7c4.4f0: Log file opened: 5.0.32r112930 g_hStartupLog=00000010 g_uNtVerCombined=0x611db110 7c4.4f0: \SystemRoot\System32\ntdll.dll: 7c4.4f0: CreationTime: 2015-11-25T03:56:08.766844500Z 7c4.4f0: LastWriteTime: 2015-10-20T00:48:47.299796500Z 7c4.4f0: ChangeTime: 2015-11-25T14:23:06.915189800Z 7c4.4f0: FileAttributes: 0x20 7c4.4f0: Size: 0x13f600 7c4.4f0: NT Headers: 0xd0 7c4.4f0: Timestamp: 0x56258dbb 7c4.4f0: Machine: 0x14c - i386 7c4.4f0: Timestamp: 0x56258dbb 7c4.4f0: Image Version: 6.1 7c4.4f0: SizeOfImage: 0x141000 (1314816) 7c4.4f0: Resource Dir: 0xe1000 LB 0x5a028 7c4.4f0: ProductName: Microsoft® Windows® Operating System 7c4.4f0: ProductVersion: 6.1.7601.19045 7c4.4f0: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254) 7c4.4f0: FileDescription: NT Layer DLL 7c4.4f0: \SystemRoot\System32\kernel32.dll: 7c4.4f0: CreationTime: 2015-11-25T03:47:39.091233200Z 7c4.4f0: LastWriteTime: 2015-05-09T03:13:42.222000000Z 7c4.4f0: ChangeTime: 2015-11-25T14:22:41.419358400Z 7c4.4f0: FileAttributes: 0x20 7c4.4f0: Size: 0xd4000 7c4.4f0: NT Headers: 0xf0 7c4.4f0: Timestamp: 0x554d7aff 7c4.4f0: Machine: 0x14c - i386 7c4.4f0: Timestamp: 0x554d7aff 7c4.4f0: Image Version: 6.1 7c4.4f0: SizeOfImage: 0xd4000 (868352) 7c4.4f0: Resource Dir: 0xc7000 LB 0x528 7c4.4f0: ProductName: Microsoft® Windows® Operating System 7c4.4f0: ProductVersion: 6.1.7601.18847 7c4.4f0: FileVersion: 6.1.7601.18847 (win7sp1_gdr.150508-1512) 7c4.4f0: FileDescription: Windows NT BASE API Client DLL 7c4.4f0: \SystemRoot\System32\KernelBase.dll: 7c4.4f0: CreationTime: 2015-11-25T03:47:38.995193500Z 7c4.4f0: LastWriteTime: 2015-05-09T03:13:42.222000000Z 7c4.4f0: ChangeTime: 2015-11-25T14:22:41.523968400Z 7c4.4f0: FileAttributes: 0x20 7c4.4f0: Size: 0x47a00 7c4.4f0: NT Headers: 0xe0 7c4.4f0: Timestamp: 0x554d7b00 7c4.4f0: Machine: 0x14c - i386 7c4.4f0: Timestamp: 0x554d7b00 7c4.4f0: Image Version: 6.1 7c4.4f0: SizeOfImage: 0x4b000 (307200) 7c4.4f0: Resource Dir: 0x47000 LB 0x530 7c4.4f0: ProductName: Microsoft® Windows® Operating System 7c4.4f0: ProductVersion: 6.1.7601.18847 7c4.4f0: FileVersion: 6.1.7601.18847 (win7sp1_gdr.150508-1512) 7c4.4f0: FileDescription: Windows NT BASE API Client DLL 7c4.4f0: \SystemRoot\System32\apisetschema.dll: 7c4.4f0: CreationTime: 2015-11-25T03:56:08.127808000Z 7c4.4f0: LastWriteTime: 2015-10-20T00:35:03.776000000Z 7c4.4f0: ChangeTime: 2015-11-25T14:23:06.911047000Z 7c4.4f0: FileAttributes: 0x20 7c4.4f0: Size: 0x1a00 7c4.4f0: NT Headers: 0xc0 7c4.4f0: Timestamp: 0x56258c72 7c4.4f0: Machine: 0x14c - i386 7c4.4f0: Timestamp: 0x56258c72 7c4.4f0: Image Version: 6.1 7c4.4f0: SizeOfImage: 0x50000 (327680) 7c4.4f0: Resource Dir: 0x30000 LB 0x3f8 7c4.4f0: ProductName: Microsoft® Windows® Operating System 7c4.4f0: ProductVersion: 6.1.7601.19045 7c4.4f0: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254) 7c4.4f0: FileDescription: ApiSet Schema DLL 7c4.4f0: supR3HardenedWinFindAdversaries: 0x0 7c4.4f0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 7c4.4f0: Calling main() 7c4.4f0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 7c4.4f0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 7c4.4f0: SUPR3HardenedMain: Respawn #1 7c4.4f0: System32: \Device\HarddiskVolume2\Windows\System32 7c4.4f0: WinSxS: \Device\HarddiskVolume2\Windows\winsxs 7c4.4f0: KnownDllPath: C:\Windows\system32 7c4.4f0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 7c4.4f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 7c4.4f0: supR3HardNtEnableThreadCreation: 7c4.4f0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77573911 pvNtTerminateThread=775569c0 7c4.4f0: supR3HardenedWinDoReSpawn(1): New child 7dc.934 [kernel32]. 7c4.4f0: supR3HardNtChildGatherData: PebBaseAddress=7ffda000 cbPeb=0x248 7c4.4f0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=77510000 uNtDllChildAddr=77510000 7c4.4f0: supR3HardenedWinSetupChildInit: uLdrInitThunk=77573911 7c4.4f0: supR3HardenedWinSetupChildInit: Start child. 7c4.4f0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 7c4.4f0: supR3HardNtChildPurify: Startup delay kludge #1/0: 265 ms, 0 sleeps 7c4.4f0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 7c4.4f0: *00000000-fffeffff 0x0001/0x0000 0x0000000 7c4.4f0: *00010000-fffeffff 0x0004/0x0004 0x0020000 7c4.4f0: *00030000-0002bfff 0x0002/0x0002 0x0040000 7c4.4f0: 00034000-00027fff 0x0001/0x0000 0x0000000 7c4.4f0: *00040000-0003efff 0x0004/0x0004 0x0020000 7c4.4f0: 00041000-00021fff 0x0001/0x0000 0x0000000 7c4.4f0: *00060000-fff62fff 0x0000/0x0004 0x0020000 7c4.4f0: 0015d000-0015bfff 0x0104/0x0004 0x0020000 7c4.4f0: 0015e000-0015bfff 0x0004/0x0004 0x0020000 7c4.4f0: 00160000-ff81ffff 0x0001/0x0000 0x0000000 7c4.4f0: *00aa0000-00aa0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 7c4.4f0: 00aa1000-00b05fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 7c4.4f0: 00b06000-00b06fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 7c4.4f0: 00b07000-00b40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 7c4.4f0: 00b41000-00b41fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 7c4.4f0: 00b42000-00b42fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 7c4.4f0: 00b43000-00b43fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 7c4.4f0: 00b44000-00b44fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 7c4.4f0: 00b45000-00b49fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 7c4.4f0: 00b4a000-00b4cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 7c4.4f0: 00b4d000-00b90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 7c4.4f0: 00b91000-8a211fff 0x0001/0x0000 0x0000000 7c4.4f0: *77510000-77510fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 7c4.4f0: 77511000-775e7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 7c4.4f0: 775e8000-775edfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 7c4.4f0: 775ee000-775eefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 7c4.4f0: 775ef000-775f0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 7c4.4f0: 775f1000-77650fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 7c4.4f0: 77651000-77531fff 0x0001/0x0000 0x0000000 7c4.4f0: *77770000-77770fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll 7c4.4f0: 77771000-6ef31fff 0x0001/0x0000 0x0000000 7c4.4f0: *7ffb0000-7ff8cfff 0x0002/0x0002 0x0040000 7c4.4f0: 7ffd3000-7ffcbfff 0x0001/0x0000 0x0000000 7c4.4f0: *7ffda000-7ffd8fff 0x0004/0x0004 0x0020000 7c4.4f0: 7ffdb000-7ffd6fff 0x0001/0x0000 0x0000000 7c4.4f0: *7ffdf000-7ffddfff 0x0004/0x0004 0x0020000 7c4.4f0: *7ffe0000-7ffdefff 0x0002/0x0002 0x0020000 7c4.4f0: 7ffe1000-7ffd1fff 0x0001/0x0002 0x0020000 7c4.4f0: apisetschema.dll: timestamp 0x56258c72 (rc=VINF_SUCCESS) 7c4.4f0: VirtualBox.exe: timestamp 0x587d2ace (rc=VINF_SUCCESS) 7c4.4f0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 7c4.4f0: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports 7c4.4f0: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 7c4.4f0: supR3HardNtChildPurify: Done after 296 ms and 0 fixes (loop #0). 7c4.4f0: supR3HardNtEnableThreadCreation: 7dc.934: Log file opened: 5.0.32r112930 g_hStartupLog=00000004 g_uNtVerCombined=0x611db100 7dc.934: supR3HardenedVmProcessInit: uNtDllAddr=77510000 g_uNtVerCombined=0x611db100 7dc.934: ntdll.dll: timestamp 0x56258dbb (rc=VINF_SUCCESS) 7dc.934: New simple heap: #1 00260000 LB 0x400000 (for 1314816 allocation) 7dc.934: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 7dc.934: System32: \Device\HarddiskVolume2\Windows\System32 7dc.934: WinSxS: \Device\HarddiskVolume2\Windows\winsxs 7dc.934: KnownDllPath: C:\Windows\system32 7dc.934: supR3HardenedVmProcessInit: Opening vboxdrv stub... 7dc.934: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 7dc.934: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 7dc.934: Registered Dll notification callback with NTDLL. 7dc.934: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) 7dc.934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll 7dc.934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000: [calling] 7dc.934: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 7dc.934: supR3HardenedDllNotificationCallback: load 758e0000 LB 0x000d4000 C:\Windows\system32\kernel32.dll [fFlags=0x0] 7dc.934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 7dc.934: supR3HardenedDllNotificationCallback: load 75510000 LB 0x0004b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] 7dc.934: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) 7dc.934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 7dc.934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=758e0000 'C:\Windows\system32\kernel32.dll' 7dc.934: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77573911 pvNtTerminateThread=775569c0 7dc.934: \SystemRoot\System32\ntdll.dll: 7c4.4f0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 312 ms. 7dc.934: CreationTime: 2015-11-25T03:56:08.766844500Z 7dc.934: LastWriteTime: 2015-10-20T00:48:47.299796500Z 7dc.934: ChangeTime: 2015-11-25T14:23:06.915189800Z 7dc.934: FileAttributes: 0x20 7dc.934: Size: 0x13f600 7dc.934: NT Headers: 0xd0 7dc.934: Timestamp: 0x56258dbb 7dc.934: Machine: 0x14c - i386 7dc.934: Timestamp: 0x56258dbb 7dc.934: Image Version: 6.1 7dc.934: SizeOfImage: 0x141000 (1314816) 7dc.934: Resource Dir: 0xe1000 LB 0x5a028 7dc.934: ProductName: Microsoft® Windows® Operating System 7dc.934: ProductVersion: 6.1.7601.19045 7dc.934: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254) 7dc.934: FileDescription: NT Layer DLL 7dc.934: \SystemRoot\System32\kernel32.dll: 7dc.934: CreationTime: 2015-11-25T03:47:39.091233200Z 7dc.934: LastWriteTime: 2015-05-09T03:13:42.222000000Z 7dc.934: ChangeTime: 2015-11-25T14:22:41.419358400Z 7dc.934: FileAttributes: 0x20 7dc.934: Size: 0xd4000 7dc.934: NT Headers: 0xf0 7dc.934: Timestamp: 0x554d7aff 7dc.934: Machine: 0x14c - i386 7dc.934: Timestamp: 0x554d7aff 7dc.934: Image Version: 6.1 7dc.934: SizeOfImage: 0xd4000 (868352) 7dc.934: Resource Dir: 0xc7000 LB 0x528 7dc.934: ProductName: Microsoft® Windows® Operating System 7dc.934: ProductVersion: 6.1.7601.18847 7dc.934: FileVersion: 6.1.7601.18847 (win7sp1_gdr.150508-1512) 7dc.934: FileDescription: Windows NT BASE API Client DLL 7dc.934: \SystemRoot\System32\KernelBase.dll: 7dc.934: CreationTime: 2015-11-25T03:47:38.995193500Z 7dc.934: LastWriteTime: 2015-05-09T03:13:42.222000000Z 7dc.934: ChangeTime: 2015-11-25T14:22:41.523968400Z 7dc.934: FileAttributes: 0x20 7dc.934: Size: 0x47a00 7dc.934: NT Headers: 0xe0 7dc.934: Timestamp: 0x554d7b00 7dc.934: Machine: 0x14c - i386 7dc.934: Timestamp: 0x554d7b00 7dc.934: Image Version: 6.1 7dc.934: SizeOfImage: 0x4b000 (307200) 7dc.934: Resource Dir: 0x47000 LB 0x530 7dc.934: ProductName: Microsoft® Windows® Operating System 7dc.934: ProductVersion: 6.1.7601.18847 7dc.934: FileVersion: 6.1.7601.18847 (win7sp1_gdr.150508-1512) 7dc.934: FileDescription: Windows NT BASE API Client DLL 7dc.934: \SystemRoot\System32\apisetschema.dll: 7dc.934: CreationTime: 2015-11-25T03:56:08.127808000Z 7dc.934: LastWriteTime: 2015-10-20T00:35:03.776000000Z 7dc.934: ChangeTime: 2015-11-25T14:23:06.911047000Z 7dc.934: FileAttributes: 0x20 7dc.934: Size: 0x1a00 7dc.934: NT Headers: 0xc0 7dc.934: Timestamp: 0x56258c72 7dc.934: Machine: 0x14c - i386 7dc.934: Timestamp: 0x56258c72 7dc.934: Image Version: 6.1 7dc.934: SizeOfImage: 0x50000 (327680) 7dc.934: Resource Dir: 0x30000 LB 0x3f8 7dc.934: ProductName: Microsoft® Windows® Operating System 7dc.934: ProductVersion: 6.1.7601.19045 7dc.934: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254) 7dc.934: FileDescription: ApiSet Schema DLL 7dc.934: supR3HardenedWinFindAdversaries: 0x0 7dc.934: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 7dc.934: Calling main() 7dc.934: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 7dc.934: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 7dc.934: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 7dc.934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 7dc.934: SUPR3HardenedMain: Respawn #2 7dc.934: supR3HardNtEnableThreadCreation: 7dc.934: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll) 7dc.934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll 7dc.934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000: [calling] 7dc.934: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 7dc.934: supR3HardenedDllNotificationCallback: load 75380000 LB 0x0004c000 C:\Windows\system32\apphelp.dll [fFlags=0x0] 7dc.934: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 7dc.934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75380000 'C:\Windows\system32\apphelp.dll' 7dc.934: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77573911 pvNtTerminateThread=775569c0 7dc.934: supR3HardenedWinDoReSpawn(2): New child cdc.ce0 [kernel32]. 7dc.934: supR3HardNtChildGatherData: PebBaseAddress=7ffd9000 cbPeb=0x248 7dc.934: supR3HardNtPuChFindNtdll: uNtDllParentAddr=77510000 uNtDllChildAddr=77510000 7dc.934: supR3HardenedWinSetupChildInit: uLdrInitThunk=77573911 7dc.934: supR3HardenedWinSetupChildInit: Start child. 7dc.934: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 7dc.934: supR3HardNtChildPurify: Startup delay kludge #1/0: 265 ms, 0 sleeps 7dc.934: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 7dc.934: *00000000-fffeffff 0x0001/0x0000 0x0000000 7dc.934: *00010000-fffeffff 0x0004/0x0004 0x0020000 7dc.934: *00030000-0002bfff 0x0002/0x0002 0x0040000 7dc.934: 00034000-00027fff 0x0001/0x0000 0x0000000 7dc.934: *00040000-0003efff 0x0004/0x0004 0x0020000 7dc.934: 00041000-ffee1fff 0x0001/0x0000 0x0000000 7dc.934: *001a0000-000a2fff 0x0000/0x0004 0x0020000 7dc.934: 0029d000-0029bfff 0x0104/0x0004 0x0020000 7dc.934: 0029e000-0029bfff 0x0004/0x0004 0x0020000 7dc.934: 002a0000-ffa9ffff 0x0001/0x0000 0x0000000 7dc.934: *00aa0000-00aa0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 7dc.934: 00aa1000-00b05fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 7dc.934: 00b06000-00b06fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 7dc.934: 00b07000-00b40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 7dc.934: 00b41000-00b41fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 7dc.934: 00b42000-00b42fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 7dc.934: 00b43000-00b43fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 7dc.934: 00b44000-00b44fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 7dc.934: 00b45000-00b49fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 7dc.934: 00b4a000-00b4cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 7dc.934: 00b4d000-00b90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 7dc.934: 00b91000-8a211fff 0x0001/0x0000 0x0000000 7dc.934: *77510000-77510fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 7dc.934: 77511000-775e7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 7dc.934: 775e8000-775edfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 7dc.934: 775ee000-775eefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 7dc.934: 775ef000-775f0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 7dc.934: 775f1000-77650fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 7dc.934: 77651000-77531fff 0x0001/0x0000 0x0000000 7dc.934: *77770000-77770fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll 7dc.934: 77771000-6ef31fff 0x0001/0x0000 0x0000000 7dc.934: *7ffb0000-7ff8cfff 0x0002/0x0002 0x0040000 7dc.934: 7ffd3000-7ffccfff 0x0001/0x0000 0x0000000 7dc.934: *7ffd9000-7ffd7fff 0x0004/0x0004 0x0020000 7dc.934: 7ffda000-7ffd4fff 0x0001/0x0000 0x0000000 7dc.934: *7ffdf000-7ffddfff 0x0004/0x0004 0x0020000 7dc.934: *7ffe0000-7ffdefff 0x0002/0x0002 0x0020000 7dc.934: 7ffe1000-7ffd1fff 0x0001/0x0002 0x0020000 7dc.934: apisetschema.dll: timestamp 0x56258c72 (rc=VINF_SUCCESS) 7dc.934: VirtualBox.exe: timestamp 0x587d2ace (rc=VINF_SUCCESS) 7dc.934: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 7dc.934: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports 7dc.934: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 7dc.934: supR3HardNtChildPurify: Done after 296 ms and 0 fixes (loop #0). 7dc.934: supR3HardenedEarlyCompact: Removed heap 1 (0x260000 LB 0x400000) cdc.ce0: Log file opened: 5.0.32r112930 g_hStartupLog=00000004 g_uNtVerCombined=0x611db100 cdc.ce0: supR3HardenedVmProcessInit: uNtDllAddr=77510000 g_uNtVerCombined=0x611db100 7dc.934: supR3HardNtEnableThreadCreation: cdc.ce0: ntdll.dll: timestamp 0x56258dbb (rc=VINF_SUCCESS) cdc.ce0: New simple heap: #1 002a0000 LB 0x400000 (for 1314816 allocation) cdc.ce0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' cdc.ce0: System32: \Device\HarddiskVolume2\Windows\System32 cdc.ce0: WinSxS: \Device\HarddiskVolume2\Windows\winsxs cdc.ce0: KnownDllPath: C:\Windows\system32 cdc.ce0: supR3HardenedVmProcessInit: Opening vboxdrv... cdc.ce0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... cdc.ce0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... cdc.ce0: Registered Dll notification callback with NTDLL. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000: [calling] cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedDllNotificationCallback: load 758e0000 LB 0x000d4000 C:\Windows\system32\kernel32.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedDllNotificationCallback: load 75510000 LB 0x0004b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=758e0000 'C:\Windows\system32\kernel32.dll' cdc.ce0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77573911 pvNtTerminateThread=775569c0 cdc.ce0: \SystemRoot\System32\ntdll.dll: cdc.ce0: CreationTime: 2015-11-25T03:56:08.766844500Z cdc.ce0: LastWriteTime: 2015-10-20T00:48:47.299796500Z cdc.ce0: ChangeTime: 2015-11-25T14:23:06.915189800Z cdc.ce0: FileAttributes: 0x20 cdc.ce0: Size: 0x13f600 7dc.934: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 16 ms. cdc.ce0: NT Headers: 0xd0 cdc.ce0: Timestamp: 0x56258dbb cdc.ce0: Machine: 0x14c - i386 cdc.ce0: Timestamp: 0x56258dbb cdc.ce0: Image Version: 6.1 cdc.ce0: SizeOfImage: 0x141000 (1314816) cdc.ce0: Resource Dir: 0xe1000 LB 0x5a028 cdc.ce0: ProductName: Microsoft® Windows® Operating System cdc.ce0: ProductVersion: 6.1.7601.19045 cdc.ce0: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254) cdc.ce0: FileDescription: NT Layer DLL cdc.ce0: \SystemRoot\System32\kernel32.dll: cdc.ce0: CreationTime: 2015-11-25T03:47:39.091233200Z cdc.ce0: LastWriteTime: 2015-05-09T03:13:42.222000000Z cdc.ce0: ChangeTime: 2015-11-25T14:22:41.419358400Z cdc.ce0: FileAttributes: 0x20 cdc.ce0: Size: 0xd4000 cdc.ce0: NT Headers: 0xf0 cdc.ce0: Timestamp: 0x554d7aff cdc.ce0: Machine: 0x14c - i386 cdc.ce0: Timestamp: 0x554d7aff cdc.ce0: Image Version: 6.1 cdc.ce0: SizeOfImage: 0xd4000 (868352) cdc.ce0: Resource Dir: 0xc7000 LB 0x528 cdc.ce0: ProductName: Microsoft® Windows® Operating System cdc.ce0: ProductVersion: 6.1.7601.18847 cdc.ce0: FileVersion: 6.1.7601.18847 (win7sp1_gdr.150508-1512) cdc.ce0: FileDescription: Windows NT BASE API Client DLL cdc.ce0: \SystemRoot\System32\KernelBase.dll: cdc.ce0: CreationTime: 2015-11-25T03:47:38.995193500Z cdc.ce0: LastWriteTime: 2015-05-09T03:13:42.222000000Z cdc.ce0: ChangeTime: 2015-11-25T14:22:41.523968400Z cdc.ce0: FileAttributes: 0x20 cdc.ce0: Size: 0x47a00 cdc.ce0: NT Headers: 0xe0 cdc.ce0: Timestamp: 0x554d7b00 cdc.ce0: Machine: 0x14c - i386 cdc.ce0: Timestamp: 0x554d7b00 cdc.ce0: Image Version: 6.1 cdc.ce0: SizeOfImage: 0x4b000 (307200) cdc.ce0: Resource Dir: 0x47000 LB 0x530 cdc.ce0: ProductName: Microsoft® Windows® Operating System cdc.ce0: ProductVersion: 6.1.7601.18847 cdc.ce0: FileVersion: 6.1.7601.18847 (win7sp1_gdr.150508-1512) cdc.ce0: FileDescription: Windows NT BASE API Client DLL cdc.ce0: \SystemRoot\System32\apisetschema.dll: cdc.ce0: CreationTime: 2015-11-25T03:56:08.127808000Z cdc.ce0: LastWriteTime: 2015-10-20T00:35:03.776000000Z cdc.ce0: ChangeTime: 2015-11-25T14:23:06.911047000Z cdc.ce0: FileAttributes: 0x20 cdc.ce0: Size: 0x1a00 cdc.ce0: NT Headers: 0xc0 cdc.ce0: Timestamp: 0x56258c72 cdc.ce0: Machine: 0x14c - i386 cdc.ce0: Timestamp: 0x56258c72 cdc.ce0: Image Version: 6.1 cdc.ce0: SizeOfImage: 0x50000 (327680) cdc.ce0: Resource Dir: 0x30000 LB 0x3f8 cdc.ce0: ProductName: Microsoft® Windows® Operating System cdc.ce0: ProductVersion: 6.1.7601.19045 cdc.ce0: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254) cdc.ce0: FileDescription: ApiSet Schema DLL cdc.ce0: supR3HardenedWinFindAdversaries: 0x0 cdc.ce0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' cdc.ce0: Calling main() cdc.ce0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 cdc.ce0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' cdc.ce0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) cdc.ce0: SUPR3HardenedMain: Final process, opening VBoxDrv... cdc.ce0: supR3HardenedEarlyCompact: Removed heap 1 (0x2a0000 LB 0x400000) cdc.ce0: supR3HardNtEnableThreadCreation: cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e2cbc:C:\Windows\system32 [calling] cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedDllNotificationCallback: load 6bd10000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6bd10000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6bd10000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6bd10000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll) cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll) cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll) cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll) cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll) cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e2cbc:C:\Windows\system32 [calling] cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedDllNotificationCallback: load 75560000 LB 0x0002f000 C:\Windows\system32\Wintrust.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedDllNotificationCallback: load 76d40000 LB 0x000ac000 C:\Windows\system32\msvcrt.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedDllNotificationCallback: load 755b0000 LB 0x00121000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedDllNotificationCallback: load 754e0000 LB 0x0000c000 C:\Windows\system32\MSASN1.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedDllNotificationCallback: load 76e00000 LB 0x000a2000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75560000 'C:\Windows\system32\Wintrust.dll' cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll) cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e2cbc:C:\Windows\system32 [calling] cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedDllNotificationCallback: load 75000000 LB 0x00017000 C:\Windows\system32\bcrypt.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75000000 'C:\Windows\system32\bcrypt.dll' cdc.ce0: bcrypt.dll loaded at 75000000, BCryptOpenAlgorithmProvider at 75002cda, preloading providers: cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll) cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll) cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedDllNotificationCallback: load 74bd0000 LB 0x0003d000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedDllNotificationCallback: load 77170000 LB 0x000a1000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll) cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll cdc.ce0: supR3HardenedDllNotificationCallback: load 77660000 LB 0x00019000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74bd0000 'C:\Windows\system32\bcryptprimitives.dll' cdc.ce0: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=008009b0) cdc.ce0: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=008010c0) cdc.ce0: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00801e18) cdc.ce0: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00800908) cdc.ce0: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00801f68) cdc.ce0: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00802008) cdc.ce0: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00801eb8) cdc.ce0: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00802178) cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll) cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedDllNotificationCallback: load 74ef0000 LB 0x00017000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74ef0000 'C:\Windows\system32\CRYPTSP.dll' cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll) cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedDllNotificationCallback: load 74c90000 LB 0x0003b000 C:\Windows\system32\rsaenh.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74c90000 'C:\Windows\system32\rsaenh.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77170000 'C:\Windows\system32\ADVAPI32.dll' cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll) cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedDllNotificationCallback: load 75400000 LB 0x0000c000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75400000 'C:\Windows\system32\CRYPTBASE.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=758e0000 'C:\Windows\system32\kernel32.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75560000 'C:\Windows\system32\WINTRUST.DLL' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=755b0000 'C:\Windows\system32\CRYPT32.dll' cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'advapi32.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll) cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedDllNotificationCallback: load 76d10000 LB 0x0002b000 C:\Windows\system32\imagehlp.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76d10000 'C:\Windows\system32\imagehlp.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74ef0000 'C:\Windows\system32\CRYPTSP.dll' cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll) cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll) cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll) cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll) cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedDllNotificationCallback: load 77680000 LB 0x000c9000 C:\Windows\system32\USER32.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedDllNotificationCallback: load 77420000 LB 0x0004e000 C:\Windows\system32\GDI32.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedDllNotificationCallback: load 75ed0000 LB 0x0000a000 C:\Windows\system32\LPK.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedDllNotificationCallback: load 77470000 LB 0x0009d000 C:\Windows\system32\USP10.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77420000 'C:\Windows\system32\gdi32.dll' cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll) cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll) cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedDllNotificationCallback: load 76040000 LB 0x0001f000 C:\Windows\system32\IMM32.DLL [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedDllNotificationCallback: load 75810000 LB 0x000cc000 C:\Windows\system32\MSCTF.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76040000 'C:\Windows\system32\IMM32.DLL' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77680000 'C:\Windows\system32\USER32.dll' cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll) cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedDllNotificationCallback: load 75020000 LB 0x00039000 C:\Windows\system32\ncrypt.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75020000 'C:\Windows\system32\ncrypt.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75000000 'C:\Windows\system32\bcrypt.dll' cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'profapi.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll) cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll) cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedDllNotificationCallback: load 75700000 LB 0x00017000 C:\Windows\system32\USERENV.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedDllNotificationCallback: load 754f0000 LB 0x0000b000 C:\Windows\system32\profapi.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75700000 'C:\Windows\system32\USERENV.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77660000 'API-MS-Win-Security-SDDL-L1-1-0.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77660000 'API-MS-Win-Security-SDDL-L1-1-0.dll' cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll) cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedDllNotificationCallback: load 74ad0000 LB 0x00016000 C:\Windows\system32\GPAPI.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74ad0000 'C:\Windows\system32\GPAPI.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77660000 'API-MS-WIN-Service-Management-L1-1-0.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76e00000 'C:\Windows\system32\rpcrt4.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77660000 'API-MS-WIN-Service-Management-L2-1-0.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77660000 'API-MS-Win-Security-SDDL-L1-1-0.dll' cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'crypt32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'wldap32.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll) cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll) cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedDllNotificationCallback: load 718b0000 LB 0x0001c000 C:\Windows\system32\cryptnet.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedDllNotificationCallback: load 76070000 LB 0x00045000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718b0000 'C:\Windows\system32\cryptnet.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718b0000 'C:\Windows\system32\cryptnet.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718b0000 'C:\Windows\system32\cryptnet.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718b0000 'C:\Windows\system32\cryptnet.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718b0000 'C:\Windows\system32\cryptnet.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718b0000 'C:\Windows\system32\cryptnet.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718b0000 'C:\Windows\system32\cryptnet.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718b0000 'C:\Windows\system32\cryptnet.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718b0000 'C:\Windows\system32\cryptnet.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718b0000 'C:\Windows\system32\cryptnet.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718b0000 'C:\Windows\system32\cryptnet.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718b0000 'C:\Windows\system32\cryptnet.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718b0000 'C:\Windows\system32\cryptnet.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77660000 'API-MS-Win-Security-SDDL-L1-1-0.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=754f0000 'C:\Windows\system32\profapi.dll' cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll) cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedDllNotificationCallback: load 77220000 LB 0x00057000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77220000 'C:\Windows\system32\SHLWAPI.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000 pwszName=\SystemRoot\System32\ntdll.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: New context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B4DF452093FDAA7DA713F106AEAB7D31AAA8BD52 cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77660000 'API-MS-Win-Security-SDDL-L1-1-0.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77660000 'API-MS-WIN-Service-Management-L1-1-0.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77660000 'API-MS-WIN-Service-winsvc-L1-1-0.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77170000 'C:\Windows\system32\ADVAPI32.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77660000 'API-MS-Win-Security-LSALookup-L1-1-0.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77660000 'API-MS-Win-Security-LSALookup-L1-1-0.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_38_for_KB3101746~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\SystemRoot\System32\ntdll.dll' cdc.ce0: g_pfnWinVerifyTrust=7556273a cdc.ce0: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust] cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B3332A3BF9E00E9C36DC9749A20DEA999CEBDE77 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' cdc.ce0: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust] cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FD7D98679ED68B7C258E60C35F3BA425D140B9 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_39_for_KB3040272~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000378 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A97620B38393821964747185BD0CFB4FF244F0A cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000036c pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4274E678F4A09F0955B304F45CFA0547B0F86BC7 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000368 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E8D8B40354DD1B3F6FAF80893807AE138984C3EB cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_39_for_KB3040272~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000254 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BD66D8D7C0A43466AD80C34E81C083C3C69E195B cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001c0 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D9A4C90615FC5B5674208A5401C018FEA2A04A4B cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001bc pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=21925C895DA97CB66CCC5FBA910D9ABD265AA276 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001a8 pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D56F0B10DF0BBC071EC3118E6BF4B9C85E433C99 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_38_for_KB3101746~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000190 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=21CC868DE3508F5C6F6D348B324C1E8AB2969CC6 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3033889~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000018c pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB8862BB29C3F539B9BF3A9E49EBC509A515AC5C cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000188 pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43A12765C9BE008AD8F89DD9D8ADE42781F3CECF cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2957509~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000184 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5B69BB5E518E30563D5F105F9F5A9A0774CF902E cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3087039~31bf3856ad364e35~x86~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000180 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F22A2FC845420DBD44B017133D50DFF33EE6D03F cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3069392~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000017c pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=46D722AD9F66278A8EBC0D192855961CE6A21050 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000178 pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D59F877FD4F27652A01B1936874AFAF3A55572A8 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000134 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=685A12871B04F122C1C6F2AA1E429C19211FCD8F cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_38_for_KB3101746~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll' cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EFE6B29BE955FB2D869F3B57909DF90693FBBCEB cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_57_for_KB3033929~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000124 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=27AAFBF501C7D0BDB48FEA759DB4257783E5749A cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_38_for_KB3068708~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000120 pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F9B5837102D5550DADB15CDBE6874779C095378D cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_38_for_KB3080149~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000108 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F0BAB1EFD5C685AC53B020519B5A6984B19E5071 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000e8 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=50B466D5DDEDD2D1A524F20B8873F187B62AA69F cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2654428~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7068F2E1634BBD478D1FBCF4C463626913EA7285 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=75EC13F04473FD191A7C44AD9A7C2B28A625D383 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_38_for_KB3101746~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000024 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=992AF4E9EBEC265515EC875F6F2F14055D1D491D cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3063858~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000001c pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=84623A9DB7C87F822F9F509ECBD6D4DC753E6405 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3063858~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082fe9c:C:\Windows\system32 [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=755b0000 'C:\Windows\system32\crypt32.dll' cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011 cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010 cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp. cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3 cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011 cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010 cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority cdc.ce0: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA cdc.ce0: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=24 cdc.ce0: SUPR3HardenedMain: Load Runtime... cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000434 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2535224DB54945234E1A0C452639FCBB02F5F364 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'nsi.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000438 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B5C25EDD170A1CAACC3D49C508AB6F58BD6DE6E2 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082279c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll cdc.ce0: supR3HardenedDllNotificationCallback: load 6ada0000 LB 0x0040c000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll cdc.ce0: supR3HardenedDllNotificationCallback: load 6ace0000 LB 0x000bf000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll cdc.ce0: supR3HardenedDllNotificationCallback: load 6ac70000 LB 0x00069000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll cdc.ce0: supR3HardenedDllNotificationCallback: load 759c0000 LB 0x00035000 C:\Windows\system32\WS2_32.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll cdc.ce0: supR3HardenedDllNotificationCallback: load 76df0000 LB 0x00006000 C:\Windows\system32\NSI.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007e3354:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\BC45\BIN [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ada0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082fedc:C:\Windows\system32 [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75560000 'C:\Windows\system32\Wintrust.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082fedc:C:\Windows\system32 [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=755b0000 'C:\Windows\system32\crypt32.dll' cdc.ce0: SUPR3HardenedMain: Load TrustedMain... cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtcorevbox4.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtguivbox4.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000478 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0907A64D7756C59C69C1DFBD06460EC89D3A8FBD cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000458 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BCE31FDB944BBD2B4E378704B95BEA36085E5ADA cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3020338~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'gdi32.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000484 pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FAF1DA7C8C4B3B49A52A2B8999865DEDC4F50EC6 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3072633~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000494 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7E0E9506F317BDB184E9D79C726FEC46DD5C742F cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3080446~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll) WinVerifyTrust cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll) WinVerifyTrust cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004c4 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4C7570E385B8CF66CB40344231F3E0AA4189574F cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004b8 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6D0AC3B30C2D6C734EBBA3E99BF60B93FDF28E33 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004b0 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8AAE7D02045ADA954DBE714C716FEAB98D1A54F0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004d0 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B39657B6044CE5C98BB9FC443679CBDE0E6BE222 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000047c pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1C456ACB19416C5E733133B4582891146F151614 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0] cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000498 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6F6BC11030E34EE31C1BFA1892BB38C959ED836D cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3059317~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004c0 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=16BBD8EF93DEB2283AA2548BAF76579D798DC50D cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3078667~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004c8 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=07B90F6FCFF3E079727E8F6884115307C6E5BA41 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004ec pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0121BFD26E8D5A165F8B76EDF84833D970DB8D96 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3087039~31bf3856ad364e35~x86~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004f4 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EE1631BE6E86D9131380E981EC05320E6DF3FD3A cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'cfgmgr32.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004e8 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A2D26C675A9F5FB0ABA919E9F71726151CB174F1 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) WinVerifyTrust cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082279c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll cdc.ce0: supR3HardenedDllNotificationCallback: load 69ac0000 LB 0x00817000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll cdc.ce0: supR3HardenedDllNotificationCallback: load 6aba0000 LB 0x000c8000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll cdc.ce0: supR3HardenedDllNotificationCallback: load 6bce0000 LB 0x00022000 C:\Windows\system32\GLU32.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll cdc.ce0: supR3HardenedDllNotificationCallback: load 6aab0000 LB 0x000e7000 C:\Windows\system32\DDRAW.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll cdc.ce0: supR3HardenedDllNotificationCallback: load 6bcd0000 LB 0x00006000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll cdc.ce0: supR3HardenedDllNotificationCallback: load 77280000 LB 0x0019d000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll cdc.ce0: supR3HardenedDllNotificationCallback: load 75720000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll cdc.ce0: supR3HardenedDllNotificationCallback: load 75a00000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll cdc.ce0: supR3HardenedDllNotificationCallback: load 75ee0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll cdc.ce0: supR3HardenedDllNotificationCallback: load 75750000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll cdc.ce0: supR3HardenedDllNotificationCallback: load 738c0000 LB 0x00013000 C:\Windows\system32\dwmapi.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll cdc.ce0: supR3HardenedDllNotificationCallback: load 6a890000 LB 0x00218000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll cdc.ce0: supR3HardenedDllNotificationCallback: load 6bcc0000 LB 0x00007000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll cdc.ce0: supR3HardenedDllNotificationCallback: load 6a610000 LB 0x00274000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll cdc.ce0: supR3HardenedDllNotificationCallback: load 692b0000 LB 0x00810000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll cdc.ce0: supR3HardenedDllNotificationCallback: load 770f0000 LB 0x0007b000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll) cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll cdc.ce0: supR3HardenedDllNotificationCallback: load 69220000 LB 0x00084000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\COMCTL32.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll [avoiding WinVerifyTrust] cdc.ce0: supR3HardenedDllNotificationCallback: load 760c0000 LB 0x00c4b000 C:\Windows\system32\SHELL32.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll cdc.ce0: supR3HardenedDllNotificationCallback: load 70bc0000 LB 0x00032000 C:\Windows\system32\WINMM.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv cdc.ce0: supR3HardenedDllNotificationCallback: load 71260000 LB 0x00051000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll cdc.ce0: supR3HardenedDllNotificationCallback: load 69150000 LB 0x000c1000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll cdc.ce0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll' [rescheduled] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008229bc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76040000 'C:\Windows\system32\imm32.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=69ac0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll' cdc.ce0: SUPR3HardenedMain: Calling TrustedMain (69ac1040)... cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082279c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=70bc0000 'C:\Windows\system32\winmm.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000058c pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BCFB3B3EDEC8C54A3B95DACAFC19DCB9EA6969BD cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=024dec14:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll cdc.ce0: supR3HardenedDllNotificationCallback: load 73e90000 LB 0x00040000 C:\Windows\system32\uxtheme.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73e90000 'C:\Windows\system32\uxtheme.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=024dec14:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73e90000 'C:\Windows\system32\uxtheme.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=024dec14:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73e90000 'C:\Windows\system32\uxtheme.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=024dec14:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73e90000 'C:\Windows\system32\uxtheme.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082279c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=738c0000 'C:\Windows\system32\dwmapi.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082279c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75400000 'C:\Windows\system32\CRYPTBASE.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082279c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=760c0000 'C:\Windows\system32\shell32.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082279c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=758e0000 'C:\Windows\system32\kernel32.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082279c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73e90000 'C:\Windows\system32\uxtheme.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082279c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73e90000 'C:\Windows\system32\uxtheme.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0 cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082279c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77680000 'C:\Windows\system32\user32.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082279c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73e90000 'C:\Windows\system32\uxtheme.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77680000 'C:\Windows\system32\user32.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77170000 'C:\Windows\system32\advapi32.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082279c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75700000 'C:\Windows\system32\userenv.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082279c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=758e0000 'C:\Windows\system32\kernel32.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000005ec pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B560B8A95D275325C41DE5897E348BE60192127E cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) WinVerifyTrust cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082279c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll cdc.ce0: supR3HardenedDllNotificationCallback: load 75be0000 LB 0x00083000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75be0000 'C:\Windows\system32\CLBCatQ.DLL' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77170000 'C:\Windows\system32\ADVAPI32.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822934:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74ef0000 'C:\Windows\system32\CRYPTSP.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000614 pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A397FD418538BAA1CB6D18B348447E74938F66EA cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll) WinVerifyTrust cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082213c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll cdc.ce0: supR3HardenedDllNotificationCallback: load 75470000 LB 0x0000e000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75470000 'C:\Windows\system32\RpcRtRemote.dll' cdc.680: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. cdc.680: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. cdc.680: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'. cdc.680: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'. cdc.680: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. cdc.680: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. cdc.680: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'. cdc.680: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust cdc.680: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll cdc.680: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... cdc.680: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] cdc.680: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll cdc.680: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... cdc.680: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] cdc.680: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll cdc.680: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... cdc.680: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] cdc.680: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll cdc.680: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... cdc.680: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] cdc.680: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... cdc.680: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] cdc.680: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll cdc.680: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... cdc.680: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] cdc.680: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll cdc.680: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... cdc.680: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] cdc.680: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0084e2e4:C:\Program Files\Oracle\VirtualBox;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.680: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll cdc.680: supR3HardenedDllNotificationCallback: load 68cf0000 LB 0x00453000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0] cdc.680: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll cdc.680: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll' cdc.680: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll cdc.680: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=024dec14:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.680: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75a00000 'C:\Windows\system32\oleaut32.dll' cdc.680: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000670 pwszName=\Device\HarddiskVolume2\Windows\System32\sxs.dll cdc.680: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.680: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.680: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=79CE8A02BDEAE624679BB2A7290B3C61ADC51853 cdc.680: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\sxs.dll' cdc.680: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.680: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sxs.dll) WinVerifyTrust cdc.680: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sxs.dll cdc.680: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SXS.DLL (Input=SXS.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008229bc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.680: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll cdc.680: supR3HardenedDllNotificationCallback: load 75410000 LB 0x0005f000 C:\Windows\system32\SXS.DLL [fFlags=0x0] cdc.680: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll cdc.680: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75410000 'C:\Windows\system32\SXS.DLL' cdc.680: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77170000 'C:\Windows\system32\ADVAPI32.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822cec:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75a00000 'C:\Windows\system32\OLEAUT32.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77170000 'C:\Windows\system32\ADVAPI32.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0 cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822f94:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77420000 'C:\Windows\system32\gdi32.dll' cdc.a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. cdc.a80: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. cdc.a80: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxPuelMain.dll) WinVerifyTrust cdc.a80: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxPuelMain.dll cdc.a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... cdc.a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] cdc.a80: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... cdc.a80: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] cdc.a80: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008235f4:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.a80: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxPuelMain.dll cdc.a80: supR3HardenedDllNotificationCallback: load 74210000 LB 0x00006000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxPuelMain.DLL [fFlags=0x0] cdc.a80: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxPuelMain.dll cdc.a80: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74210000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxPuelMain.DLL' cdc.a80: supR3HardenedDllNotificationCallback: Unload 74210000 LB 0x00006000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxPuelMain.DLL [flags=0x0] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77680000 'C:\Windows\system32\user32.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082334c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=760c0000 'C:\Windows\system32\shell32.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008232c4:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75ee0000 'C:\Windows\system32\ole32.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822cec:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=760c0000 'C:\Windows\system32\shell32.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822cec:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=760c0000 'C:\Windows\system32\shell32.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822cec:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75ee0000 'C:\Windows\system32\ole32.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822cec:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75a00000 'C:\Windows\system32\OLEAUT32.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000ac0 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFAE9B283A50E4A3D49C9E7E37A89888A2B4A44D cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000ac8 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E79947DA232978EB549EB8D34A29D88973B71D91 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=024f1114:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll cdc.ce0: supR3HardenedDllNotificationCallback: load 6fc50000 LB 0x0000a000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll cdc.ce0: supR3HardenedDllNotificationCallback: load 6fee0000 LB 0x0005c000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6fc50000 'C:\Windows\system32\wbem\wbemprox.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000af8 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3338693857D113001E407F1B201A10C276605B11 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=024f1114:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll cdc.ce0: supR3HardenedDllNotificationCallback: load 6f9d0000 LB 0x0000f000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6f9d0000 'C:\Windows\system32\wbem\wbemsvc.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000afc pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8BC82FF6EDA44F553393099F53D4AED926C6283B cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000adc pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BD41341CF1BA6E0043138C5705ABB177F2ED6AAD cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'. cdc.ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'ws2_32.dll'. cdc.ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll) WinVerifyTrust cdc.ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=024f1114:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll cdc.ce0: supR3HardenedDllNotificationCallback: load 6fd50000 LB 0x00096000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll cdc.ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll cdc.ce0: supR3HardenedDllNotificationCallback: load 6fc60000 LB 0x00018000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6fd50000 'C:\Windows\system32\wbem\fastprox.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75a00000 'C:\Windows\system32\OLEAUT32.dll' cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008231b4:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=70bc0000 'C:\Windows\system32\WINMM.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll' [redir] cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll [redoing WinVerifyTrust] cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000504 pwszName=\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6F6BC11030E34EE31C1BFA1892BB38C959ED836D cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3059317~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll' cdc.ce0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.ce0: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll' cdc.ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=008231b4:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=69220000 'C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll' cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000bd0 pwszName=\Device\HarddiskVolume2\Windows\System32\netcfgx.dll cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EEE76D5DBE9352B9FB1F4A2B953AA4EDA6294F66 cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\netcfgx.dll' cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shlwapi.dll'. cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'. cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'. cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'slc.dll'. cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'nsi.dll'. cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'. cdc.6ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\netcfgx.dll) WinVerifyTrust cdc.6ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\netcfgx.dll cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000bc0 pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FAD8C6B06A9984F1082FA7D63E0B3AAABCA210F6 cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL' cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'. cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'. cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. cdc.6ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust cdc.6ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'slc.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'slc.dll' -> '\Device\HarddiskVolume2\Windows\System32\slc.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000bb8 pwszName=\Device\HarddiskVolume2\Windows\System32\slc.dll cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D781A9E895276B15847254BB08F9D70D6E21E60A cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\slc.dll' cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.6ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\slc.dll) WinVerifyTrust cdc.6ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\slc.dll cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000bc4 pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83FA279A149B092654B141C0063E129F0A8FF628 cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll' cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'. cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'. cdc.6ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust cdc.6ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\netcfgx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=027e2cf4:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.6ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netcfgx.dll cdc.6ac: supR3HardenedDllNotificationCallback: load 6fbd0000 LB 0x00067000 C:\Windows\system32\netcfgx.dll [fFlags=0x0] cdc.6ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netcfgx.dll cdc.6ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\slc.dll cdc.6ac: supR3HardenedDllNotificationCallback: load 73e10000 LB 0x0000a000 C:\Windows\system32\slc.dll [fFlags=0x0] cdc.6ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\slc.dll cdc.6ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL cdc.6ac: supR3HardenedDllNotificationCallback: load 74a70000 LB 0x0001c000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0] cdc.6ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL cdc.6ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll cdc.6ac: supR3HardenedDllNotificationCallback: load 74a60000 LB 0x00007000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0] cdc.6ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll cdc.6ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6fbd0000 'C:\Windows\system32\netcfgx.dll' cdc.6ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll cdc.6ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008230a4:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.6ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77280000 'C:\Windows\system32\SETUPAPI.dll' cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. cdc.6ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll) cdc.6ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll cdc.6ac: supR3HardenedDllNotificationCallback: load 74c70000 LB 0x0000e000 C:\Windows\system32\devrtl.DLL [fFlags=0x0] cdc.6ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [avoiding WinVerifyTrust] cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000c10 pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008b7ba0 cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008b7ba0 cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CD89866352298A7134AB5603177CD257C074D584 cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll' cdc.6ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) cdc.6ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll' cdc.6ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.dll (Input=WINTRUST.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008230a4:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.6ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75560000 'C:\Windows\system32\WINTRUST.dll' cdc.88c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. cdc.88c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. cdc.88c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. cdc.88c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. cdc.88c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust cdc.88c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll cdc.88c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... cdc.88c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] cdc.88c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... cdc.88c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] cdc.88c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... cdc.88c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] cdc.88c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll cdc.88c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... cdc.88c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] cdc.88c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822f94:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.88c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll cdc.88c: supR3HardenedDllNotificationCallback: load 6c040000 LB 0x00009000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0] cdc.88c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll cdc.88c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6c040000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL' cdc.88c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77680000 'C:\Windows\system32\User32.dll' cdc.db8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. cdc.db8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. cdc.db8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. cdc.db8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust cdc.db8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll cdc.db8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... cdc.db8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] cdc.db8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... cdc.db8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] cdc.db8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll cdc.db8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... cdc.db8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] cdc.db8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822f94:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.db8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll cdc.db8: supR3HardenedDllNotificationCallback: load 6c030000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0] cdc.db8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll cdc.db8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6c030000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL' cdc.2ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. cdc.2ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. cdc.2ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. cdc.2ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust cdc.2ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll cdc.2ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... cdc.2ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] cdc.2ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... cdc.2ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] cdc.2ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll cdc.2ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... cdc.2ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] cdc.2ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822f94:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.2ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll cdc.2ac: supR3HardenedDllNotificationCallback: load 6c020000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0] cdc.2ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll cdc.2ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6c020000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL' cdc.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. cdc.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. cdc.338: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. cdc.338: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust cdc.338: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll cdc.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... cdc.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] cdc.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... cdc.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] cdc.338: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... cdc.338: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] cdc.338: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822f94:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.338: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll cdc.338: supR3HardenedDllNotificationCallback: load 6c010000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0] cdc.338: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll cdc.338: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6c010000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL' cdc.6ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll cdc.6ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822f94:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.6ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=760c0000 'C:\Windows\system32\Shell32.dll' cdc.6ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75ee0000 'C:\Windows\system32\ole32.dll' cdc.6ac: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00822f94:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.6ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77660000 'API-MS-Win-Security-SDDL-L1-1-0.dll' cdc.6ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll cdc.6ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822f94:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.6ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=754f0000 'C:\Windows\system32\profapi.dll' cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'. cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'. cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'. cdc.6ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM32.dll) WinVerifyTrust cdc.6ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM32.dll cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxREM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822f94:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.6ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM32.dll cdc.6ac: supR3HardenedDllNotificationCallback: load 6bf20000 LB 0x000e3000 C:\Program Files\Oracle\VirtualBox\VBoxREM32.DLL [fFlags=0x0] cdc.6ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM32.dll cdc.6ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6bf20000 'C:\Program Files\Oracle\VirtualBox\VBoxREM32.DLL' cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'. cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'. cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'. cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'. cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'. cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'. cdc.6ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust cdc.6ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. cdc.6ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust cdc.6ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'. cdc.6ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. cdc.6ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust cdc.6ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... cdc.6ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] cdc.6ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822f94:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.6ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll cdc.6ac: supR3HardenedDllNotificationCallback: load 68470000 LB 0x00850000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0] cdc.6ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll cdc.6ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll cdc.6ac: supR3HardenedDllNotificationCallback: load 6a5c0000 LB 0x00049000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0] cdc.6ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll cdc.6ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll cdc.6ac: supR3HardenedDllNotificationCallback: load 6bee0000 LB 0x00032000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0] cdc.6ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll cdc.6ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68470000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL' cdc.6ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll cdc.6ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822f94:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.6ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL' cdc.6ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll cdc.6ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822f94:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.6ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6bee0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL' cdc.840: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. cdc.840: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. cdc.840: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. cdc.840: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust cdc.840: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll cdc.840: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... cdc.840: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] cdc.840: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... cdc.840: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] cdc.840: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... cdc.840: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] cdc.840: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00822f94:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] cdc.840: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll cdc.840: supR3HardenedDllNotificationCallback: load 6bed0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0] cdc.840: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll cdc.840: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6bed0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL' cdc.d6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75a00000 'C:\Windows\system32\OLEAUT32.dll' cdc.cec: supR3HardenedDllNotificationCallback: Unload 6fbd0000 LB 0x00067000 C:\Windows\system32\netcfgx.dll [flags=0x0] cdc.cec: supR3HardenedDllNotificationCallback: Unload 73e10000 LB 0x0000a000 C:\Windows\system32\slc.dll [flags=0x0] cdc.ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77680000 'C:\Windows\system32\user32.dll'