1-1-0.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77eb0000 'API-MS-WIN-Service-Management-L2-1-0.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77eb0000 'API-MS-Win-Security-SDDL-L1-1-0.dll' 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'crypt32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'wldap32.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptnet.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptnet.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume1\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\Wldap32.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\Wldap32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 74310000 LB 0x0001c000 C:\Windows\system32\cryptnet.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 77f60000 LB 0x00045000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\Wldap32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74310000 'C:\Windows\system32\cryptnet.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74310000 'C:\Windows\system32\cryptnet.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74310000 'C:\Windows\system32\cryptnet.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74310000 'C:\Windows\system32\cryptnet.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74310000 'C:\Windows\system32\cryptnet.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74310000 'C:\Windows\system32\cryptnet.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74310000 'C:\Windows\system32\cryptnet.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74310000 'C:\Windows\system32\cryptnet.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74310000 'C:\Windows\system32\cryptnet.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74310000 'C:\Windows\system32\cryptnet.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74310000 'C:\Windows\system32\cryptnet.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74310000 'C:\Windows\system32\cryptnet.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74310000 'C:\Windows\system32\cryptnet.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77eb0000 'API-MS-Win-Security-SDDL-L1-1-0.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\profapi.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75d40000 'C:\Windows\system32\profapi.dll' 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\shlwapi.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shlwapi.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 77f00000 LB 0x00057000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77f00000 'C:\Windows\system32\SHLWAPI.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000 pwszName=\SystemRoot\System32\ntdll.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: New context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B4DF452093FDAA7DA713F106AEAB7D31AAA8BD52 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77eb0000 'API-MS-Win-Security-SDDL-L1-1-0.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77eb0000 'API-MS-WIN-Service-Management-L1-1-0.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77eb0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77820000 'C:\Windows\system32\ADVAPI32.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_76_for_KB3101746~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\SystemRoot\System32\ntdll.dll' 1478.1738: g_pfnWinVerifyTrust=75f1273a 1478.1738: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [redoing WinVerifyTrust] 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000e4 pwszName=\Device\HarddiskVolume1\Windows\System32\crypt32.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5899593484521EBF43C3FBEF1689EAD74AD8ED7D 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_212_for_KB3033929~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\crypt32.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' 1478.1738: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [redoing WinVerifyTrust] 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000d8 pwszName=\Device\HarddiskVolume1\Windows\System32\wintrust.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AD400B10391BF763CC5DFDE600010DE093424AAC 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_113_for_KB3033929~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\wintrust.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\wintrust.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000003d8 pwszName=\Device\HarddiskVolume1\Windows\System32\shlwapi.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A97620B38393821964747185BD0CFB4FF244F0A 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000003d0 pwszName=\Device\HarddiskVolume1\Windows\System32\Wldap32.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4274E678F4A09F0955B304F45CFA0547B0F86BC7 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\Wldap32.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\Wldap32.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000003cc pwszName=\Device\HarddiskVolume1\Windows\System32\cryptnet.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=89E77407A345B2D82F06806B31C1CEFF03A91A6A 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_113_for_KB3033929~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\cryptnet.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptnet.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000002c4 pwszName=\Device\HarddiskVolume1\Windows\System32\gpapi.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BD66D8D7C0A43466AD80C34E81C083C3C69E195B 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\gpapi.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\gpapi.dll' 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\profapi.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001f4 pwszName=\Device\HarddiskVolume1\Windows\System32\userenv.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=21925C895DA97CB66CCC5FBA910D9ABD265AA276 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\userenv.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\userenv.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000002a8 pwszName=\Device\HarddiskVolume1\Windows\System32\wtsapi32.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9F4CA8ED9971898A1354BAFA77A2B8F365EA3253 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\wtsapi32.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\wtsapi32.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000288 pwszName=\Device\HarddiskVolume1\Windows\System32\winsta.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=29D5C8F591FC6F7EE578C50BD6A00D7CA9D895EA 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_78_for_KB2984972~31bf3856ad364e35~x86~~6.1.1.4.cat'; file='\Device\HarddiskVolume1\Windows\System32\winsta.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\winsta.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001ec pwszName=\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A2D26C675A9F5FB0ABA919E9F71726151CB174F1 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001e8 pwszName=\Device\HarddiskVolume1\Windows\System32\oleaut32.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BCE31FDB944BBD2B4E378704B95BEA36085E5ADA 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3020338~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001e4 pwszName=\Device\HarddiskVolume1\Windows\System32\devobj.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EE1631BE6E86D9131380E981EC05320E6DF3FD3A 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\devobj.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\devobj.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001e0 pwszName=\Device\HarddiskVolume1\Windows\System32\hid.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6E5F4235484C3FBCB2819A1A717B284770C4D931 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\hid.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\hid.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001dc pwszName=\Device\HarddiskVolume1\Windows\System32\setupapi.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=07B90F6FCFF3E079727E8F6884115307C6E5BA41 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\setupapi.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001d8 pwszName=\Device\HarddiskVolume1\Windows\System32\WinSCard.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=234ADBB040FD0895FB9B779EBA3E8643B2DFF5B7 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\WinSCard.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\WinSCard.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001d4 pwszName=\Device\HarddiskVolume1\Windows\System32\ole32.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FAF1DA7C8C4B3B49A52A2B8999865DEDC4F50EC6 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3072633~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\ole32.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\ole32.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001d0 pwszName=\Device\HarddiskVolume1\Windows\System32\aetpkss1.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E4A97B7FEC668CD1161913B473698DEFA1139F5 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0) 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: New context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E4A97B7FEC668CD1161913B473698DEFA1139F5 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168) 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: New context 008274c8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008274c8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=F98FC8B1EC7D4CC5EF5396839AF33D5720C4307F2EADAF3BA49A58419D3014C8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168) 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\aetpkss1.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001c8 pwszName=\Device\HarddiskVolume1\Windows\System32\msvcp71.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F112F40980D4083D8E1244470CB24FAA67EF349 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0) 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: New context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F112F40980D4083D8E1244470CB24FAA67EF349 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168) 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008274c8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008274c8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=07083DEBB1416EAFE1C4F60AE2C95AFCCEA06F4A652D0304A881BC400A26BAB9 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0) 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: New context 008274c8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008274c8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=07083DEBB1416EAFE1C4F60AE2C95AFCCEA06F4A652D0304A881BC400A26BAB9 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168) 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msvcp71.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001c4 pwszName=\Device\HarddiskVolume1\Windows\System32\msvcr71.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=33BBCCF6326276B413A1ECED1BF7842A6D1DDA07 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0) 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: New context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=33BBCCF6326276B413A1ECED1BF7842A6D1DDA07 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168) 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008274c8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008274c8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=C510B9C6EDE702F876D857BE2D8BB17EE4839324D54DF7F2150B70445F0055D9 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0) 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: New context 008274c8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008274c8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=C510B9C6EDE702F876D857BE2D8BB17EE4839324D54DF7F2150B70445F0055D9 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168) 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msvcr71.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001c0 pwszName=\Device\HarddiskVolume1\Windows\System32\aetsprov.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DDA33A939001F972AE6BDDC723C7C9D8436B5B85 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0) 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: New context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DDA33A939001F972AE6BDDC723C7C9D8436B5B85 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168) 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008274c8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008274c8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=FADD9A489CC3C31A2E920F2B6548749CB7C7A5BE7FEB4ECC1C9503D67CCD1D58 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0) 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: New context 008274c8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008274c8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=FADD9A489CC3C31A2E920F2B6548749CB7C7A5BE7FEB4ECC1C9503D67CCD1D58 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168) 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\aetsprov.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001ac pwszName=\Device\HarddiskVolume1\Windows\System32\ncrypt.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D56F0B10DF0BBC071EC3118E6BF4B9C85E433C99 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_76_for_KB3101746~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\ncrypt.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\ncrypt.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000190 pwszName=\Device\HarddiskVolume1\Windows\System32\msctf.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=21CC868DE3508F5C6F6D348B324C1E8AB2969CC6 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3033889~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\msctf.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msctf.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000018c pwszName=\Device\HarddiskVolume1\Windows\System32\imm32.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB8862BB29C3F539B9BF3A9E49EBC509A515AC5C 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\imm32.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\imm32.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000188 pwszName=\Device\HarddiskVolume1\Windows\System32\usp10.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=620B58DF939ECB4E691974D32E1363C8F89396C3 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3108670~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\usp10.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\usp10.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000184 pwszName=\Device\HarddiskVolume1\Windows\System32\lpk.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5B69BB5E518E30563D5F105F9F5A9A0774CF902E 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3087039~31bf3856ad364e35~x86~~6.1.1.4.cat'; file='\Device\HarddiskVolume1\Windows\System32\lpk.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\lpk.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000180 pwszName=\Device\HarddiskVolume1\Windows\System32\gdi32.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F22A2FC845420DBD44B017133D50DFF33EE6D03F 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3069392~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\gdi32.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000017c pwszName=\Device\HarddiskVolume1\Windows\System32\user32.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=44098F3B14959897BB848F81A735A1BE83CB369F 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_4_for_KB3109094~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\user32.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\user32.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000178 pwszName=\Device\HarddiskVolume1\Windows\System32\imagehlp.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D59F877FD4F27652A01B1936874AFAF3A55572A8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2893294~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\imagehlp.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\imagehlp.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000134 pwszName=\Device\HarddiskVolume1\Windows\System32\cryptbase.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=685A12871B04F122C1C6F2AA1E429C19211FCD8F 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_76_for_KB3101746~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\cryptbase.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptbase.dll' 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\rsaenh.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000130 pwszName=\Device\HarddiskVolume1\Windows\System32\cryptsp.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EFE6B29BE955FB2D869F3B57909DF90693FBBCEB 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_113_for_KB3033929~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\cryptsp.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptsp.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000124 pwszName=\Device\HarddiskVolume1\Windows\System32\sechost.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=78E9ABD813B4175EBA8EBD16ACB465E0E2FBF7F8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\sechost.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\sechost.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000120 pwszName=\Device\HarddiskVolume1\Windows\System32\advapi32.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0126923AE273E77D7677F69E1B331A63871D998A 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2882822~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume1\Windows\System32\advapi32.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000108 pwszName=\Device\HarddiskVolume1\Windows\System32\bcrypt.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F0BAB1EFD5C685AC53B020519B5A6984B19E5071 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000e8 pwszName=\Device\HarddiskVolume1\Windows\System32\msvcrt.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=50B466D5DDEDD2D1A524F20B8873F187B62AA69F 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000e0 pwszName=\Device\HarddiskVolume1\Windows\System32\msasn1.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7068F2E1634BBD478D1FBCF4C463626913EA7285 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\msasn1.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000dc pwszName=\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=75EC13F04473FD191A7C44AD9A7C2B28A625D383 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_76_for_KB3101746~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSupLib.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000024 pwszName=\Device\HarddiskVolume1\Windows\System32\KernelBase.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=992AF4E9EBEC265515EC875F6F2F14055D1D491D 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_4_for_KB3063858~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\KernelBase.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\KernelBase.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000001c pwszName=\Device\HarddiskVolume1\Windows\System32\kernel32.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=84623A9DB7C87F822F9F509ECBD6D4DC753E6405 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_4_for_KB3063858~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\kernel32.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\kernel32.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0087393c:C:\Windows\system32 [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75d90000 'C:\Windows\system32\crypt32.dll' 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x292d758d85f9d800 C=CN, O=OSCCA, CN=ROOTCA 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x7a39c7396be7e200 C=CN, ST=Internet, L=Cernet, O=GoAgent, OU=GoAgent Root, CN=GoAgent XX-Net 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x6cfe8a8d674bca10 O=Alibaba.com Corporation, OU=CA Center, CN=Alibaba.com Corporation Root CA 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xcadc32c7ca6ffcfc CN=IcbcCA, O=icbc.com.cn 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xe20485f3b396a400 C=CN, ST=Internet, L=Cernet, O=GoAgent, OU=GoAgent, CN=GoAgent 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xa7d940d543089e00 C=CN, ST=Internet, L=Cernet, O=GoAgent, OU=GoAgent Root, CN=GoAgent XX-Net 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x4f482c5d9443c000 C=CN, O=Alipay.com Co.,Ltd, OU=www.alipay.com, CN=ALIPAY_ROOT 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xe7bda57c0ecbb00 CN=ICBC Root CA, O=Industrial and Commercial Bank of China 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x34ccc8a2de87f407 C=CN, O=CFCA Root CA 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x90d31b5ab79e90f8 CN=Personal ICBC CA, O=personal.icbc.com.cn 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp. 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x17662ec1a961d300 C=CN, ST=Internet, L=Cernet, O=GoAgent, OU=GoAgent Root, CN=GoAgent XX-Net 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x1591b8ac8dcabd00 C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xc48cebc8db05b000 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Global Root CA 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048) 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x20b7075b3689b600 C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3 1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root 1478.1738: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=64 1478.1738: SUPR3HardenedMain: Load Runtime... 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxRT.dll) WinVerifyTrust 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxRT.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000450 pwszName=\Device\HarddiskVolume1\Windows\System32\ws2_32.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2535224DB54945234E1A0C452639FCBB02F5F364 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'nsi.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ws2_32.dll) WinVerifyTrust 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ws2_32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll) WinVerifyTrust 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll) WinVerifyTrust 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000484 pwszName=\Device\HarddiskVolume1\Windows\System32\nsi.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B5C25EDD170A1CAACC3D49C508AB6F58BD6DE6E2 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\nsi.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\nsi.dll) WinVerifyTrust 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\nsi.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008bfebc:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxRT.dll 1478.1738: supR3HardenedDllNotificationCallback: load 6d470000 LB 0x00441000 C:\Program Files\VirtualBox\VBoxRT.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxRT.dll 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll 1478.1738: supR3HardenedDllNotificationCallback: load 6e7c0000 LB 0x000bf000 C:\Program Files\VirtualBox\MSVCR100.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll 1478.1738: supR3HardenedDllNotificationCallback: load 6ebe0000 LB 0x00069000 C:\Program Files\VirtualBox\MSVCP100.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll 1478.1738: supR3HardenedDllNotificationCallback: load 775e0000 LB 0x00035000 C:\Windows\system32\WS2_32.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll 1478.1738: supR3HardenedDllNotificationCallback: load 775d0000 LB 0x00006000 C:\Windows\system32\NSI.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxRT.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxRT.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxRT.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxRT.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxRT.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxRT.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxRT.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxRT.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008739fc:C:\Windows\system32 [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75f10000 'C:\Windows\system32\Wintrust.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008739fc:C:\Windows\system32 [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75d90000 'C:\Windows\system32\crypt32.dll' 1478.1738: SUPR3HardenedMain: Load TrustedMain... 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtcorevbox4.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtguivbox4.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.dll) WinVerifyTrust 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004bc pwszName=\Device\HarddiskVolume1\Windows\System32\winmm.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0907A64D7756C59C69C1DFBD06460EC89D3A8FBD 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\winmm.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winmm.dll) WinVerifyTrust 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winmm.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume1\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004a8 pwszName=\Device\HarddiskVolume1\Windows\System32\comdlg32.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1C456ACB19416C5E733133B4582891146F151614 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\comdlg32.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\comdlg32.dll) WinVerifyTrust 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\comdlg32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004c8 pwszName=\Device\HarddiskVolume1\Windows\System32\shell32.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7E0E9506F317BDB184E9D79C726FEC46DD5C742F 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3080446~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume1\Windows\System32\shell32.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\shell32.dll) WinVerifyTrust 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shell32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\QtOpenGLVBox4.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\QtGuiVBox4.dll) WinVerifyTrust 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\QtGuiVBox4.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\QtCoreVBox4.dll) WinVerifyTrust 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\QtCoreVBox4.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxVMM.dll) WinVerifyTrust 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxVMM.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004f8 pwszName=\Device\HarddiskVolume1\Windows\System32\opengl32.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4C7570E385B8CF66CB40344231F3E0AA4189574F 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WinEmb-Graphics-Platform~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\opengl32.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\opengl32.dll) WinVerifyTrust 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\opengl32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume1\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004fc pwszName=\Device\HarddiskVolume1\Windows\System32\ddraw.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6D0AC3B30C2D6C734EBBA3E99BF60B93FDF28E33 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WinEmb-Graphics-Platform~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\ddraw.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ddraw.dll) WinVerifyTrust 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ddraw.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume1\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000504 pwszName=\Device\HarddiskVolume1\Windows\System32\glu32.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8AAE7D02045ADA954DBE714C716FEAB98D1A54F0 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WinEmb-Graphics-Platform~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\glu32.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\glu32.dll) WinVerifyTrust 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\glu32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxREM.dll) WinVerifyTrust 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxREM.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\QtCoreVBox4.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume1\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008] 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000518 pwszName=\Device\HarddiskVolume1\Windows\System32\winspool.drv 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B39657B6044CE5C98BB9FC443679CBDE0E6BE222 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\winspool.drv' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winspool.drv) WinVerifyTrust 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winspool.drv 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\imm32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume1\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\comdlg32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\QtCoreVBox4.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\QtGuiVBox4.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\comctl32.dll' [rcNtRedir=0x0] 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000510 pwszName=\Device\HarddiskVolume1\Windows\System32\comctl32.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6F6BC11030E34EE31C1BFA1892BB38C959ED836D 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\comctl32.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\comctl32.dll) WinVerifyTrust 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\comctl32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxVMM.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004d0 pwszName=\Device\HarddiskVolume1\Windows\System32\dwmapi.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2DD0519DFAD1ED741C9324879C92EC15A9FFB8D0 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\dwmapi.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dwmapi.dll) WinVerifyTrust 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dwmapi.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume1\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000524 pwszName=\Device\HarddiskVolume1\Windows\System32\dciman32.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0121BFD26E8D5A165F8B76EDF84833D970DB8D96 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3087039~31bf3856ad364e35~x86~~6.1.1.4.cat'; file='\Device\HarddiskVolume1\Windows\System32\dciman32.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dciman32.dll) WinVerifyTrust 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dciman32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008bfebc:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.dll 1478.1738: supR3HardenedDllNotificationCallback: load 6baf0000 LB 0x009ae000 C:\Program Files\VirtualBox\VirtualBox.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.dll 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll 1478.1738: supR3HardenedDllNotificationCallback: load 6e6f0000 LB 0x000c8000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\glu32.dll 1478.1738: supR3HardenedDllNotificationCallback: load 710c0000 LB 0x00022000 C:\Windows\system32\GLU32.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\glu32.dll 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ddraw.dll 1478.1738: supR3HardenedDllNotificationCallback: load 6e600000 LB 0x000e7000 C:\Windows\system32\DDRAW.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ddraw.dll 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dciman32.dll 1478.1738: supR3HardenedDllNotificationCallback: load 72f40000 LB 0x00006000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dciman32.dll 1478.1738: supR3HardenedDllNotificationCallback: load 77a30000 LB 0x0019d000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll 1478.1738: supR3HardenedDllNotificationCallback: load 760a0000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll 1478.1738: supR3HardenedDllNotificationCallback: load 778c0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll 1478.1738: supR3HardenedDllNotificationCallback: load 75ef0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\devobj.dll 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dwmapi.dll 1478.1738: supR3HardenedDllNotificationCallback: load 74510000 LB 0x00013000 C:\Windows\system32\dwmapi.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dwmapi.dll 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxVMM.dll 1478.1738: supR3HardenedDllNotificationCallback: load 6e3d0000 LB 0x00229000 C:\Program Files\VirtualBox\VBoxVMM.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxVMM.dll 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxREM.dll 1478.1738: supR3HardenedDllNotificationCallback: load 72dc0000 LB 0x00007000 C:\Program Files\VirtualBox\VBoxREM.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxREM.dll 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\QtCoreVBox4.dll 1478.1738: supR3HardenedDllNotificationCallback: load 6dd00000 LB 0x00274000 C:\Program Files\VirtualBox\QtCoreVBox4.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\QtCoreVBox4.dll 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\QtGuiVBox4.dll 1478.1738: supR3HardenedDllNotificationCallback: load 6a170000 LB 0x00810000 C:\Program Files\VirtualBox\QtGuiVBox4.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\QtGuiVBox4.dll 1478.1738: supR3HardenedDllNotificationCallback: load 76130000 LB 0x0007b000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\comdlg32.dll 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll) 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll 1478.1738: supR3HardenedDllNotificationCallback: load 71250000 LB 0x00084000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\COMCTL32.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll [avoiding WinVerifyTrust] 1478.1738: supR3HardenedDllNotificationCallback: load 761b0000 LB 0x00c4b000 C:\Windows\system32\SHELL32.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll 1478.1738: supR3HardenedDllNotificationCallback: load 72eb0000 LB 0x00032000 C:\Windows\system32\WINMM.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winspool.drv 1478.1738: supR3HardenedDllNotificationCallback: load 72520000 LB 0x00051000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winspool.drv 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\QtOpenGLVBox4.dll 1478.1738: supR3HardenedDllNotificationCallback: load 6e300000 LB 0x000c1000 C:\Program Files\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\QtOpenGLVBox4.dll 1478.1738: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll'. 1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll' [rescheduled] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\imm32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c02f4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77ed0000 'C:\Windows\system32\imm32.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6baf0000 'C:\Program Files\VirtualBox\VirtualBox.dll' 1478.1738: SUPR3HardenedMain: Calling TrustedMain (6baf10f0)... 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008bfebc:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008bfebc:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=761b0000 'C:\Windows\system32\shell32.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008bfebc:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77c80000 'C:\Windows\system32\kernel32.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000005d0 pwszName=\Device\HarddiskVolume1\Windows\System32\uxtheme.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BCFB3B3EDEC8C54A3B95DACAFC19DCB9EA6969BD 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\uxtheme.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\uxtheme.dll) WinVerifyTrust 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\uxtheme.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008bfebc:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll 1478.1738: supR3HardenedDllNotificationCallback: load 74a50000 LB 0x00040000 C:\Windows\system32\uxtheme.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74a50000 'C:\Windows\system32\uxtheme.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008bfebc:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74a50000 'C:\Windows\system32\uxtheme.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008bfebc:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\user32.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008bfebc:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74a50000 'C:\Windows\system32\uxtheme.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\user32.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008bfebc:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77820000 'C:\Windows\system32\advapi32.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\userenv.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008bfebc:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75f50000 'C:\Windows\system32\userenv.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008bfebc:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77c80000 'C:\Windows\system32\kernel32.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000614 pwszName=\Device\HarddiskVolume1\Windows\System32\clbcatq.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B560B8A95D275325C41DE5897E348BE60192127E 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WinEmb-AppSupport-ComPlus~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\clbcatq.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\clbcatq.dll) WinVerifyTrust 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\clbcatq.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008bfebc:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\clbcatq.dll 1478.1738: supR3HardenedDllNotificationCallback: load 77040000 LB 0x00083000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\clbcatq.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77040000 'C:\Windows\system32\CLBCatQ.DLL' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77820000 'C:\Windows\system32\ADVAPI32.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008bfebc:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75590000 'C:\Windows\system32\CRYPTSP.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000063c pwszName=\Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A397FD418538BAA1CB6D18B348447E74938F66EA 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll) WinVerifyTrust 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008bfebc:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll 1478.1738: supR3HardenedDllNotificationCallback: load 75ab0000 LB 0x0000e000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75ab0000 'C:\Windows\system32\RpcRtRemote.dll' 1478.5b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1478.5b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 1478.5b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'psapi.dll'. 1478.5b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxvmm.dll'. 1478.5b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxrt.dll'. 1478.5b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'. 1478.5b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'version.dll'. 1478.5b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'. 1478.5b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'. 1478.5b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'. 1478.5b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxC.dll) WinVerifyTrust 1478.5b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxC.dll 1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1478.5b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll 1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1478.5b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll 1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 1478.5b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll 1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'... 1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume1\Windows\System32\version.dll' [rcNtRedir=0xc0150008] 1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000680 pwszName=\Device\HarddiskVolume1\Windows\System32\version.dll 1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87F58E3B93CDFEB987BC8B5880D3F0366E3D8203 1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\version.dll' 1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.5b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 1478.5b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\version.dll) WinVerifyTrust 1478.5b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\version.dll 1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 1478.5b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxVMM.dll 1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'... 1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008] 1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000690 pwszName=\Device\HarddiskVolume1\Windows\System32\psapi.dll 1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B8C4B546A3AFC4BE73BF28FF4C3BEDCA0C703EA7 1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\psapi.dll' 1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.5b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\psapi.dll) WinVerifyTrust 1478.5b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\psapi.dll 1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 1478.5b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll 1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.5b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=024a558c:C:\Program Files\VirtualBox;C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.5b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxC.dll 1478.5b0: supR3HardenedDllNotificationCallback: load 6cf70000 LB 0x004f4000 C:\Program Files\VirtualBox\VBoxC.dll [fFlags=0x0] 1478.5b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxC.dll 1478.5b0: supR3HardenedDllNotificationCallback: load 77a20000 LB 0x00005000 C:\Windows\system32\PSAPI.DLL [fFlags=0x0] 1478.5b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\psapi.dll 1478.5b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\version.dll 1478.5b0: supR3HardenedDllNotificationCallback: load 75020000 LB 0x00009000 C:\Windows\system32\VERSION.dll [fFlags=0x0] 1478.5b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\version.dll 1478.5b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6cf70000 'C:\Program Files\VirtualBox\VBoxC.dll' 1478.5b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll 1478.5b0: supR3HardenedMonitor_LdrLoadDll: pName=c:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008b5f4c:c:\Windows\system32;C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.5b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=760a0000 'c:\Windows\system32\oleaut32.dll' 1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000684 pwszName=\Device\HarddiskVolume1\Windows\System32\sxs.dll 1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=79CE8A02BDEAE624679BB2A7290B3C61ADC51853 1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\sxs.dll' 1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.5b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\sxs.dll) WinVerifyTrust 1478.5b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sxs.dll 1478.5b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SXS.DLL (Input=SXS.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008bfebc:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.5b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\sxs.dll 1478.5b0: supR3HardenedDllNotificationCallback: load 75a40000 LB 0x0005f000 C:\Windows\system32\SXS.DLL [fFlags=0x0] 1478.5b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\sxs.dll 1478.5b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75a40000 'C:\Windows\system32\SXS.DLL' 1478.5b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77820000 'C:\Windows\system32\ADVAPI32.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c04d4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=760a0000 'C:\Windows\system32\OLEAUT32.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll' 1478.12ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1478.12ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 1478.12ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1478.12ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxPuelMain.dll) WinVerifyTrust 1478.12ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxPuelMain.dll 1478.12ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1478.12ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1478.12ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 1478.12ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 1478.12ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxVMM.dll 1478.12ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1478.12ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1478.12ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.x86/VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0024:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxPuelMain.dll 1478.12ec: supR3HardenedDllNotificationCallback: load 71f20000 LB 0x00006000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxPuelMain.DLL [fFlags=0x0] 1478.12ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxPuelMain.dll 1478.12ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=71f20000 'C:\Program Files\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.x86/VBoxPuelMain.DLL' 1478.1738: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c036c:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\user32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c036c:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\user32.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c036c:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=761b0000 'C:\Windows\system32\shell32.dll' 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\embdtrst.dll) WinVerifyTrust 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\embdtrst.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\EmbdTrst.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c036c:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\embdtrst.dll 1478.1738: supR3HardenedDllNotificationCallback: load 75aa0000 LB 0x00005000 C:\Windows\system32\EmbdTrst.DLL [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\embdtrst.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75aa0000 'C:\Windows\system32\EmbdTrst.DLL' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000a94 pwszName=\Device\HarddiskVolume1\Windows\System32\apphelp.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=308EF32EE8A807D1479CBD7E70222AD12B53DBAC 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\apphelp.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\apphelp.dll) WinVerifyTrust 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\apphelp.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000: [calling] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll 1478.1738: supR3HardenedDllNotificationCallback: load 759e0000 LB 0x0004c000 C:\Windows\system32\apphelp.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=759e0000 'C:\Windows\system32\apphelp.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=778c0000 'C:\Windows\system32\ole32.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msctf.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008b5eac:C:\Windows\system32;C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77460000 'C:\Windows\system32\MSCTF.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=778c0000 'C:\Windows\system32\ole32.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=760a0000 'C:\Windows\system32\OLEAUT32.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000ac4 pwszName=\Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFAE9B283A50E4A3D49C9E7E37A89888A2B4A44D 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000acc pwszName=\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E79947DA232978EB549EB8D34A29D88973B71D91 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll) WinVerifyTrust 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02521be4:C:\Windows\system32\wbem;C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll 1478.1738: supR3HardenedDllNotificationCallback: load 72990000 LB 0x0000a000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll 1478.1738: supR3HardenedDllNotificationCallback: load 70f60000 LB 0x0005c000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72990000 'C:\Windows\system32\wbem\wbemprox.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000af4 pwszName=\Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3338693857D113001E407F1B201A10C276605B11 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02521be4:C:\Windows\system32\wbem;C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll 1478.1738: supR3HardenedDllNotificationCallback: load 6fe80000 LB 0x0000f000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6fe80000 'C:\Windows\system32\wbem\wbemsvc.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000ae8 pwszName=\Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8BC82FF6EDA44F553393099F53D4AED926C6283B 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll) WinVerifyTrust 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000af8 pwszName=\Device\HarddiskVolume1\Windows\System32\ntdsapi.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BD41341CF1BA6E0043138C5705ABB177F2ED6AAD 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\ntdsapi.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'ws2_32.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ntdsapi.dll) WinVerifyTrust 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ntdsapi.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02521be4:C:\Windows\system32\wbem;C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll 1478.1738: supR3HardenedDllNotificationCallback: load 701e0000 LB 0x00096000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntdsapi.dll 1478.1738: supR3HardenedDllNotificationCallback: load 701c0000 LB 0x00018000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntdsapi.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=701e0000 'C:\Windows\system32\wbem\fastprox.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=760a0000 'C:\Windows\system32\OLEAUT32.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll' [redir] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll [redoing WinVerifyTrust] 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000528 pwszName=\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6F6BC11030E34EE31C1BFA1892BB38C959ED836D 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=71250000 'C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=760a0000 'C:\Windows\system32\OLEAUT32.DLL' 1478.12f8: \Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetAdp6.sys: Owner is administrators group. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'hal.dll'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetAdp6.sys) 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetAdp6.sys 1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetAdp6.sys [avoiding WinVerifyTrust] 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ndis.sys'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'netio.sys'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetLwf.sys) 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetLwf.sys 1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetLwf.sys [avoiding WinVerifyTrust] 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\drivers\VBoxUSBMon.sys) 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\drivers\VBoxUSBMon.sys 1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\drivers\VBoxUSBMon.sys [avoiding WinVerifyTrust] 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\drivers\VBoxDrv.sys) 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\drivers\VBoxDrv.sys 1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\drivers\VBoxDrv.sys [avoiding WinVerifyTrust] 1478.12f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\drivers\VBoxDrv.sys' 1478.12f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\drivers\VBoxUSBMon.sys' 1478.12f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetLwf.sys' 1478.12f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetAdp6.sys' 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000ba0 pwszName=\Device\HarddiskVolume1\Windows\System32\netcfgx.dll 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EEE76D5DBE9352B9FB1F4A2B953AA4EDA6294F66 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\netcfgx.dll' 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shlwapi.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'slc.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'nsi.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\netcfgx.dll) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\netcfgx.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000bb8 pwszName=\Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FAD8C6B06A9984F1082FA7D63E0B3AAABCA210F6 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL' 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'slc.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'slc.dll' -> '\Device\HarddiskVolume1\Windows\System32\slc.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\slc.dll) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\slc.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume1\Windows\System32\hal.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'kdcom.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'pshed.dll'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\hal.dll) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\hal.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'pshed.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'bootvid.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'kdcom.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'clfs.sys'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ci.dll'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume1\Windows\System32\hal.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\hal.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume1\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ndis.sys'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msrpc.sys'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\drivers\netio.sys) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\drivers\netio.sys 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume1\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\drivers\ndis.sys) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\drivers\ndis.sys 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume1\Windows\System32\hal.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\hal.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume1\Windows\System32\hal.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\hal.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume1\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\drivers\ndis.sys 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume1\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\drivers\netio.sys 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume1\Windows\System32\hal.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\hal.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msrpc.sys' -> '\Device\HarddiskVolume1\Windows\System32\drivers\msrpc.sys' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c07a4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=761b0000 'C:\Windows\system32\shell32.dll' 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\user32.dll' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c07a4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\WINMM.dll' 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\drivers\msrpc.sys) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\drivers\msrpc.sys 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume1\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\drivers\ndis.sys 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume1\Windows\System32\hal.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\hal.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ci.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ci.dll' -> '\Device\HarddiskVolume1\Windows\System32\ci.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ci.dll) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ci.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'clfs.sys'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'clfs.sys' -> '\Device\HarddiskVolume1\Windows\System32\clfs.sys' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\clfs.sys) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\clfs.sys 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume1\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\kdcom.dll) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kdcom.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bootvid.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bootvid.dll' -> '\Device\HarddiskVolume1\Windows\System32\bootvid.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\BOOTVID.DLL) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\BOOTVID.DLL 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume1\Windows\System32\hal.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\hal.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume1\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\PSHED.DLL) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\PSHED.DLL 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume1\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\PSHED.DLL 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume1\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kdcom.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000bd8 pwszName=\Device\HarddiskVolume1\Windows\System32\winnsi.dll 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83FA279A149B092654B141C0063E129F0A8FF628 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\winnsi.dll' 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winnsi.dll) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winnsi.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume1\Windows\System32\hal.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\hal.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume1\Windows\System32\hal.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\hal.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume1\Windows\System32\hal.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume1\Windows\System32\hal.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=c:\Windows\system32\netcfgx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008b5f4c:c:\Windows\system32;C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\netcfgx.dll 1478.12f8: supR3HardenedDllNotificationCallback: load 70040000 LB 0x00067000 c:\Windows\system32\netcfgx.dll [fFlags=0x0] 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\netcfgx.dll 1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\slc.dll 1478.12f8: supR3HardenedDllNotificationCallback: load 75ac0000 LB 0x0000a000 c:\Windows\system32\slc.dll [fFlags=0x0] 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\slc.dll 1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL 1478.12f8: supR3HardenedDllNotificationCallback: load 75ae0000 LB 0x0001c000 c:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0] 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL 1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winnsi.dll 1478.12f8: supR3HardenedDllNotificationCallback: load 75ad0000 LB 0x00007000 c:\Windows\system32\WINNSI.DLL [fFlags=0x0] 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winnsi.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=70040000 'c:\Windows\system32\netcfgx.dll' 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c045c:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77a30000 'C:\Windows\system32\SETUPAPI.dll' 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\devrtl.dll) 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\devrtl.dll 1478.12f8: supR3HardenedDllNotificationCallback: load 752f0000 LB 0x0000e000 C:\Windows\system32\devrtl.DLL [fFlags=0x0] 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\devrtl.dll [avoiding WinVerifyTrust] 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000bf4 pwszName=\Device\HarddiskVolume1\Windows\System32\devrtl.dll 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CD89866352298A7134AB5603177CD257C074D584 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\devrtl.dll' 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.12f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\devrtl.dll' 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.dll (Input=WINTRUST.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c045c:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75f10000 'C:\Windows\system32\WINTRUST.dll' 1478.1374: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1478.1374: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 1478.1374: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1478.1374: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 1478.1374: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust 1478.1374: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSharedClipboard.dll 1478.1374: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.1374: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.1374: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1478.1374: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1478.1374: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 1478.1374: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 1478.1374: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxVMM.dll 1478.1374: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1478.1374: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1478.1374: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.1374: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSharedClipboard.dll 1478.1374: supR3HardenedDllNotificationCallback: load 71ef0000 LB 0x00009000 C:\Program Files\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0] 1478.1374: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSharedClipboard.dll 1478.1374: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=71ef0000 'C:\Program Files\VirtualBox\VBoxSharedClipboard.DLL' 1478.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1478.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 1478.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1478.14ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust 1478.14ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDragAndDropSvc.dll 1478.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1478.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1478.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1478.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 1478.14ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll 1478.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1478.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1478.14ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDragAndDropSvc.dll 1478.14ac: supR3HardenedDllNotificationCallback: load 71cc0000 LB 0x0000c000 C:\Program Files\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0] 1478.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDragAndDropSvc.dll 1478.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=71cc0000 'C:\Program Files\VirtualBox\VBoxDragAndDropSvc.DLL' 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxvmm.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxoglrenderspu.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'oleaut32.dll'. 1478.9c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSharedCrOpenGL.dll) WinVerifyTrust 1478.9c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSharedCrOpenGL.dll 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglrenderspu.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglrenderspu.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxoglrenderspu.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'. 1478.9c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxOGLrenderspu.dll) WinVerifyTrust 1478.9c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxOGLrenderspu.dll 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxVMM.dll 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'. 1478.9c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxOGLhostcrutil.dll) WinVerifyTrust 1478.9c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxOGLhostcrutil.dll 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxOGLhostcrutil.dll 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll 1478.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxSharedCrOpenGL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.9c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSharedCrOpenGL.dll 1478.9c8: supR3HardenedDllNotificationCallback: load 6ce70000 LB 0x000f5000 C:\Program Files\VirtualBox\VBoxSharedCrOpenGL.DLL [fFlags=0x0] 1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSharedCrOpenGL.dll 1478.9c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxOGLhostcrutil.dll 1478.9c8: supR3HardenedDllNotificationCallback: load 6fa70000 LB 0x00028000 C:\Program Files\VirtualBox\VBoxOGLhostcrutil.dll [fFlags=0x0] 1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxOGLhostcrutil.dll 1478.9c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxOGLrenderspu.dll 1478.9c8: supR3HardenedDllNotificationCallback: load 705a0000 LB 0x00020000 C:\Program Files\VirtualBox\VBoxOGLrenderspu.dll [fFlags=0x0] 1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxOGLrenderspu.dll 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ce70000 'C:\Program Files\VirtualBox\VBoxSharedCrOpenGL.DLL' 1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxOGLrenderspu.dll 1478.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxOGLrenderspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=705a0000 'C:\Program Files\VirtualBox\VBoxOGLrenderspu.dll' 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'. 1478.9c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxOGLhosterrorspu.dll) WinVerifyTrust 1478.9c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxOGLhosterrorspu.dll 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxOGLhostcrutil.dll 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxOGLhosterrorspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.9c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxOGLhosterrorspu.dll 1478.9c8: supR3HardenedDllNotificationCallback: load 6e2e0000 LB 0x00018000 C:\Program Files\VirtualBox\VBoxOGLhosterrorspu.dll [fFlags=0x0] 1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxOGLhosterrorspu.dll 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e2e0000 'C:\Program Files\VirtualBox\VBoxOGLhosterrorspu.dll' 1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll 1478.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/opengl32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.9c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e6f0000 'C:\Windows\system32/opengl32.dll' 1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll 1478.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e6f0000 'C:\Windows\system32\OPENGL32.dll' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll' 1478.9c8: \Device\HarddiskVolume1\Windows\System32\atiglpxx.dll: Owner is administrators group. 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000ce4 pwszName=\Device\HarddiskVolume1\Windows\System32\atiglpxx.dll 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03769D8751BBC06AB5619759077C96B60ED5A5AE 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x47f; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem2.CAT'; file='\Device\HarddiskVolume1\Windows\System32\atiglpxx.dll' 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 1478.9c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\atiglpxx.dll) WinVerifyTrust 1478.9c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\atiglpxx.dll 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\atiglpxx.dll (Input=atiglpxx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.9c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\atiglpxx.dll 1478.9c8: supR3HardenedDllNotificationCallback: load 71900000 LB 0x00007000 C:\Windows\system32\atiglpxx.dll [fFlags=0x0] 1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\atiglpxx.dll 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=71900000 'C:\Windows\system32\atiglpxx.dll' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll' 1478.9c8: \Device\HarddiskVolume1\Windows\System32\atioglxx.dll: Owner is administrators group. 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000cf4 pwszName=\Device\HarddiskVolume1\Windows\System32\atioglxx.dll 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9985F26015F75CEB4B1FFEF19AD43BD3AF321EAF 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x47f; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem2.CAT'; file='\Device\HarddiskVolume1\Windows\System32\atioglxx.dll' 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'version.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'setupapi.dll'. 1478.9c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\atioglxx.dll) WinVerifyTrust 1478.9c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\atioglxx.dll 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume1\Windows\System32\version.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\version.dll 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\atioglxx.dll (Input=atioglxx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.9c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\atioglxx.dll 1478.9c8: supR3HardenedDllNotificationCallback: load 05220000 LB 0x01325000 C:\Windows\system32\atioglxx.dll [fFlags=0x0] 1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\atioglxx.dll 1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dwmapi.dll 1478.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c03e4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74510000 'C:\Windows\system32\dwmapi.dll' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=05220000 'C:\Windows\system32\atioglxx.dll' 1478.9c8: \Device\HarddiskVolume1\Windows\System32\atiadlxx.dll: Owner is administrators group. 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000cfc pwszName=\Device\HarddiskVolume1\Windows\System32\atiadlxx.dll 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7C59BE65C08685C3D59A5BF216A68FA08E32B741 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x47f; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem2.CAT'; file='\Device\HarddiskVolume1\Windows\System32\atiadlxx.dll' 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shell32.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'userenv.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'wtsapi32.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'setupapi.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'psapi.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'wsock32.dll'. 1478.9c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\atiadlxx.dll) WinVerifyTrust 1478.9c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\atiadlxx.dll 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wsock32.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wsock32.dll' -> '\Device\HarddiskVolume1\Windows\System32\wsock32.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000d00 pwszName=\Device\HarddiskVolume1\Windows\System32\wsock32.dll 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=56BB5C6675EB09C55A32018F501B6713429C47BC 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume1\Windows\System32\wsock32.dll' 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 1478.9c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wsock32.dll) WinVerifyTrust 1478.9c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wsock32.dll 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\psapi.dll 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wtsapi32.dll 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume1\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\userenv.dll 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll 1478.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\atiadlxx.dll (Input=atiadlxx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.9c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\atiadlxx.dll 1478.9c8: supR3HardenedDllNotificationCallback: load 6dc20000 LB 0x00062000 C:\Windows\system32\atiadlxx.dll [fFlags=0x0] 1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\atiadlxx.dll 1478.9c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wsock32.dll 1478.9c8: supR3HardenedDllNotificationCallback: load 75b00000 LB 0x00007000 C:\Windows\system32\WSOCK32.dll [fFlags=0x0] 1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wsock32.dll 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6dc20000 'C:\Windows\system32\atiadlxx.dll' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll' 1478.9c8: \Device\HarddiskVolume1\Windows\System32\atigktxx.dll: Owner is administrators group. 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000d04 pwszName=\Device\HarddiskVolume1\Windows\System32\atigktxx.dll 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=56EBCF42541BF6BB9018C654ABAD26EFD910D0F7 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x47f; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem2.CAT'; file='\Device\HarddiskVolume1\Windows\System32\atigktxx.dll' 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'version.dll'. 1478.9c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\atigktxx.dll) WinVerifyTrust 1478.9c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\atigktxx.dll 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume1\Windows\System32\version.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\version.dll 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\atigktxx.dll (Input=atigktxx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.9c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\atigktxx.dll 1478.9c8: supR3HardenedDllNotificationCallback: load 74aa0000 LB 0x0000b000 C:\Windows\system32\atigktxx.dll [fFlags=0x0] 1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\atigktxx.dll 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74aa0000 'C:\Windows\system32\atigktxx.dll' 1478.9c8: \Device\HarddiskVolume1\Windows\System32\aticfx32.dll: Owner is administrators group. 1478.9c8: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x800b010a (CERT_E_CHAINING) on '\Device\HarddiskVolume1\Windows\System32\aticfx32.dll' 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000d08 pwszName=\Device\HarddiskVolume1\Windows\System32\aticfx32.dll 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=ECEEF84C8C9EF7243B7B94EB76F26F52D85109D1 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x47f; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem2.CAT'; file='\Device\HarddiskVolume1\Windows\System32\aticfx32.dll' 1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (was CERT_E_CHAINING) 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 1478.9c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\aticfx32.dll) WinVerifyTrust 1478.9c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\aticfx32.dll 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\aticfx32.dll (Input=aticfx32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.9c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\aticfx32.dll 1478.9c8: supR3HardenedDllNotificationCallback: load 6ef00000 LB 0x000e6000 C:\Windows\system32\aticfx32.dll [fFlags=0x0] 1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\aticfx32.dll 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ef00000 'C:\Windows\system32\aticfx32.dll' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll' 1478.9c8: supR3HardenedDllNotificationCallback: Unload 74aa0000 LB 0x0000b000 C:\Windows\system32\atigktxx.dll [flags=0x0] 1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\atigktxx.dll 1478.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\atigktxx.dll (Input=atigktxx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.9c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\atigktxx.dll 1478.9c8: supR3HardenedDllNotificationCallback: load 714a0000 LB 0x0000b000 C:\Windows\system32\atigktxx.dll [fFlags=0x0] 1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\atigktxx.dll 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=714a0000 'C:\Windows\system32\atigktxx.dll' 1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\aticfx32.dll 1478.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\aticfx32.dll (Input=aticfx32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ef00000 'C:\Windows\system32\aticfx32.dll' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL' 1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll 1478.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.DLL (Input=USER32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll' 1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll 1478.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OPENGL32.DLL (Input=OPENGL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e6f0000 'C:\Windows\system32\OPENGL32.DLL' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\perf.dll': 0 (NtPath=\??\C:\Windows\system32\perf.dll; Input=perf.dll; rcNtGetDll=0xc0000135 1478.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\perf.dll (Input=perf.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\perf.dll' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e6f0000 'C:\Windows\system32\OPENGL32.dll' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e6f0000 'C:\Windows\system32\OPENGL32.dll' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e6f0000 'C:\Windows\system32\OPENGL32.dll' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e6f0000 'C:\Windows\system32\OPENGL32.dll' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e6f0000 'C:\Windows\system32\OPENGL32.dll' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e6f0000 'C:\Windows\system32\OPENGL32.dll' 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e6f0000 'C:\Windows\system32\OPENGL32.dll' 1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll 1478.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e6f0000 'C:\Windows\system32\OPENGL32.dll' 1478.92c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1478.92c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 1478.92c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1478.92c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust 1478.92c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxGuestPropSvc.dll 1478.92c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1478.92c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1478.92c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1478.92c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 1478.92c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll 1478.92c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1478.92c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1478.92c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.92c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxGuestPropSvc.dll 1478.92c: supR3HardenedDllNotificationCallback: load 710b0000 LB 0x0000c000 C:\Program Files\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0] 1478.92c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxGuestPropSvc.dll 1478.92c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=710b0000 'C:\Program Files\VirtualBox\VBoxGuestPropSvc.DLL' 1478.151c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1478.151c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 1478.151c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1478.151c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust 1478.151c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxGuestControlSvc.dll 1478.151c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1478.151c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1478.151c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1478.151c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 1478.151c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1478.151c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1478.151c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.151c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxGuestControlSvc.dll 1478.151c: supR3HardenedDllNotificationCallback: load 70ff0000 LB 0x0000c000 C:\Program Files\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0] 1478.151c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxGuestControlSvc.dll 1478.151c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=70ff0000 'C:\Program Files\VirtualBox\VBoxGuestControlSvc.DLL' 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=761b0000 'C:\Windows\system32/Shell32.dll' 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=778c0000 'C:\Windows\system32\ole32.dll' 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77eb0000 'API-MS-Win-Security-SDDL-L1-1-0.dll' 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\profapi.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75d40000 'C:\Windows\system32\profapi.dll' 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxHostWebcam.dll) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxHostWebcam.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxVMM.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.x86/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxHostWebcam.dll 1478.12f8: supR3HardenedDllNotificationCallback: load 6ee90000 LB 0x0002d000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxHostWebcam.DLL [fFlags=0x0] 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxHostWebcam.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ee90000 'C:\Program Files\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.x86/VBoxHostWebcam.DLL' 1478.12f8: supR3HardenedDllNotificationCallback: Unload 6ee90000 LB 0x0002d000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxHostWebcam.DLL [flags=0x0] 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxREM64.dll) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxREM64.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxREM64.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxREM64.dll 1478.12f8: supR3HardenedDllNotificationCallback: load 6a020000 LB 0x0014c000 C:\Program Files\VirtualBox\VBoxREM64.DLL [fFlags=0x0] 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxREM64.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6a020000 'C:\Program Files\VirtualBox\VBoxREM64.DLL' 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDD.dll) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDD.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDD2.dll) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDD2.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDDU.dll) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDDU.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume1\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000e90 pwszName=\Device\HarddiskVolume1\Windows\System32\newdev.dll 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A76062289DF8B2E5D6ADEB5E71265D9C24321CC3 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume1\Windows\System32\newdev.dll' 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'uxtheme.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'cfgmgr32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'setupapi.dll'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\newdev.dll) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\newdev.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume1\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDD.dll 1478.12f8: supR3HardenedDllNotificationCallback: load 68d10000 LB 0x00864000 C:\Program Files\VirtualBox\VBoxDD.DLL [fFlags=0x0] 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDD.dll 1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDDU.dll 1478.12f8: supR3HardenedDllNotificationCallback: load 6e1e0000 LB 0x0004f000 C:\Program Files\VirtualBox\VBoxDDU.dll [fFlags=0x0] 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDDU.dll 1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\newdev.dll 1478.12f8: supR3HardenedDllNotificationCallback: load 72690000 LB 0x0004f000 C:\Windows\system32\newdev.dll [fFlags=0x0] 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\newdev.dll 1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDD2.dll 1478.12f8: supR3HardenedDllNotificationCallback: load 6dcc0000 LB 0x00032000 C:\Program Files\VirtualBox\VBoxDD2.dll [fFlags=0x0] 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDD2.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68d10000 'C:\Program Files\VirtualBox/VBoxDD.DLL' 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxHostWebcam.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.x86/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxHostWebcam.dll 1478.12f8: supR3HardenedDllNotificationCallback: load 6dc90000 LB 0x0002d000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxHostWebcam.DLL [fFlags=0x0] 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxHostWebcam.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6dc90000 'C:\Program Files\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.x86/VBoxHostWebcam.DLL' 1478.dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=760a0000 'C:\Windows\system32\OLEAUT32.dll' 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxC.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c06b4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxC.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6cf70000 'C:\Program Files\VirtualBox/VBoxC.DLL' 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDD2.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c06b4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDD2.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6dcc0000 'C:\Program Files\VirtualBox/VBoxDD2.DLL' 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxEhciR3.dll) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxEhciR3.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.x86/VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c06b4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxEhciR3.dll 1478.12f8: supR3HardenedDllNotificationCallback: load 6eea0000 LB 0x00015000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxEhciR3.DLL [fFlags=0x0] 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxEhciR3.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6eea0000 'C:\Program Files\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.x86/VBoxEhciR3.DLL' 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxUsbCardReaderR3.dll) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxUsbCardReaderR3.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.x86/VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c06b4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxUsbCardReaderR3.dll 1478.12f8: supR3HardenedDllNotificationCallback: load 70590000 LB 0x0000f000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxUsbCardReaderR3.DLL [fFlags=0x0] 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxUsbCardReaderR3.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=70590000 'C:\Program Files\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.x86/VBoxUsbCardReaderR3.DLL' 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxUsbWebcamR3.dll) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxUsbWebcamR3.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.x86/VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c06b4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxUsbWebcamR3.dll 1478.12f8: supR3HardenedDllNotificationCallback: load 70550000 LB 0x00010000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxUsbWebcamR3.DLL [fFlags=0x0] 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxUsbWebcamR3.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=70550000 'C:\Program Files\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.x86/VBoxUsbWebcamR3.DLL' 1478.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1478.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 1478.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1478.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust 1478.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSharedFolders.dll 1478.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1478.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1478.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 1478.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 1478.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1478.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1478.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c06b4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSharedFolders.dll 1478.f64: supR3HardenedDllNotificationCallback: load 6fce0000 LB 0x0000c000 C:\Program Files\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0] 1478.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSharedFolders.dll 1478.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6fce0000 'C:\Program Files\VirtualBox\VBoxSharedFolders.DLL' 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VDPluginCrypt.dll) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VDPluginCrypt.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.x86/VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c06b4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VDPluginCrypt.dll 1478.12f8: supR3HardenedDllNotificationCallback: load 6e140000 LB 0x00093000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VDPluginCrypt.DLL [fFlags=0x0] 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VDPluginCrypt.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e140000 'C:\Program Files\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.x86/VDPluginCrypt.DLL' 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000f3c pwszName=\Device\HarddiskVolume1\Windows\System32\dsound.dll 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=21B33CF8A06799AF36E2D0016F2A5AC0D97B1C05 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WinEmb-AV-Core~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\dsound.dll' 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dsound.dll) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dsound.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume1\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000f48 pwszName=\Device\HarddiskVolume1\Windows\System32\powrprof.dll 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7DE33595D32B0157063D86824D96D15D1D9B85F8 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\powrprof.dll' 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\powrprof.dll) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\powrprof.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c06b4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll 1478.12f8: supR3HardenedDllNotificationCallback: load 6cdf0000 LB 0x00072000 C:\Windows\system32\dsound.dll [fFlags=0x0] 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll 1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\powrprof.dll 1478.12f8: supR3HardenedDllNotificationCallback: load 71c90000 LB 0x00025000 C:\Windows\system32\POWRPROF.dll [fFlags=0x0] 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\powrprof.dll 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c05c4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6cdf0000 'C:\Windows\system32\dsound.dll' 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6cdf0000 'C:\Windows\system32/dsound.dll' 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000f6c pwszName=\Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A16340019E7F842E4BF56032BF9419CEB94E308 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll' 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume1\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000f50 pwszName=\Device\HarddiskVolume1\Windows\System32\propsys.dll 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=39F69E4150BBCFAB9B7D272CB7F7566E77AF0F26 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\propsys.dll' 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\propsys.dll) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\propsys.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008b5fec:C:\Windows\System32;C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll 1478.12f8: supR3HardenedDllNotificationCallback: load 74530000 LB 0x00039000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0] 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll 1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\propsys.dll 1478.12f8: supR3HardenedDllNotificationCallback: load 74930000 LB 0x000f5000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0] 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\propsys.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77820000 'C:\Windows\system32\ADVAPI32.dll' 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74530000 'C:\Windows\System32\MMDevApi.dll' 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=778c0000 'C:\Windows\system32\ole32.dll' 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77a30000 'C:\Windows\system32\SETUPAPI.dll' 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c05c4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77f00000 'C:\Windows\system32\SHLWAPI.dll' 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c05c4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74530000 'C:\Windows\system32\MMDEVAPI.DLL' 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=778c0000 'C:\Windows\system32\ole32.dll' 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c06b4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll' 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=008c06b4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77eb0000 'API-MS-WIN-Service-Management-L1-1-0.dll' 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=008c06b4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77eb0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll' 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77260000 'C:\Windows\system32\RPCRT4.dll' 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c06b4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74530000 'C:\Windows\system32\MMDevAPI.DLL' 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000f98 pwszName=\Device\HarddiskVolume1\Windows\System32\wdmaud.drv 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E4254EC416559B4A64F5A9B6B15BF9ABA3A523A8 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WinEmb-AV-Core~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\wdmaud.drv' 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ksuser.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'mmdevapi.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'avrt.dll'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wdmaud.drv) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wdmaud.drv 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000f68 pwszName=\Device\HarddiskVolume1\Windows\System32\avrt.dll 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4DE9938619CA34D8AB667314479368251A80309D 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WinEmb-AV-Core~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\avrt.dll' 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\avrt.dll) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\avrt.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume1\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000fa8 pwszName=\Device\HarddiskVolume1\Windows\System32\ksuser.dll 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=27461195FDA1028613EB103E644A96D64E32EC75 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WinEmb-AV-Core~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\ksuser.dll' 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ksuser.dll) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ksuser.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c06b4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv 1478.12f8: supR3HardenedDllNotificationCallback: load 724f0000 LB 0x00030000 C:\Windows\system32\wdmaud.drv [fFlags=0x0] 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv 1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ksuser.dll 1478.12f8: supR3HardenedDllNotificationCallback: load 718f0000 LB 0x00004000 C:\Windows\system32\ksuser.dll [fFlags=0x0] 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ksuser.dll 1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\avrt.dll 1478.12f8: supR3HardenedDllNotificationCallback: load 724d0000 LB 0x00007000 C:\Windows\system32\AVRT.dll [fFlags=0x0] 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\avrt.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=724f0000 'C:\Windows\system32\wdmaud.drv' 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c06b4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=724f0000 'C:\Windows\system32\wdmaud.drv' 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c06b4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=724f0000 'C:\Windows\system32\wdmaud.drv' 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c05c4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=724f0000 'C:\Windows\system32\wdmaud.drv' 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c05c4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=724f0000 'C:\Windows\system32\wdmaud.drv' 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000fac pwszName=\Device\HarddiskVolume1\Windows\System32\AudioSes.dll 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=29EB271C656F27DF10164B84692A17D171E07B18 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_153_for_KB3033929~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\AudioSes.dll' 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\AudioSes.dll) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\AudioSes.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\AudioSes.dll 1478.12f8: supR3HardenedDllNotificationCallback: load 73300000 LB 0x00036000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0] 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\AudioSes.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73300000 'C:\Windows\system32\AUDIOSES.DLL' 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=724f0000 'C:\Windows\system32\wdmaud.drv' 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008bfebc:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=724f0000 'C:\Windows\system32\wdmaud.drv' 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=724f0000 'C:\Windows\system32\wdmaud.drv' 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=724f0000 'C:\Windows\system32\wdmaud.drv' 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=724f0000 'C:\Windows\system32\wdmaud.drv' 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=724f0000 'C:\Windows\system32\wdmaud.drv' 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000fcc pwszName=\Device\HarddiskVolume1\Windows\System32\msacm32.drv 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A5713EF7E40CCD29B21B2EB6B66D2F9430B21CEA 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\msacm32.drv' 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msacm32.drv) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msacm32.drv 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000fe0 pwszName=\Device\HarddiskVolume1\Windows\System32\msacm32.dll 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=89F1B652F75B0ADD8E12409835E5A467A4A5132A 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\msacm32.dll' 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msacm32.dll) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msacm32.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0256e724:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv 1478.12f8: supR3HardenedDllNotificationCallback: load 72590000 LB 0x00008000 C:\Windows\system32\msacm32.drv [fFlags=0x0] 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv 1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.dll 1478.12f8: supR3HardenedDllNotificationCallback: load 71f70000 LB 0x00014000 C:\Windows\system32\MSACM32.dll [fFlags=0x0] 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72590000 'C:\Windows\system32\msacm32.drv' 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0256e724:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72590000 'C:\Windows\system32\msacm32.drv' 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0256e724:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72590000 'C:\Windows\system32\msacm32.drv' 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0256e724:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72590000 'C:\Windows\system32\msacm32.drv' 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0256e724:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72590000 'C:\Windows\system32\msacm32.drv' 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0256e724:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72590000 'C:\Windows\system32\msacm32.drv' 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0256e724:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72590000 'C:\Windows\system32\msacm32.drv' 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72590000 'C:\Windows\system32\msacm32.drv' 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72590000 'C:\Windows\system32\msacm32.drv' 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72590000 'C:\Windows\system32\msacm32.drv' 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000fd8 pwszName=\Device\HarddiskVolume1\Windows\System32\midimap.dll 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5036FF0D7DA44D9D1865A8199BB777EB13FF84EE 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\midimap.dll' 1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'. 1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\midimap.dll) WinVerifyTrust 1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\midimap.dll 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0256e724:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll 1478.12f8: supR3HardenedDllNotificationCallback: load 72580000 LB 0x00007000 C:\Windows\system32\midimap.dll [fFlags=0x0] 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72580000 'C:\Windows\system32\midimap.dll' 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0256e724:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72580000 'C:\Windows\system32\midimap.dll' 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0256e724:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72580000 'C:\Windows\system32\midimap.dll' 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0256e724:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72580000 'C:\Windows\system32\midimap.dll' 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll' 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll' 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll' 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=778c0000 'C:\Windows\system32\ole32.dll' 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll' 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0256e724:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll' 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll' 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll' 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll' 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll' 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll' 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll' 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008b5fec:C:\Windows\System32;C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6cdf0000 'C:\Windows\System32\dsound.dll' 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll' 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll' 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll' 1478.de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\AudioSes.dll 1478.de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\audioses.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008b5fec:C:\Windows\System32;C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73300000 'C:\Windows\System32\audioses.dll' 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll' 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll' 1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0256e904:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll 1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77c80000 'C:\Windows\system32/kernel32.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000b20 pwszName=\Device\HarddiskVolume1\Windows\System32\mscms.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0256eb5c:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75f10000 'C:\Windows\system32\WINTRUST.DLL' 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0256eb5c:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75d90000 'C:\Windows\system32\CRYPT32.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5F71A76E21B72F2699E1D2DFFD9B5F7E0901418C 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74310000 'C:\Windows\system32\cryptnet.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Embedded-Features-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\mscms.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'userenv.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\mscms.dll) WinVerifyTrust 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\mscms.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume1\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\userenv.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mscms.dll (Input=mscms.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0024:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\mscms.dll 1478.1738: supR3HardenedDllNotificationCallback: load 71030000 LB 0x00079000 C:\Windows\system32\mscms.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\mscms.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=71030000 'C:\Windows\system32\mscms.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000113c pwszName=\Device\HarddiskVolume1\Windows\System32\icm32.dll 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6F1E50BC8E3F6E3FC4EF4F36F1F082B464110CD9 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Embedded-Features-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\icm32.dll' 1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mscms.dll'. 1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\icm32.dll) WinVerifyTrust 1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\icm32.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mscms.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'mscms.dll' -> '\Device\HarddiskVolume1\Windows\System32\mscms.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\mscms.dll 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\icm32.dll (Input=icm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0024:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\icm32.dll 1478.1738: supR3HardenedDllNotificationCallback: load 6cc90000 LB 0x00038000 C:\Windows\system32\icm32.dll [fFlags=0x0] 1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\icm32.dll 1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6cc90000 'C:\Windows\system32\icm32.dll' 1478.173c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\avrt.dll 1478.173c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0024:C:\Program Files\VirtualBox;C:\Windows\system32 [calling] 1478.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=724d0000 'C:\Windows\system32\avrt.dll' 1478.f64: supR3HardenedDllNotificationCallback: Unload 6fce0000 LB 0x0000c000 C:\Program Files\VirtualBox\VBoxSharedFolders.DLL [flags=0x0] 1478.151c: supR3HardenedDllNotificationCallback: Unload 70ff0000 LB 0x0000c000 C:\Program Files\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0] 1478.92c: supR3HardenedDllNotificationCallback: Unload 710b0000 LB 0x0000c000 C:\Program Files\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0] 1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e6f0000 'C:\Windows\system32\OPENGL32.dll' 1478.9c8: supR3HardenedDllNotificationCallback: Unload 6e2e0000 LB 0x00018000 C:\Program Files\VirtualBox\VBoxOGLhosterrorspu.dll [flags=0x0] 1478.9c8: supR3HardenedDllNotificationCallback: Unload 6ce70000 LB 0x000f5000 C:\Program Files\VirtualBox\VBoxSharedCrOpenGL.DLL [flags=0x0] 1478.9c8: supR3HardenedDllNotificationCallback: Unload 705a0000 LB 0x00020000 C:\Program Files\VirtualBox\VBoxOGLrenderspu.dll [flags=0x0] 1478.9c8: supR3HardenedDllNotificationCallback: Unload 6fa70000 LB 0x00028000 C:\Program Files\VirtualBox\VBoxOGLhostcrutil.dll [flags=0x0] 1478.14ac: supR3HardenedDllNotificationCallback: Unload 71cc0000 LB 0x0000c000 C:\Program Files\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0] 1478.1374: supR3HardenedDllNotificationCallback: Unload 71ef0000 LB 0x00009000 C:\Program Files\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0] 1478.12f8: supR3HardenedDllNotificationCallback: Unload 70550000 LB 0x00010000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxUsbWebcamR3.DLL [flags=0x0] 1478.12f8: supR3HardenedDllNotificationCallback: Unload 70590000 LB 0x0000f000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxUsbCardReaderR3.DLL [flags=0x0] 1478.12f8: supR3HardenedDllNotificationCallback: Unload 6eea0000 LB 0x00015000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxEhciR3.DLL [flags=0x0] 1478.12f8: supR3HardenedDllNotificationCallback: Unload 6dc90000 LB 0x0002d000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxHostWebcam.DLL [flags=0x0] 1478.12f8: supR3HardenedDllNotificationCallback: Unload 68d10000 LB 0x00864000 C:\Program Files\VirtualBox\VBoxDD.DLL [flags=0x0] 1478.12f8: supR3HardenedDllNotificationCallback: Unload 6dcc0000 LB 0x00032000 C:\Program Files\VirtualBox\VBoxDD2.dll [flags=0x0] 1478.12f8: supR3HardenedDllNotificationCallback: Unload 6e1e0000 LB 0x0004f000 C:\Program Files\VirtualBox\VBoxDDU.dll [flags=0x0] 1478.12f8: supR3HardenedDllNotificationCallback: Unload 72690000 LB 0x0004f000 C:\Windows\system32\newdev.dll [flags=0x0] 1478.12f8: supR3HardenedDllNotificationCallback: Unload 6a020000 LB 0x0014c000 C:\Program Files\VirtualBox\VBoxREM64.DLL [flags=0x0] 1478.1738: supR3HardenedDllNotificationCallback: Unload 71f20000 LB 0x00006000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxPuelMain.DLL [flags=0x0] 1478.1738: supR3HardenedDllNotificationCallback: Unload 70040000 LB 0x00067000 c:\Windows\system32\netcfgx.dll [flags=0x0] 1478.1738: supR3HardenedDllNotificationCallback: Unload 75ae0000 LB 0x0001c000 c:\Windows\system32\IPHLPAPI.DLL [flags=0x0] 1478.1738: supR3HardenedDllNotificationCallback: Unload 75ad0000 LB 0x00007000 c:\Windows\system32\WINNSI.DLL [flags=0x0] 1478.1738: supR3HardenedDllNotificationCallback: Unload 75ac0000 LB 0x0000a000 c:\Windows\system32\slc.dll [flags=0x0] 1478.1738: supR3HardenedDllNotificationCallback: Unload 701e0000 LB 0x00096000 C:\Windows\system32\wbem\fastprox.dll [flags=0x0] 1478.1738: supR3HardenedDllNotificationCallback: Unload 701c0000 LB 0x00018000 C:\Windows\system32\NTDSAPI.dll [flags=0x0] 1478.1738: supR3HardenedDllNotificationCallback: Unload 6fe80000 LB 0x0000f000 C:\Windows\system32\wbem\wbemsvc.dll [flags=0x0] 1478.1738: supR3HardenedDllNotificationCallback: Unload 72990000 LB 0x0000a000 C:\Windows\system32\wbem\wbemprox.dll [flags=0x0] 1478.1738: supR3HardenedDllNotificationCallback: Unload 70f60000 LB 0x0005c000 C:\Windows\system32\wbemcomn.dll [flags=0x0] 1478.1738: supR3HardenedDllNotificationCallback: Unload 6cf70000 LB 0x004f4000 C:\Program Files\VirtualBox\VBoxC.dll [flags=0x0] 1478.1738: Terminating the normal way: rcExit=0 d64.1424: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 262063 ms, the end); 13fc.f84: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 262537 ms, the end);