14f4.d24: Log file opened: 5.2.8r121009 g_hStartupLog=00000010 g_uNtVerCombined=0x60177220 14f4.d24: \SystemRoot\System32\ntdll.dll: 14f4.d24: CreationTime: 2018-03-27T20:09:37.799125200Z 14f4.d24: LastWriteTime: 2010-10-15T13:48:59.897528200Z 14f4.d24: ChangeTime: 2018-03-28T15:58:42.801153500Z 14f4.d24: FileAttributes: 0x20 14f4.d24: Size: 0x126358 14f4.d24: NT Headers: 0xd0 14f4.d24: Timestamp: 0x4cb73436 14f4.d24: Machine: 0x14c - i386 14f4.d24: Timestamp: 0x4cb73436 14f4.d24: Image Version: 6.0 14f4.d24: SizeOfImage: 0x128000 (1212416) 14f4.d24: Resource Dir: 0xd0000 LB 0x52be0 14f4.d24: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 14f4.d24: [Raw version resource data: 0xd00f0 LB 0x380, codepage 0x0 (reserved 0x0)] 14f4.d24: ProductName: Microsoft® Windows® Operating System 14f4.d24: ProductVersion: 6.0.6002.18327 14f4.d24: FileVersion: 6.0.6002.18327 (vistasp2_gdr.101014-0432) 14f4.d24: FileDescription: NT Layer DLL 14f4.d24: \SystemRoot\System32\kernel32.dll: 14f4.d24: CreationTime: 2018-03-27T19:18:05.897525200Z 14f4.d24: LastWriteTime: 2011-04-12T16:07:38.431000000Z 14f4.d24: ChangeTime: 2018-03-28T15:59:19.258353500Z 14f4.d24: FileAttributes: 0x20 14f4.d24: Size: 0xd9e00 14f4.d24: NT Headers: 0xe8 14f4.d24: Timestamp: 0x4da47967 14f4.d24: Machine: 0x14c - i386 14f4.d24: Timestamp: 0x4da47967 14f4.d24: Image Version: 6.0 14f4.d24: SizeOfImage: 0xdc000 (901120) 14f4.d24: Resource Dir: 0xd1000 LB 0x528 14f4.d24: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 14f4.d24: [Raw version resource data: 0xd10b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 14f4.d24: ProductName: Microsoft® Windows® Operating System 14f4.d24: ProductVersion: 6.0.6002.18449 14f4.d24: FileVersion: 6.0.6002.18449 (vistasp2_gdr.110412-0338) 14f4.d24: FileDescription: Windows NT BASE API Client DLL 14f4.d24: NtOpenDirectoryObject failed on \Driver: 0xc0000022 14f4.d24: supR3HardenedWinFindAdversaries: 0x20 14f4.d24: \SystemRoot\System32\drivers\mfeavfk.sys: 14f4.d24: CreationTime: 2008-07-01T15:09:15.112880500Z 14f4.d24: LastWriteTime: 2007-07-24T06:40:36.000000000Z 14f4.d24: ChangeTime: 2018-03-18T08:37:35.446403500Z 14f4.d24: FileAttributes: 0x20 14f4.d24: Size: 0x135c8 14f4.d24: NT Headers: 0xf0 14f4.d24: Timestamp: 0x469baed6 14f4.d24: Machine: 0x14c - i386 14f4.d24: Timestamp: 0x469baed6 14f4.d24: Image Version: 0.0 14f4.d24: SizeOfImage: 0x11b80 (72576) 14f4.d24: Resource Dir: 0x10ca0 LB 0x388 14f4.d24: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 14f4.d24: [Raw version resource data: 0x10d00 LB 0x328, codepage 0x0 (reserved 0x0)] 14f4.d24: ProductName: SYSCORE.14.0.0.284.x86 14f4.d24: FileVersion: SYSCORE.14.0.0.284.x86 14f4.d24: PrivateBuild: SYSCORE.14.0.0.284.x86 F15,F16,F19 14f4.d24: FileDescription: Anti-Virus File System Filter Driver 14f4.d24: \SystemRoot\System32\drivers\mfehidk.sys: 14f4.d24: CreationTime: 2008-07-01T15:09:14.956880500Z 14f4.d24: LastWriteTime: 2007-07-21T08:08:24.000000000Z 14f4.d24: ChangeTime: 2018-03-18T08:37:35.446403500Z 14f4.d24: FileAttributes: 0x20 14f4.d24: Size: 0x31248 14f4.d24: NT Headers: 0xf8 14f4.d24: Timestamp: 0x469bae34 14f4.d24: Machine: 0x14c - i386 14f4.d24: Timestamp: 0x469bae34 14f4.d24: Image Version: 0.0 14f4.d24: SizeOfImage: 0x2f800 (194560) 14f4.d24: Resource Dir: 0x2c980 LB 0x398 14f4.d24: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 14f4.d24: [Raw version resource data: 0x2c9e0 LB 0x338, codepage 0x0 (reserved 0x0)] 14f4.d24: ProductName: SYSCORE.14.0.0.284.x86 14f4.d24: FileVersion: SYSCORE.14.0.0.284.x86 14f4.d24: PrivateBuild: SYSCORE.14.0.0.284.x86 F14,F15,F16,F18,F20 14f4.d24: FileDescription: Host Intrusion Detection Link Driver 14f4.d24: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 14f4.d24: Calling main() 14f4.d24: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 14f4.d24: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 14f4.d24: SUPR3HardenedMain: Respawn #1 14f4.d24: System32: \Device\HarddiskVolume2\Windows\System32 14f4.d24: WinSxS: \Device\HarddiskVolume2\Windows\winsxs 14f4.d24: KnownDllPath: C:\Windows\system32 14f4.d24: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 14f4.d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 14f4.d24: supR3HardNtEnableThreadCreation: 14f4.d24: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77331500 pvNtTerminateThread=77355354 14f4.d24: supR3HardenedWinDoReSpawn(1): New child 12ec.17fc [kernel32]. 14f4.d24: supR3HardNtChildGatherData: PebBaseAddress=7ffd4000 cbPeb=0x38 14f4.d24: supR3HardNtPuChFindNtdll: uNtDllParentAddr=772f0000 uNtDllChildAddr=772f0000 14f4.d24: supR3HardenedWinSetupChildInit: uLdrInitThunk=77331500 14f4.d24: supR3HardenedWinSetupChildInit: Start child. 14f4.d24: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms. 14f4.d24: supR3HardNtChildPurify: Startup delay kludge #1/0: 570 ms, 0 sleeps 14f4.d24: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 14f4.d24: *00000000-0000ffff 0x0001/0x0000 0x0000000 14f4.d24: *00010000-0002ffff 0x0004/0x0004 0x0020000 14f4.d24: *00030000-00033fff 0x0002/0x0002 0x0040000 14f4.d24: 00034000-0019ffff 0x0001/0x0000 0x0000000 14f4.d24: *001a0000-0029cfff 0x0000/0x0004 0x0020000 14f4.d24: 0029d000-0029dfff 0x0104/0x0004 0x0020000 14f4.d24: 0029e000-0029ffff 0x0004/0x0004 0x0020000 14f4.d24: 002a0000-0139ffff 0x0001/0x0000 0x0000000 14f4.d24: *013a0000-013a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 14f4.d24: 013a1000-01406fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 14f4.d24: 01407000-01407fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 14f4.d24: 01408000-01441fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 14f4.d24: 01442000-01442fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 14f4.d24: 01443000-01443fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 14f4.d24: 01444000-01444fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 14f4.d24: 01445000-01445fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 14f4.d24: 01446000-0144afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 14f4.d24: 0144b000-0144dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 14f4.d24: 0144e000-01491fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 14f4.d24: 01492000-772effff 0x0001/0x0000 0x0000000 14f4.d24: *772f0000-772f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 14f4.d24: 772f1000-773b4fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 14f4.d24: 773b5000-773bffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 14f4.d24: 773c0000-77417fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 14f4.d24: 77418000-7ffaffff 0x0001/0x0000 0x0000000 14f4.d24: *7ffb0000-7ffd2fff 0x0002/0x0002 0x0040000 14f4.d24: 7ffd3000-7ffd3fff 0x0001/0x0000 0x0000000 14f4.d24: *7ffd4000-7ffd4fff 0x0004/0x0004 0x0020000 14f4.d24: 7ffd5000-7ffdefff 0x0001/0x0000 0x0000000 14f4.d24: *7ffdf000-7ffdffff 0x0004/0x0004 0x0020000 14f4.d24: *7ffe0000-7ffe0fff 0x0002/0x0002 0x0020000 14f4.d24: 7ffe1000-7ffeffff 0x0001/0x0002 0x0020000 14f4.d24: VirtualBox.exe: timestamp 0x5a942d7e (rc=VINF_SUCCESS) 14f4.d24: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 14f4.d24: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 14f4.d24: supR3HardNtChildPurify: Done after 662 ms and 0 fixes (loop #0). 12ec.17fc: Log file opened: 5.2.8r121009 g_hStartupLog=00000004 g_uNtVerCombined=0x60177200 12ec.17fc: supR3HardenedVmProcessInit: uNtDllAddr=772f0000 g_uNtVerCombined=0x60177200 14f4.d24: supR3HardNtEnableThreadCreation: 12ec.17fc: ntdll.dll: timestamp 0x4cb73436 (rc=VINF_SUCCESS) 12ec.17fc: New simple heap: #1 002a0000 LB 0x400000 (for 1212416 allocation) 12ec.17fc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 12ec.17fc: System32: \Device\HarddiskVolume2\Windows\System32 12ec.17fc: WinSxS: \Device\HarddiskVolume2\Windows\winsxs 12ec.17fc: KnownDllPath: C:\Windows\system32 12ec.17fc: supR3HardenedVmProcessInit: Opening vboxdrv stub... 12ec.17fc: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 12ec.17fc: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 12ec.17fc: Registered Dll notification callback with NTDLL. 12ec.17fc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) 12ec.17fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll 12ec.17fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000: [calling] 12ec.17fc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 12ec.17fc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 12ec.17fc: supR3HardenedDllNotificationCallback: load 76010000 LB 0x000dc000 C:\Windows\system32\kernel32.dll [fFlags=0x0] 12ec.17fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 12ec.17fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76010000 'C:\Windows\system32\kernel32.dll' 12ec.17fc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77331500 pvNtTerminateThread=77355354 14f4.d24: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 48 ms. 12ec.17fc: \SystemRoot\System32\ntdll.dll: 12ec.17fc: CreationTime: 2018-03-27T20:09:37.799125200Z 12ec.17fc: LastWriteTime: 2010-10-15T13:48:59.897528200Z 12ec.17fc: ChangeTime: 2018-03-28T15:58:42.801153500Z 12ec.17fc: FileAttributes: 0x20 12ec.17fc: Size: 0x126358 12ec.17fc: NT Headers: 0xd0 12ec.17fc: Timestamp: 0x4cb73436 12ec.17fc: Machine: 0x14c - i386 12ec.17fc: Timestamp: 0x4cb73436 12ec.17fc: Image Version: 6.0 12ec.17fc: SizeOfImage: 0x128000 (1212416) 12ec.17fc: Resource Dir: 0xd0000 LB 0x52be0 12ec.17fc: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 12ec.17fc: [Raw version resource data: 0xd00f0 LB 0x380, codepage 0x0 (reserved 0x0)] 12ec.17fc: ProductName: Microsoft® Windows® Operating System 12ec.17fc: ProductVersion: 6.0.6002.18327 12ec.17fc: FileVersion: 6.0.6002.18327 (vistasp2_gdr.101014-0432) 12ec.17fc: FileDescription: NT Layer DLL 12ec.17fc: \SystemRoot\System32\kernel32.dll: 12ec.17fc: CreationTime: 2018-03-27T19:18:05.897525200Z 12ec.17fc: LastWriteTime: 2011-04-12T16:07:38.431000000Z 12ec.17fc: ChangeTime: 2018-03-28T15:59:19.258353500Z 12ec.17fc: FileAttributes: 0x20 12ec.17fc: Size: 0xd9e00 12ec.17fc: NT Headers: 0xe8 12ec.17fc: Timestamp: 0x4da47967 12ec.17fc: Machine: 0x14c - i386 12ec.17fc: Timestamp: 0x4da47967 12ec.17fc: Image Version: 6.0 12ec.17fc: SizeOfImage: 0xdc000 (901120) 12ec.17fc: Resource Dir: 0xd1000 LB 0x528 12ec.17fc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 12ec.17fc: [Raw version resource data: 0xd10b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 12ec.17fc: ProductName: Microsoft® Windows® Operating System 12ec.17fc: ProductVersion: 6.0.6002.18449 12ec.17fc: FileVersion: 6.0.6002.18449 (vistasp2_gdr.110412-0338) 12ec.17fc: FileDescription: Windows NT BASE API Client DLL 12ec.17fc: NtOpenDirectoryObject failed on \Driver: 0xc0000022 12ec.17fc: supR3HardenedWinFindAdversaries: 0x20 12ec.17fc: \SystemRoot\System32\drivers\mfeavfk.sys: 12ec.17fc: CreationTime: 2008-07-01T15:09:15.112880500Z 12ec.17fc: LastWriteTime: 2007-07-24T06:40:36.000000000Z 12ec.17fc: ChangeTime: 2018-03-18T08:37:35.446403500Z 12ec.17fc: FileAttributes: 0x20 12ec.17fc: Size: 0x135c8 12ec.17fc: NT Headers: 0xf0 12ec.17fc: Timestamp: 0x469baed6 12ec.17fc: Machine: 0x14c - i386 12ec.17fc: Timestamp: 0x469baed6 12ec.17fc: Image Version: 0.0 12ec.17fc: SizeOfImage: 0x11b80 (72576) 12ec.17fc: Resource Dir: 0x10ca0 LB 0x388 12ec.17fc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 12ec.17fc: [Raw version resource data: 0x10d00 LB 0x328, codepage 0x0 (reserved 0x0)] 12ec.17fc: ProductName: SYSCORE.14.0.0.284.x86 12ec.17fc: FileVersion: SYSCORE.14.0.0.284.x86 12ec.17fc: PrivateBuild: SYSCORE.14.0.0.284.x86 F15,F16,F19 12ec.17fc: FileDescription: Anti-Virus File System Filter Driver 12ec.17fc: \SystemRoot\System32\drivers\mfehidk.sys: 12ec.17fc: CreationTime: 2008-07-01T15:09:14.956880500Z 12ec.17fc: LastWriteTime: 2007-07-21T08:08:24.000000000Z 12ec.17fc: ChangeTime: 2018-03-18T08:37:35.446403500Z 12ec.17fc: FileAttributes: 0x20 12ec.17fc: Size: 0x31248 12ec.17fc: NT Headers: 0xf8 12ec.17fc: Timestamp: 0x469bae34 12ec.17fc: Machine: 0x14c - i386 12ec.17fc: Timestamp: 0x469bae34 12ec.17fc: Image Version: 0.0 12ec.17fc: SizeOfImage: 0x2f800 (194560) 12ec.17fc: Resource Dir: 0x2c980 LB 0x398 12ec.17fc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 12ec.17fc: [Raw version resource data: 0x2c9e0 LB 0x338, codepage 0x0 (reserved 0x0)] 12ec.17fc: ProductName: SYSCORE.14.0.0.284.x86 12ec.17fc: FileVersion: SYSCORE.14.0.0.284.x86 12ec.17fc: PrivateBuild: SYSCORE.14.0.0.284.x86 F14,F15,F16,F18,F20 12ec.17fc: FileDescription: Host Intrusion Detection Link Driver 12ec.17fc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 12ec.17fc: Calling main() 12ec.17fc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 12ec.17fc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 12ec.17fc: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 12ec.17fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 12ec.17fc: SUPR3HardenedMain: Respawn #2 12ec.17fc: supR3HardNtEnableThreadCreation: 12ec.17fc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll) 12ec.17fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll 12ec.17fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000: [calling] 12ec.17fc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 12ec.17fc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 12ec.17fc: supR3HardenedDllNotificationCallback: load 757a0000 LB 0x0002c000 C:\Windows\system32\apphelp.dll [fFlags=0x0] 12ec.17fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 12ec.17fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=757a0000 'C:\Windows\system32\apphelp.dll' 12ec.17fc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77331500 pvNtTerminateThread=77355354 12ec.17fc: supR3HardenedWinDoReSpawn(2): New child 14c.1510 [kernel32]. 12ec.17fc: supR3HardNtChildGatherData: PebBaseAddress=7ffd8000 cbPeb=0x38 12ec.17fc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=772f0000 uNtDllChildAddr=772f0000 12ec.17fc: supR3HardenedWinSetupChildInit: uLdrInitThunk=77331500 12ec.17fc: supR3HardenedWinSetupChildInit: Start child. 12ec.17fc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 34 ms. 12ec.17fc: supR3HardNtChildPurify: Startup delay kludge #1/0: 514 ms, 0 sleeps 12ec.17fc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 12ec.17fc: *00000000-0000ffff 0x0001/0x0000 0x0000000 12ec.17fc: *00010000-0002ffff 0x0004/0x0004 0x0020000 12ec.17fc: *00030000-00033fff 0x0002/0x0002 0x0040000 12ec.17fc: 00034000-000dffff 0x0001/0x0000 0x0000000 12ec.17fc: *000e0000-001dcfff 0x0000/0x0004 0x0020000 12ec.17fc: 001dd000-001ddfff 0x0104/0x0004 0x0020000 12ec.17fc: 001de000-001dffff 0x0004/0x0004 0x0020000 12ec.17fc: 001e0000-0139ffff 0x0001/0x0000 0x0000000 12ec.17fc: *013a0000-013a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 12ec.17fc: 013a1000-01406fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 12ec.17fc: 01407000-01407fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 12ec.17fc: 01408000-01441fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 12ec.17fc: 01442000-01442fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 12ec.17fc: 01443000-01443fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 12ec.17fc: 01444000-01444fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 12ec.17fc: 01445000-01445fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 12ec.17fc: 01446000-0144afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 12ec.17fc: 0144b000-0144dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 12ec.17fc: 0144e000-01491fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 12ec.17fc: 01492000-772effff 0x0001/0x0000 0x0000000 12ec.17fc: *772f0000-772f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 12ec.17fc: 772f1000-773b4fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 12ec.17fc: 773b5000-773bffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 12ec.17fc: 773c0000-77417fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 12ec.17fc: 77418000-7ffaffff 0x0001/0x0000 0x0000000 12ec.17fc: *7ffb0000-7ffd2fff 0x0002/0x0002 0x0040000 12ec.17fc: 7ffd3000-7ffd7fff 0x0001/0x0000 0x0000000 12ec.17fc: *7ffd8000-7ffd8fff 0x0004/0x0004 0x0020000 12ec.17fc: 7ffd9000-7ffdefff 0x0001/0x0000 0x0000000 12ec.17fc: *7ffdf000-7ffdffff 0x0004/0x0004 0x0020000 12ec.17fc: *7ffe0000-7ffe0fff 0x0002/0x0002 0x0020000 12ec.17fc: 7ffe1000-7ffeffff 0x0001/0x0002 0x0020000 12ec.17fc: VirtualBox.exe: timestamp 0x5a942d7e (rc=VINF_SUCCESS) 12ec.17fc: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 12ec.17fc: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 12ec.17fc: supR3HardNtChildPurify: Done after 559 ms and 0 fixes (loop #0). 12ec.17fc: supR3HardenedEarlyCompact: Removed heap 1 (0x2a0000 LB 0x400000) 12ec.17fc: supR3HardNtEnableThreadCreation: 14c.1510: Log file opened: 5.2.8r121009 g_hStartupLog=00000004 g_uNtVerCombined=0x60177200 14c.1510: supR3HardenedVmProcessInit: uNtDllAddr=772f0000 g_uNtVerCombined=0x60177200 14c.1510: ntdll.dll: timestamp 0x4cb73436 (rc=VINF_SUCCESS) 14c.1510: New simple heap: #1 002e0000 LB 0x400000 (for 1212416 allocation) 14c.1510: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 14c.1510: System32: \Device\HarddiskVolume2\Windows\System32 14c.1510: WinSxS: \Device\HarddiskVolume2\Windows\winsxs 14c.1510: KnownDllPath: C:\Windows\system32 14c.1510: supR3HardenedVmProcessInit: Opening vboxdrv... 14c.1510: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 14c.1510: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 14c.1510: Registered Dll notification callback with NTDLL. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000: [calling] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 76010000 LB 0x000dc000 C:\Windows\system32\kernel32.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76010000 'C:\Windows\system32\kernel32.dll' 14c.1510: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77331500 pvNtTerminateThread=77355354 12ec.17fc: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 112 ms. 14c.1510: \SystemRoot\System32\ntdll.dll: 14c.1510: CreationTime: 2018-03-27T20:09:37.799125200Z 14c.1510: LastWriteTime: 2010-10-15T13:48:59.897528200Z 14c.1510: ChangeTime: 2018-03-28T15:58:42.801153500Z 14c.1510: FileAttributes: 0x20 14c.1510: Size: 0x126358 14c.1510: NT Headers: 0xd0 14c.1510: Timestamp: 0x4cb73436 14c.1510: Machine: 0x14c - i386 14c.1510: Timestamp: 0x4cb73436 14c.1510: Image Version: 6.0 14c.1510: SizeOfImage: 0x128000 (1212416) 14c.1510: Resource Dir: 0xd0000 LB 0x52be0 14c.1510: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 14c.1510: [Raw version resource data: 0xd00f0 LB 0x380, codepage 0x0 (reserved 0x0)] 14c.1510: ProductName: Microsoft® Windows® Operating System 14c.1510: ProductVersion: 6.0.6002.18327 14c.1510: FileVersion: 6.0.6002.18327 (vistasp2_gdr.101014-0432) 14c.1510: FileDescription: NT Layer DLL 14c.1510: \SystemRoot\System32\kernel32.dll: 14c.1510: CreationTime: 2018-03-27T19:18:05.897525200Z 14c.1510: LastWriteTime: 2011-04-12T16:07:38.431000000Z 14c.1510: ChangeTime: 2018-03-28T15:59:19.258353500Z 14c.1510: FileAttributes: 0x20 14c.1510: Size: 0xd9e00 14c.1510: NT Headers: 0xe8 14c.1510: Timestamp: 0x4da47967 14c.1510: Machine: 0x14c - i386 14c.1510: Timestamp: 0x4da47967 14c.1510: Image Version: 6.0 14c.1510: SizeOfImage: 0xdc000 (901120) 14c.1510: Resource Dir: 0xd1000 LB 0x528 14c.1510: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 14c.1510: [Raw version resource data: 0xd10b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 14c.1510: ProductName: Microsoft® Windows® Operating System 14c.1510: ProductVersion: 6.0.6002.18449 14c.1510: FileVersion: 6.0.6002.18449 (vistasp2_gdr.110412-0338) 14c.1510: FileDescription: Windows NT BASE API Client DLL 14c.1510: NtOpenDirectoryObject failed on \Driver: 0xc0000022 14c.1510: supR3HardenedWinFindAdversaries: 0x20 14c.1510: \SystemRoot\System32\drivers\mfeavfk.sys: 14c.1510: CreationTime: 2008-07-01T15:09:15.112880500Z 14c.1510: LastWriteTime: 2007-07-24T06:40:36.000000000Z 14c.1510: ChangeTime: 2018-03-18T08:37:35.446403500Z 14c.1510: FileAttributes: 0x20 14c.1510: Size: 0x135c8 14c.1510: NT Headers: 0xf0 14c.1510: Timestamp: 0x469baed6 14c.1510: Machine: 0x14c - i386 14c.1510: Timestamp: 0x469baed6 14c.1510: Image Version: 0.0 14c.1510: SizeOfImage: 0x11b80 (72576) 14c.1510: Resource Dir: 0x10ca0 LB 0x388 14c.1510: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 14c.1510: [Raw version resource data: 0x10d00 LB 0x328, codepage 0x0 (reserved 0x0)] 14c.1510: ProductName: SYSCORE.14.0.0.284.x86 14c.1510: FileVersion: SYSCORE.14.0.0.284.x86 14c.1510: PrivateBuild: SYSCORE.14.0.0.284.x86 F15,F16,F19 14c.1510: FileDescription: Anti-Virus File System Filter Driver 14c.1510: \SystemRoot\System32\drivers\mfehidk.sys: 14c.1510: CreationTime: 2008-07-01T15:09:14.956880500Z 14c.1510: LastWriteTime: 2007-07-21T08:08:24.000000000Z 14c.1510: ChangeTime: 2018-03-18T08:37:35.446403500Z 14c.1510: FileAttributes: 0x20 14c.1510: Size: 0x31248 14c.1510: NT Headers: 0xf8 14c.1510: Timestamp: 0x469bae34 14c.1510: Machine: 0x14c - i386 14c.1510: Timestamp: 0x469bae34 14c.1510: Image Version: 0.0 14c.1510: SizeOfImage: 0x2f800 (194560) 14c.1510: Resource Dir: 0x2c980 LB 0x398 14c.1510: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 14c.1510: [Raw version resource data: 0x2c9e0 LB 0x338, codepage 0x0 (reserved 0x0)] 14c.1510: ProductName: SYSCORE.14.0.0.284.x86 14c.1510: FileVersion: SYSCORE.14.0.0.284.x86 14c.1510: PrivateBuild: SYSCORE.14.0.0.284.x86 F14,F15,F16,F18,F20 14c.1510: FileDescription: Host Intrusion Detection Link Driver 14c.1510: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 14c.1510: Calling main() 14c.1510: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 14c.1510: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 14c.1510: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 14c.1510: SUPR3HardenedMain: Final process, opening VBoxDrv... 14c.1510: supR3HardenedEarlyCompact: Removed heap 1 (0x2e0000 LB 0x400000) 14c.1510: supR3HardNtEnableThreadCreation: 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d2538:C:\Windows\system32 [calling] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 73350000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d2790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73350000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d2790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73350000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73350000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'crypt32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msasn1.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'imagehlp.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imagehlp.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'imagehlp.dll' -> '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'userenv.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume2\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'secur32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'secur32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'secur32.dll' -> '\Device\HarddiskVolume2\Windows\System32\secur32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\secur32.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\secur32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d2538:C:\Windows\system32 [calling] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 74ab0000 LB 0x0002d000 C:\Windows\system32\Wintrust.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 75ae0000 LB 0x000aa000 C:\Windows\system32\msvcrt.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 75520000 LB 0x000f2000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 75c20000 LB 0x000c6000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 765b0000 LB 0x000c3000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 76730000 LB 0x0009d000 C:\Windows\system32\USER32.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 75e00000 LB 0x0004b000 C:\Windows\system32\GDI32.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 75310000 LB 0x00012000 C:\Windows\system32\MSASN1.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 75870000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\secur32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 75850000 LB 0x00014000 C:\Windows\system32\Secur32.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\secur32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 77430000 LB 0x00029000 C:\Windows\system32\imagehlp.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msctf.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'imm32.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d2ba0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 764c0000 LB 0x0001e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 77480000 LB 0x000c8000 C:\Windows\system32\MSCTF.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=764c0000 'C:\Windows\system32\IMM32.DLL' 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'usp10.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\LPK.DLL (Input=LPK.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007ea560:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 77420000 LB 0x00009000 C:\Windows\system32\LPK.DLL [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 764e0000 LB 0x0007d000 C:\Windows\system32\USP10.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007ea770:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75e00000 'C:\Windows\system32\gdi32.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77420000 'C:\Windows\system32\LPK.DLL' 14c.1510: \Device\HarddiskVolume2\Program Files\Google\Google Desktop Search\GOEC62~1.DLL: Owner is administrators group. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Program Files\Google\Google Desktop Search\GOEC62~1.DLL) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Google\Google Desktop Search\GOEC62~1.DLL 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007eafe8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Program Files\Google\Google Desktop Search\GOEC62~1.DLL [lacks WinVerifyTrust] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Program Files\Google\Google Desktop Search\GOEC62~1.DLL [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 48000000 LB 0x0001f000 C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Program Files\Google\Google Desktop Search\GOEC62~1.DLL [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 76680000 LB 0x0002d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 77470000 LB 0x00006000 C:\Windows\system32\NSI.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d2b90:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=765b0000 'C:\Windows\system32\rpcrt4.dll' 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'wldap32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'samlib.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ntmarta.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntmarta.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'samlib.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'samlib.dll' -> '\Device\HarddiskVolume2\Windows\System32\samlib.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\samlib.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\samlib.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'psapi.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008] 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\psapi.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\psapi.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\NTMARTA.DLL (Input=NTMARTA.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007ecb58:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ntmarta.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ntmarta.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 75820000 LB 0x00021000 C:\Windows\system32\NTMARTA.DLL [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ntmarta.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 76560000 LB 0x00049000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 759b0000 LB 0x00007000 C:\Windows\system32\PSAPI.DLL [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\psapi.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\samlib.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 75800000 LB 0x00011000 C:\Windows\system32\SAMLIB.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\samlib.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 762e0000 LB 0x00145000 C:\Windows\system32\ole32.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ole32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75820000 'C:\Windows\system32\NTMARTA.DLL' 14c.1510: supR3HardenedDllNotificationCallback: Unload 48000000 LB 0x0001f000 C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL [flags=0x0] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000142 'C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007f36c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75520000 'C:\Windows\system32\CRYPT32.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007f3ec0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75520000 'C:\Windows\system32\CRYPT32.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007f3ec0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75520000 'C:\Windows\system32\CRYPT32.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007f3ec0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75520000 'C:\Windows\system32\CRYPT32.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007f3ec0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75520000 'C:\Windows\system32\CRYPT32.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007f3ec0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75520000 'C:\Windows\system32\CRYPT32.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75520000 'C:\Windows\system32\CRYPT32.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74ab0000 'C:\Windows\system32\Wintrust.dll' 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007f5560:C:\Windows\system32 [calling] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 752c0000 LB 0x00045000 C:\Windows\system32\bcrypt.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=752c0000 'C:\Windows\system32\bcrypt.dll' 14c.1510: bcrypt.dll loaded at 752c0000, BCryptOpenAlgorithmProvider at 752c3e82, preloading providers: 14c.1510: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=007f66e8) 14c.1510: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=007f6788) 14c.1510: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=007f6828) 14c.1510: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=007f68c8) 14c.1510: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=007f6a08) 14c.1510: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=007f6aa8) 14c.1510: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=007f6968) 14c.1510: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=007f6c08) 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (Input=rsaenh.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007f6dc0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 74ba0000 LB 0x0003b000 C:\Windows\system32\rsaenh.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74ba0000 'C:\Windows\system32\rsaenh.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\psapi.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\psapi.dll (Input=psapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007fedd8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=759b0000 'C:\Windows\system32\psapi.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75c20000 'C:\Windows\system32\advapi32.dll' 14c.1510: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007fedd8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=772f0000 'C:\Windows\system32\ntdll.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008004b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74ab0000 'C:\Windows\system32\WINTRUST.DLL' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75520000 'C:\Windows\system32\CRYPT32.dll' 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'crypt32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'userenv.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume2\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00812fa8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 75620000 LB 0x00035000 C:\Windows\system32\ncrypt.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75620000 'C:\Windows\system32\ncrypt.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008031b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75620000 'C:\Windows\system32\ncrypt.dll' 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'slc.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'slc.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'slc.dll' -> '\Device\HarddiskVolume2\Windows\System32\slc.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\SLC.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SLC.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0082f210:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 74dc0000 LB 0x00015000 C:\Windows\system32\GPAPI.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\SLC.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 751f0000 LB 0x0003a000 C:\Windows\system32\slc.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\SLC.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74dc0000 'C:\Windows\system32\GPAPI.dll' 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'crypt32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'wldap32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sensapi.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shlwapi.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sensapi.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'sensapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\sensapi.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\SensApi.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SensApi.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00845c88:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 6d640000 LB 0x0001b000 C:\Windows\system32\cryptnet.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\SensApi.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 6f2a0000 LB 0x00006000 C:\Windows\system32\SensApi.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\SensApi.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 76280000 LB 0x00059000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'shlwapi.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00846780:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 748a0000 LB 0x0019e000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=748a0000 'C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00847100:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d640000 'C:\Windows\system32\cryptnet.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00847100:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d640000 'C:\Windows\system32\cryptnet.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00847100:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d640000 'C:\Windows\system32\cryptnet.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00847100:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d640000 'C:\Windows\system32\cryptnet.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00847100:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d640000 'C:\Windows\system32\cryptnet.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d640000 'C:\Windows\system32\cryptnet.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d640000 'C:\Windows\system32\cryptnet.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d640000 'C:\Windows\system32\cryptnet.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d640000 'C:\Windows\system32\cryptnet.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d640000 'C:\Windows\system32\cryptnet.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d640000 'C:\Windows\system32\cryptnet.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d640000 'C:\Windows\system32\cryptnet.dll' 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'shlwapi.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHELL32.dll (Input=SHELL32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00847100:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 767d0000 LB 0x00b11000 C:\Windows\system32\SHELL32.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00847758:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=748a0000 'C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Input=comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00847850:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=748a0000 'C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\SHELL32.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ole32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008497d8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=762e0000 'C:\Windows\system32\ole32.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008477d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75870000 'C:\Windows\system32\USERENV.dll' 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'psapi.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\netapi32.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\netapi32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\psapi.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\NETAPI32.dll (Input=NETAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00847100:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\netapi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\netapi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 75660000 LB 0x00076000 C:\Windows\system32\NETAPI32.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\netapi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75660000 'C:\Windows\system32\NETAPI32.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008477d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75870000 'C:\Windows\system32\USERENV.dll' 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ole32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\setupapi.dll (Input=setupapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00849428:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 760f0000 LB 0x0018a000 C:\Windows\system32\setupapi.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 76430000 LB 0x0008d000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=760f0000 'C:\Windows\system32\setupapi.dll' 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cabinet.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cabinet.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ole32.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Cabinet.dll (Input=Cabinet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00847100:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cabinet.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cabinet.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedDllNotificationCallback: load 730b0000 LB 0x00015000 C:\Windows\system32\Cabinet.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cabinet.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=730b0000 'C:\Windows\system32\Cabinet.dll' 14c.1510: supR3HardenedDllNotificationCallback: Unload 760f0000 LB 0x0018a000 C:\Windows\system32\setupapi.dll [flags=0x0] 14c.1510: supR3HardenedDllNotificationCallback: Unload 76430000 LB 0x0008d000 C:\Windows\system32\OLEAUT32.dll [flags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d640000 'C:\Windows\system32\cryptnet.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000 pwszName=\SystemRoot\System32\ntdll.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: New context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FF3535799C51EB44CD83404949908B76DF91F6DB 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_6_for_KB2393802~31bf3856ad364e35~x86~~6.0.1.3.cat'; file='\SystemRoot\System32\ntdll.dll' 14c.1510: g_pfnWinVerifyTrust=74ab3428 14c.1510: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust] 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000ec pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6F7B0D4323581E660C11511C260C4FBFF94DCD5B 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' 14c.1510: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust] 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C0F63A903A98FF6A9032B2073360C3D229D092DF 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB978601~31bf3856ad364e35~x86~~6.0.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000454 pwszName=\Device\HarddiskVolume2\Windows\System32\cabinet.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E611AD13DD4A53E14526E51AA2EB858B6B9D57F 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.cat'; file='\Device\HarddiskVolume2\Windows\System32\cabinet.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cabinet.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000440 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C558DDE5582A72FE2DEB0C9F94C40B519C7A9B0D 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2476490~31bf3856ad364e35~x86~~6.0.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000434 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=641561B00DC41E3AD71E274BA2145275F0211E92 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000041c pwszName=\Device\HarddiskVolume2\Windows\System32\netapi32.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E84BD01474D369B14701D687932A14CC61D8FB8B 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\netapi32.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\netapi32.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000003ec pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BF550864F519612984C66700EF7F60432C966806 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2483185~31bf3856ad364e35~x86~~6.0.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000003d8 pwszName=\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=35C0962CF759B3B3659D66723F630C7482957CE2 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2296011~31bf3856ad364e35~x86~~6.0.1.3.cat'; file='\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000003c8 pwszName=\Device\HarddiskVolume2\Windows\System32\SensApi.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3B41EE7BB0EBB266C5891A2EC2B303B4835F69F5 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume2\Windows\System32\SensApi.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SensApi.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000003c4 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66F873C89A72D8FEE80463F760740BF03B43F4E5 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2483185~31bf3856ad364e35~x86~~6.0.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000003c0 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=532D5E3F9709C5E16AD9FD4D08AA5349626D125E 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000002e0 pwszName=\Device\HarddiskVolume2\Windows\System32\SLC.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1328E3A55E3BC9F880665E0EE187DB6F12668091 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\SLC.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SLC.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000002dc pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CECA98D06B01D1B0375515D3C03E461D00DA2A71 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000248 pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=33DCD9DDD628373850CB286105CEA8D12CCEDEAF 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll' 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001e8 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=45AA3F104A9030AAA77B62E76F282F3A7DC474FA 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000184 pwszName=\Device\HarddiskVolume2\Windows\System32\psapi.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C2C462C2A700D41B0B6D3E0058280EBA5049E2DF 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume2\Windows\System32\psapi.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\psapi.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000180 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4DA3D5AF5FE3732E7846F48830ABEFCD2E513DA4 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000017c pwszName=\Device\HarddiskVolume2\Windows\System32\samlib.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BF6E1C33CE180F908D113062679C18C695673BCA 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\samlib.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\samlib.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000174 pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=400C8C14D24E9AB9F3076B56ECE11705127C74D1 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_8_for_KB979687~31bf3856ad364e35~x86~~6.0.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ole32.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000178 pwszName=\Device\HarddiskVolume2\Windows\System32\ntmarta.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0D049B7CE7658FD351F0E9F31FCF5FD934966175 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntmarta.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntmarta.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000013c pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28799D3F50281C7B616DBC7F6635BC5F3991F3C 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\nsi.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000138 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F7186185261A4CEF974384C1E629BF91E444F236 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000134 pwszName=\Device\HarddiskVolume2\Program Files\Google\Google Desktop Search\GOEC62~1.DLL 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C0CC173DD605BB8AFCBA5725B25702DAB6374B9F 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0) 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: New context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C0CC173DD605BB8AFCBA5725B25702DAB6374B9F 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168) 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Google\Google Desktop Search\GOEC62~1.DLL' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000012c pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A6B87D28C569B5F001EACDBA146D425B1FBA4477 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB981322~31bf3856ad364e35~x86~~6.0.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000128 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9E4721D9BF2AD6136FEABE540CE0786DD1C67E85 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2507618~31bf3856ad364e35~x86~~6.0.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000010c pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4CA6C83A93BF839C1EDA0F0DCD4EB6E5BC4082D7 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000110 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=141BE7DBBE80C24F35BE31B8CB35950CA1CFDFC8 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000fc pwszName=\Device\HarddiskVolume2\Windows\System32\secur32.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8EB32246B274867F030E4718F18052C87F3250A7 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB975467~31bf3856ad364e35~x86~~6.0.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\secur32.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\secur32.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000f8 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EAA8A47531DCB5DF61076BACE46A53BA796A9273 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000f4 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D57D0C824328DDDBF8DDB3AF8805D546C083069E 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000f0 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8CCF37979CF416BB75494D62213CC930137296D9 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000e8 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C598BF1BAEAFFA0C758D08B6D004BA120BA2680 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0CF2D3399816685DD64EF14614CF8487FBC369D6 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6AC440C819CED7F29F5887C1C6708A4E84B86A31 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB974571~31bf3856ad364e35~x86~~6.0.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8FF927E8E649D4E7EC3728F864C15E6E83956BDC 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=820910CD57150547DA50DC0DBBE876D9B47EBF61 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB970238~31bf3856ad364e35~x86~~6.0.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000001c pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0C769FE5C84C7D7EBF555E1D8E7903636F7DE02F 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2533623~31bf3856ad364e35~x86~~6.0.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75520000 'C:\Windows\system32\crypt32.dll' 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp. 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3 14c.1510: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root 14c.1510: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=36 14c.1510: SUPR3HardenedMain: Load Runtime... 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00837758:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 14c.1510: supR3HardenedDllNotificationCallback: load 68740000 LB 0x00478000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 14c.1510: supR3HardenedDllNotificationCallback: load 6bd60000 LB 0x000bf000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 14c.1510: supR3HardenedDllNotificationCallback: load 6a450000 LB 0x00069000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=012d7ad0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=012d7ad0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=012d7ad0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=012d7ad0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=012d7ad0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=012d7ad0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=012d7ad0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68740000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0085ecf8:C:\Windows\system32 [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74ab0000 'C:\Windows\system32\Wintrust.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75520000 'C:\Windows\system32\crypt32.dll' 14c.1510: SUPR3HardenedMain: Load TrustedMain... 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5printsupportvbox.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5openglvbox.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'shell32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'ole32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004f4 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EBDA0D97E1AD6F79767E167835AECCE0B7F7B3ED 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'oleacc.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'rpcrt4.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000051c pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9FFE8DD93F4B7C85D01E0C821A4AEE883FB8E9F0 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000510 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2DC0A2208075D8D770A49D428C496335A9493681 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'dciman32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'setupapi.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'dwmapi.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000524 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=92E78F25B68780C5A3083490E5F5D1D892FA5859 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000520 pwszName=\Device\HarddiskVolume2\Windows\System32\mpr.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=365BC38FF0354C92194B4B9C03D3E47D8ACAEA2F 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\mpr.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000540 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=457D31445169107D4861265C9C3E19B639F927EF 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shlwapi.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comctl32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'shell32.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008] 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000538 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1CD4382B047CE70B406FD191C1C3A2B7759C357F 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_23_for_KB2117917~31bf3856ad364e35~x86~~6.0.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleacc.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleacc.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleacc.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000548 pwszName=\Device\HarddiskVolume2\Windows\System32\oleacc.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=25CD43BC49CFB3DE8C4A6F4EBD96ACBA53716F06 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleacc.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleacc.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleacc.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0] 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000054c pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AF3541492BF925290FE715287CC854A38F3506C2 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_6_for_KB2296011~31bf3856ad364e35~x86~~6.0.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000052c pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CCDDBC56A74100552BB90AFFA59095F702D856D0 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000564 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7F4CE6CF821E8E0890BA137CA712B54267683EDB 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2507618~31bf3856ad364e35~x86~~6.0.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00837758:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll 14c.1510: supR3HardenedDllNotificationCallback: load 67500000 LB 0x0091e000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll 14c.1510: supR3HardenedDllNotificationCallback: load 6d310000 LB 0x000cb000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll 14c.1510: supR3HardenedDllNotificationCallback: load 6d4e0000 LB 0x00023000 C:\Windows\system32\GLU32.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll 14c.1510: supR3HardenedDllNotificationCallback: load 6d220000 LB 0x000e5000 C:\Windows\system32\DDRAW.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll 14c.1510: supR3HardenedDllNotificationCallback: load 6dd00000 LB 0x00006000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll 14c.1510: supR3HardenedDllNotificationCallback: load 760f0000 LB 0x0018a000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll 14c.1510: supR3HardenedDllNotificationCallback: load 76430000 LB 0x0008d000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll 14c.1510: supR3HardenedDllNotificationCallback: load 750e0000 LB 0x0000c000 C:\Windows\system32\dwmapi.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 14c.1510: supR3HardenedDllNotificationCallback: load 695f0000 LB 0x00265000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll 14c.1510: supR3HardenedDllNotificationCallback: load 73060000 LB 0x00007000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 14c.1510: supR3HardenedDllNotificationCallback: load 69160000 LB 0x00482000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll 14c.1510: supR3HardenedDllNotificationCallback: load 75230000 LB 0x00014000 C:\Windows\system32\MPR.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 14c.1510: supR3HardenedDllNotificationCallback: load 669f0000 LB 0x004d7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll 14c.1510: supR3HardenedDllNotificationCallback: load 682e0000 LB 0x0045a000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll 14c.1510: supR3HardenedDllNotificationCallback: load 6b580000 LB 0x00044000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv 14c.1510: supR3HardenedDllNotificationCallback: load 74850000 LB 0x00042000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv 14c.1510: supR3HardenedDllNotificationCallback: load 766b0000 LB 0x00073000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll 14c.1510: supR3HardenedDllNotificationCallback: load 6ff60000 LB 0x00085000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\COMCTL32.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll [avoiding WinVerifyTrust] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll 14c.1510: supR3HardenedDllNotificationCallback: load 6af00000 LB 0x00046000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll 14c.1510: supR3HardenedDllNotificationCallback: load 73100000 LB 0x00032000 C:\Windows\system32\WINMM.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleacc.dll 14c.1510: supR3HardenedDllNotificationCallback: load 74f30000 LB 0x00039000 C:\Windows\system32\OLEACC.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleacc.dll 14c.1510: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll'. 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll' [rescheduled] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=764c0000 'C:\Windows\system32\imm32.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75c20000 'C:\Windows\system32\ADVAPI32.DLL' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=67500000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll' 14c.1510: SUPR3HardenedMain: Calling TrustedMain (675014a0)... 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll 14c.1510: supR3HardenedDllNotificationCallback: load 6a0b0000 LB 0x000f3000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6a0b0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll' 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'secur32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'firewallapi.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcss.dll) 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcss.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000005b0 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcss.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=15A1D7682FD0A6E91D5801A59FA0C80F152B0414 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcss.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcss.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000005b4 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F70E6A9C3CA48A924A263F00940F6925D4256A70 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'firewallapi.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'firewallapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\firewallapi.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000005cc pwszName=\Device\HarddiskVolume2\Windows\System32\FirewallAPI.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3E38E93EB4C6F5A4EDD7A03B17ED3BB85457D661 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\FirewallAPI.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'version.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\FirewallAPI.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\FirewallAPI.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'secur32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'secur32.dll' -> '\Device\HarddiskVolume2\Windows\System32\secur32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\secur32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000005d4 pwszName=\Device\HarddiskVolume2\Windows\System32\version.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5767DD68E8AC237BC924031B2EED8CC2D38E7180 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\version.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\version.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (Input=uxtheme.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 14c.1510: supR3HardenedDllNotificationCallback: load 740a0000 LB 0x0003f000 C:\Windows\system32\uxtheme.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=740a0000 'C:\Windows\system32\uxtheme.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (Input=uxtheme.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01383070:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=740a0000 'C:\Windows\system32\uxtheme.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (Input=uxtheme.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01383070:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=740a0000 'C:\Windows\system32\uxtheme.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (Input=uxtheme.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01383070:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=740a0000 'C:\Windows\system32\uxtheme.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76730000 'C:\Windows\system32\user32.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\shell32.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Windows\system32\wintab32.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01383070:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73100000 'C:\Windows\system32\winmm.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01383070:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73100000 'C:\Windows\system32\winmm.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\shell32.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01383070:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=740a0000 'C:\Windows\system32\uxtheme.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000005a8 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=08091F55483AD818DD771B8FC59617E4BD7AD7FC 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ksuser.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'mmdevapi.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'avrt.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000005b8 pwszName=\Device\HarddiskVolume2\Windows\System32\avrt.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8D97A63B9E3BC9C3480ED3CD37DC289C5AE96F8D 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.cat'; file='\Device\HarddiskVolume2\Windows\System32\avrt.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000005c8 pwszName=\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B74A8B7C9F25816C926A8DE1D08F2839BD25D9C9 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shlwapi.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000005f8 pwszName=\Device\HarddiskVolume2\Windows\System32\ksuser.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7D5BEE7280E1AA7379595A66D1276EACACBF0A2B 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ksuser.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01383070:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv 14c.1510: supR3HardenedDllNotificationCallback: load 72ed0000 LB 0x0002f000 C:\Windows\system32\wdmaud.drv [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll 14c.1510: supR3HardenedDllNotificationCallback: load 72ec0000 LB 0x00004000 C:\Windows\system32\ksuser.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll 14c.1510: supR3HardenedDllNotificationCallback: load 730d0000 LB 0x00028000 C:\Windows\system32\MMDevAPI.DLL [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll 14c.1510: supR3HardenedDllNotificationCallback: load 73f50000 LB 0x00007000 C:\Windows\system32\AVRT.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72ed0000 'C:\Windows\system32\wdmaud.drv' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72ed0000 'C:\Windows\system32\wdmaud.drv' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=730d0000 'C:\Windows\system32\MMDevAPI.DLL' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72ed0000 'C:\Windows\system32\wdmaud.drv' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=730d0000 'C:\Windows\system32\MMDEVAPI.DLL' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72ed0000 'C:\Windows\system32\wdmaud.drv' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72ed0000 'C:\Windows\system32\wdmaud.drv' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=760f0000 'C:\Windows\system32\SETUPAPI.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.dll (Input=WINTRUST.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74ab0000 'C:\Windows\system32\WINTRUST.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000614 pwszName=\Device\HarddiskVolume2\Windows\System32\AudioSes.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3C4226A9557DFFA61CFF44C96F97A5695D46CD74 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\AudioSes.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'mmdevapi.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'audioeng.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'audioeng.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'audioeng.dll' -> '\Device\HarddiskVolume2\Windows\System32\audioeng.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000005fc pwszName=\Device\HarddiskVolume2\Windows\System32\AudioEng.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F107262B591007A5007F4C60D2FA161859DDF051 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\AudioEng.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'psapi.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'avrt.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioEng.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioEng.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\psapi.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll 14c.1510: supR3HardenedDllNotificationCallback: load 71c00000 LB 0x00021000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioEng.dll 14c.1510: supR3HardenedDllNotificationCallback: load 71b90000 LB 0x00066000 C:\Windows\system32\audioeng.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioEng.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=71c00000 'C:\Windows\system32\AUDIOSES.DLL' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72ed0000 'C:\Windows\system32\wdmaud.drv' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72ed0000 'C:\Windows\system32\wdmaud.drv' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72ed0000 'C:\Windows\system32\wdmaud.drv' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72ed0000 'C:\Windows\system32\wdmaud.drv' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72ed0000 'C:\Windows\system32\wdmaud.drv' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72ed0000 'C:\Windows\system32\wdmaud.drv' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72ed0000 'C:\Windows\system32\wdmaud.drv' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72ed0000 'C:\Windows\system32\wdmaud.drv' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72ed0000 'C:\Windows\system32\wdmaud.drv' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000618 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3C8EE2167F1C689FBE7F47D4D1F8E8BFB9FA858 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000638 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DD44A40D03EA386AD0F936A0CA22C89E9BA719CB 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv 14c.1510: supR3HardenedDllNotificationCallback: load 71b20000 LB 0x00009000 C:\Windows\system32\msacm32.drv [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll 14c.1510: supR3HardenedDllNotificationCallback: load 71b00000 LB 0x00014000 C:\Windows\system32\MSACM32.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=71b20000 'C:\Windows\system32\msacm32.drv' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=71b20000 'C:\Windows\system32\msacm32.drv' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=71b20000 'C:\Windows\system32\msacm32.drv' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=71b20000 'C:\Windows\system32\msacm32.drv' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=71b20000 'C:\Windows\system32\msacm32.drv' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=71b20000 'C:\Windows\system32\msacm32.drv' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000063c pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9EA8FBB325A6B30D60F800843F9D493C2E7184FF 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll 14c.1510: supR3HardenedDllNotificationCallback: load 71af0000 LB 0x00007000 C:\Windows\system32\midimap.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=71af0000 'C:\Windows\system32\midimap.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=71af0000 'C:\Windows\system32\midimap.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=71af0000 'C:\Windows\system32\midimap.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=71af0000 'C:\Windows\system32\midimap.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75c20000 'C:\Windows\system32\advapi32.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75870000 'C:\Windows\system32\userenv.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76010000 'C:\Windows\system32\kernel32.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000644 pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03C3E2D2EE38C21866AD93B1776BCD5D74BD06C0 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll 14c.1510: supR3HardenedDllNotificationCallback: load 75b90000 LB 0x00084000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75b90000 'C:\Windows\system32\CLBCatQ.DLL' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLE32.dll (Input=OLE32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=762e0000 'C:\Windows\system32\OLE32.dll' 14c.1444: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 14c.1444: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 14c.1444: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'. 14c.1444: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'. 14c.1444: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. 14c.1444: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. 14c.1444: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'. 14c.1444: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust 14c.1444: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll 14c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 14c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 14c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 14c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 14c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 14c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 14c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 14c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 14c.1444: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 14c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 14c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 14c.1444: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 14c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 14c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 14c.1444: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1444: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll 14c.1444: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll 14c.1444: supR3HardenedDllNotificationCallback: load 66560000 LB 0x00490000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0] 14c.1444: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll 14c.1444: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=66560000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll' 14c.1444: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 14c.1444: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 14c.1444: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 14c.1444: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'. 14c.1444: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. 14c.1444: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'. 14c.1444: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStubLegacy.dll) WinVerifyTrust 14c.1444: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStubLegacy.dll 14c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 14c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 14c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 14c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 14c.1444: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll 14c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 14c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 14c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 14c.1444: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 14c.1444: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStubLegacy.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=01389ef8:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1444: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStubLegacy.dll 14c.1444: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStubLegacy.dll 14c.1444: supR3HardenedDllNotificationCallback: load 69aa0000 LB 0x00070000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStubLegacy.dll [fFlags=0x0] 14c.1444: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStubLegacy.dll 14c.1444: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=69aa0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStubLegacy.dll' 14c.1444: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76430000 'C:\Windows\system32\oleaut32.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75e00000 'C:\Windows\system32\gdi32.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\shell32.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=762e0000 'C:\Windows\system32\ole32.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\shell32.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\shell32.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=762e0000 'C:\Windows\system32\ole32.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76430000 'C:\Windows\system32\OLEAUT32.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000009c8 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C67CEB14B249F2A4B62F3F8614B044CD0CBFD656 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000009cc pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9D66D0BA8D26C0B7D86E0BF2CB4C4C6A2CE04AB5 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02ae0da0:C:\Windows\system32\wbem;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll 14c.1510: supR3HardenedDllNotificationCallback: load 6e170000 LB 0x0000b000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll 14c.1510: supR3HardenedDllNotificationCallback: load 6e590000 LB 0x0005b000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e170000 'C:\Windows\system32\wbem\wbemprox.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000009f4 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=26D4515A7F14B33628C2A738291B215B537E267A 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02ae2f50:C:\Windows\system32\wbem;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll 14c.1510: supR3HardenedDllNotificationCallback: load 6e0e0000 LB 0x00010000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e0e0000 'C:\Windows\system32\wbem\wbemsvc.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000009fc pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D54CB66D98D7F57AD86A87884B091B6C98BAA885 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000009dc pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=351D7D271EDA34F44BC265EB68426AFBA3CE1154 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'dnsapi.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'wldap32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'netapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'secur32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ws2_32.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'secur32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'secur32.dll' -> '\Device\HarddiskVolume2\Windows\System32\secur32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\secur32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'netapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\netapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netapi32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dnsapi.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'dnsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dnsapi.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000a08 pwszName=\Device\HarddiskVolume2\Windows\System32\dnsapi.dll 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AF63A52F8BCA6C97942D09CCFF782FD115E1DB1C 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2509553~31bf3856ad364e35~x86~~6.0.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dnsapi.dll' 14c.1510: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'. 14c.1510: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'. 14c.1510: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dnsapi.dll) WinVerifyTrust 14c.1510: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dnsapi.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.1510: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02ae9e90:C:\Windows\system32\wbem;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll 14c.1510: supR3HardenedDllNotificationCallback: load 6df10000 LB 0x00099000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll 14c.1510: supR3HardenedDllNotificationCallback: load 75270000 LB 0x00018000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll 14c.1510: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dnsapi.dll 14c.1510: supR3HardenedDllNotificationCallback: load 75290000 LB 0x0002c000 C:\Windows\system32\DNSAPI.dll [fFlags=0x0] 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dnsapi.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6df10000 'C:\Windows\system32\wbem\fastprox.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73100000 'C:\Windows\system32\WINMM.dll' 14c.12e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 14c.12e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 14c.12e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 14c.12e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 14c.12e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust 14c.12e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll 14c.12e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.12e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.12e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 14c.12e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 14c.12e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 14c.12e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 14c.12e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 14c.12e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 14c.12e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 14c.12e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02ae0f68:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.12e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll 14c.12e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll 14c.12e0: supR3HardenedDllNotificationCallback: load 70390000 LB 0x00009000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0] 14c.12e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll 14c.12e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=70390000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL' 14c.12e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76730000 'C:\Windows\system32\User32.dll' 14c.1254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 14c.1254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 14c.1254: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 14c.1254: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust 14c.1254: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll 14c.1254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 14c.1254: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 14c.1254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 14c.1254: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 14c.1254: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 14c.1254: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 14c.1254: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 14c.1254: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 14c.1254: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02ae0f68:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1254: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll 14c.1254: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll 14c.1254: supR3HardenedDllNotificationCallback: load 6d930000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0] 14c.1254: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll 14c.1254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d930000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL' 14c.f4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 14c.f4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 14c.f4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 14c.f4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust 14c.f4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll 14c.f4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 14c.f4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 14c.f4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 14c.f4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 14c.f4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 14c.f4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 14c.f4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02ae0f68:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.f4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll 14c.f4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll 14c.f4c: supR3HardenedDllNotificationCallback: load 6d920000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0] 14c.f4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll 14c.f4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d920000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL' 14c.1090: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 14c.1090: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 14c.1090: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 14c.1090: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust 14c.1090: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll 14c.1090: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 14c.1090: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 14c.1090: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 14c.1090: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 14c.1090: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 14c.1090: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 14c.1090: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02ae0f68:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1090: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll 14c.1090: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll 14c.1090: supR3HardenedDllNotificationCallback: load 6d840000 LB 0x00009000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0] 14c.1090: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll 14c.1090: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d840000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL' 14c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\Shell32.dll' 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'. 14c.14ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM64.dll) WinVerifyTrust 14c.14ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM64.dll 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxREM64.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02ae0f68:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM64.dll 14c.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM64.dll 14c.14ac: supR3HardenedDllNotificationCallback: load 67ec0000 LB 0x0014c000 C:\Program Files\Oracle\VirtualBox\VBoxREM64.DLL [fFlags=0x0] 14c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM64.dll 14c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=67ec0000 'C:\Program Files\Oracle\VirtualBox\VBoxREM64.DLL' 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'. 14c.14ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust 14c.14ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000c70 pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A0B7219CD66039E2566D8C40CB2214705F343A41 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL' 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dhcpcsvc.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'dhcpcsvc6.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'nsi.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'winnsi.dll'. 14c.14ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust 14c.14ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 14c.14ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust 14c.14ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. 14c.14ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust 14c.14ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000c58 pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3B80DCF6370714DA0596BC3C92476B6401605009 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll' 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'. 14c.14ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust 14c.14ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dhcpcsvc6.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'dhcpcsvc6.dll' -> '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000c7c pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=ECE2CB2EE2EE563C4F7D166E7226607B1BEFC564 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll' 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'nsi.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'winnsi.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dnsapi.dll'. 14c.14ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll) WinVerifyTrust 14c.14ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dhcpcsvc.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'dhcpcsvc.dll' -> '\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000c5c pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=ABFFFB3D45677EF13EC9B78D8FCE6316F289F619 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll' 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dnsapi.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'secur32.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'nsi.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'winnsi.dll'. 14c.14ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll) WinVerifyTrust 14c.14ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'secur32.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'secur32.dll' -> '\Device\HarddiskVolume2\Windows\System32\secur32.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\secur32.dll 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dnsapi.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'dnsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dnsapi.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dnsapi.dll 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dnsapi.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'dnsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dnsapi.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dnsapi.dll 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02ae0f68:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll 14c.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll 14c.14ac: supR3HardenedDllNotificationCallback: load 63a50000 LB 0x0094c000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0] 14c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll 14c.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll 14c.14ac: supR3HardenedDllNotificationCallback: load 703e0000 LB 0x00050000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0] 14c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll 14c.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll 14c.14ac: supR3HardenedDllNotificationCallback: load 69880000 LB 0x0005b000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0] 14c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll 14c.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL 14c.14ac: supR3HardenedDllNotificationCallback: load 75190000 LB 0x00019000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0] 14c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL 14c.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll 14c.14ac: supR3HardenedDllNotificationCallback: load 75150000 LB 0x00035000 C:\Windows\system32\dhcpcsvc.DLL [fFlags=0x0] 14c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll 14c.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll 14c.14ac: supR3HardenedDllNotificationCallback: load 75140000 LB 0x00007000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0] 14c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll 14c.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll 14c.14ac: supR3HardenedDllNotificationCallback: load 75110000 LB 0x00022000 C:\Windows\system32\dhcpcsvc6.DLL [fFlags=0x0] 14c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll 14c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=63a50000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL' 14c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll 14c.14ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02ae0f68:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=66560000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL' 14c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll 14c.14ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02ae0f68:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=69880000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL' 14c.15b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 14c.15b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 14c.15b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 14c.15b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust 14c.15b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll 14c.15b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 14c.15b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 14c.15b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 14c.15b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 14c.15b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 14c.15b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 14c.15b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 14c.15b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02ae0f68:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.15b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll 14c.15b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll 14c.15b0: supR3HardenedDllNotificationCallback: load 6d6f0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0] 14c.15b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll 14c.15b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d6f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL' 14c.1718: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76430000 'C:\Windows\system32\OLEAUT32.dll' 14c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL 14c.14ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02ae0f68:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75190000 'C:\Windows\system32\Iphlpapi.dll' 14c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL 14c.14ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02aea128:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75190000 'C:\Windows\system32\IPHLPAPI.DLL' 14c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL 14c.14ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02aea128:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75190000 'C:\Windows\system32\IPHLPAPI.DLL' 14c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll 14c.14ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02afdd28:C:\Windows\System32;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=730d0000 'C:\Windows\System32\MMDevApi.dll' 14c.5a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=760f0000 'C:\Windows\system32\SETUPAPI.DLL' 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000e40 pwszName=\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9AB450F96B20736D899B978F94FD1071ED1BFD20 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.cat'; file='\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll' 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 14c.14ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll) WinVerifyTrust 14c.14ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WTSAPI32.dll (Input=WTSAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02aea128:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll 14c.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll 14c.14ac: supR3HardenedDllNotificationCallback: load 74290000 LB 0x0000a000 C:\Windows\system32\WTSAPI32.dll [fFlags=0x0] 14c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll 14c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74290000 'C:\Windows\system32\WTSAPI32.dll' 14c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76730000 'C:\Windows\system32\USER32.dll' 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000e50 pwszName=\Device\HarddiskVolume2\Windows\System32\winsta.dll 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D0BDA81D62D7A0C9E5C690D4983E731746E8338D 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_30_for_KB936330~31bf3856ad364e35~x86~~6.0.1.18000.cat'; file='\Device\HarddiskVolume2\Windows\System32\winsta.dll' 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. 14c.14ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winsta.dll) WinVerifyTrust 14c.14ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winsta.dll 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINSTA.dll (Input=WINSTA.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02aea128:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winsta.dll 14c.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winsta.dll 14c.14ac: supR3HardenedDllNotificationCallback: load 74f00000 LB 0x00025000 C:\Windows\system32\WINSTA.dll [fFlags=0x0] 14c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winsta.dll 14c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74f00000 'C:\Windows\system32\WINSTA.dll' 14c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winsta.dll 14c.14ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winsta.dll (Input=winsta.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02aea128:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74f00000 'C:\Windows\system32\winsta.dll' 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000e54 pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3A271B7E4EAC5D6AB2B1670324DC31D37AE25EC6 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll' 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'. 14c.14ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust 14c.14ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000e74 pwszName=\Device\HarddiskVolume2\Windows\System32\powrprof.dll 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 007f1658 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=007f1658 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F8E343330044956DDDBAE4D620067DAE1981E5C4 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_25_for_KB948465~31bf3856ad364e35~x86~~6.0.1.18005.cat'; file='\Device\HarddiskVolume2\Windows\System32\powrprof.dll' 14c.14ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 14c.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'. 14c.14ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll) WinVerifyTrust 14c.14ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14c.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14c.14ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (Input=dsound.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02aea128:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll 14c.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll 14c.14ac: supR3HardenedDllNotificationCallback: load 6d510000 LB 0x00070000 C:\Windows\system32\dsound.dll [fFlags=0x0] 14c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll 14c.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll 14c.14ac: supR3HardenedDllNotificationCallback: load 74b50000 LB 0x0001a000 C:\Windows\system32\POWRPROF.dll [fFlags=0x0] 14c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll 14c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll 14c.14ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02aea2f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d510000 'C:\Windows\system32\dsound.dll' 14c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d510000 'C:\Windows\system32\dsound.dll' 14c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll 14c.14ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02aea128:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d510000 'C:\Windows\system32\dsound.dll' 14c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73100000 'C:\Windows\system32\winmm.dll' 14c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73100000 'C:\Windows\system32\winmm.dll' 14c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73100000 'C:\Windows\system32\winmm.dll' 14c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73100000 'C:\Windows\system32\winmm.dll' 14c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll 14c.14ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02aea128:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73100000 'C:\Windows\system32\winmm.dll' 14c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73100000 'C:\Windows\system32\winmm.dll' 14c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73100000 'C:\Windows\system32\winmm.dll' 14c.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll 14c.14ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02aea128:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d510000 'C:\Windows\system32\dsound.dll' 14c.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73100000 'C:\Windows\system32\winmm.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\shell32.dll' 14c.1510: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll 14c.1510: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02aea128:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\shell32.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\shell32.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\shell32.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\shell32.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\shell32.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\shell32.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\shell32.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\shell32.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\shell32.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\shell32.dll' 14c.1510: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=767d0000 'C:\Windows\system32\shell32.dll'