VirtualBox

Ticket #14058: VBoxStartup.log

File VBoxStartup.log, 330.5 KB (added by S T, 10 years ago)

Startup log for VM snapshot issue

Line 
1680.12cc: Log file opened: 4.3.26r98988 g_hStartupLog=000000000000008c g_uNtVerCombined=0x611db110
2680.12cc: \SystemRoot\System32\ntdll.dll:
3680.12cc: CreationTime: 2015-04-15T10:34:19.759084800Z
4680.12cc: LastWriteTime: 2015-03-17T05:19:37.641771700Z
5680.12cc: ChangeTime: 2015-04-16T15:12:58.858418200Z
6680.12cc: FileAttributes: 0x20
7680.12cc: Size: 0x1a5da0
8680.12cc: NT Headers: 0xe0
9680.12cc: Timestamp: 0x5507b864
10680.12cc: Machine: 0x8664 - amd64
11680.12cc: Timestamp: 0x5507b864
12680.12cc: Image Version: 6.1
13680.12cc: SizeOfImage: 0x1a8000 (1736704)
14680.12cc: Resource Dir: 0x14c000 LB 0x5a028
15680.12cc: ProductName: Microsoft® Windows® Operating System
16680.12cc: ProductVersion: 6.1.7601.18798
17680.12cc: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
18680.12cc: FileDescription: NT Layer DLL
19680.12cc: \SystemRoot\System32\kernel32.dll:
20680.12cc: CreationTime: 2015-04-15T10:34:19.603084500Z
21680.12cc: LastWriteTime: 2015-03-17T05:16:34.921000000Z
22680.12cc: ChangeTime: 2015-04-16T15:12:59.092418600Z
23680.12cc: FileAttributes: 0x20
24680.12cc: Size: 0x11c000
25680.12cc: NT Headers: 0xe8
26680.12cc: Timestamp: 0x5507b879
27680.12cc: Machine: 0x8664 - amd64
28680.12cc: Timestamp: 0x5507b879
29680.12cc: Image Version: 6.1
30680.12cc: SizeOfImage: 0x11f000 (1175552)
31680.12cc: Resource Dir: 0x116000 LB 0x528
32680.12cc: ProductName: Microsoft® Windows® Operating System
33680.12cc: ProductVersion: 6.1.7601.18798
34680.12cc: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
35680.12cc: FileDescription: Windows NT BASE API Client DLL
36680.12cc: \SystemRoot\System32\KernelBase.dll:
37680.12cc: CreationTime: 2015-04-15T10:34:19.618684500Z
38680.12cc: LastWriteTime: 2015-03-17T05:16:34.921000000Z
39680.12cc: ChangeTime: 2015-04-16T15:12:59.108018700Z
40680.12cc: FileAttributes: 0x20
41680.12cc: Size: 0x67a00
42680.12cc: NT Headers: 0xe8
43680.12cc: Timestamp: 0x5507b87a
44680.12cc: Machine: 0x8664 - amd64
45680.12cc: Timestamp: 0x5507b87a
46680.12cc: Image Version: 6.1
47680.12cc: SizeOfImage: 0x6c000 (442368)
48680.12cc: Resource Dir: 0x6a000 LB 0x530
49680.12cc: ProductName: Microsoft® Windows® Operating System
50680.12cc: ProductVersion: 6.1.7601.18798
51680.12cc: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
52680.12cc: FileDescription: Windows NT BASE API Client DLL
53680.12cc: \SystemRoot\System32\apisetschema.dll:
54680.12cc: CreationTime: 2015-04-15T10:34:16.373878800Z
55680.12cc: LastWriteTime: 2015-03-17T05:11:07.952000000Z
56680.12cc: ChangeTime: 2015-04-16T15:12:58.842818200Z
57680.12cc: FileAttributes: 0x20
58680.12cc: Size: 0x1a00
59680.12cc: NT Headers: 0xc0
60680.12cc: Timestamp: 0x5507b7b1
61680.12cc: Machine: 0x8664 - amd64
62680.12cc: Timestamp: 0x5507b7b1
63680.12cc: Image Version: 6.1
64680.12cc: SizeOfImage: 0x50000 (327680)
65680.12cc: Resource Dir: 0x30000 LB 0x3f8
66680.12cc: ProductName: Microsoft® Windows® Operating System
67680.12cc: ProductVersion: 6.1.7601.18798
68680.12cc: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
69680.12cc: FileDescription: ApiSet Schema DLL
70680.12cc: NtOpenDirectoryObject failed on \Driver: 0xc0000022
71680.12cc: supR3HardenedWinFindAdversaries: 0x8
72680.12cc: \SystemRoot\System32\drivers\tmcomm.sys:
73680.12cc: CreationTime: 2014-12-07T20:00:07.774365900Z
74680.12cc: LastWriteTime: 2014-07-14T07:39:36.000000000Z
75680.12cc: ChangeTime: 2014-12-07T20:00:08.257966700Z
76680.12cc: FileAttributes: 0x20
77680.12cc: Size: 0x4aaa8
78680.12cc: NT Headers: 0xe8
79680.12cc: Timestamp: 0x53c3890f
80680.12cc: Machine: 0x8664 - amd64
81680.12cc: Timestamp: 0x53c3890f
82680.12cc: Image Version: 6.0
83680.12cc: SizeOfImage: 0x4e000 (319488)
84680.12cc: Resource Dir: 0x4c000 LB 0x760
85680.12cc: ProductName: Trend Micro Eyes
86680.12cc: ProductVersion: 6.50
87680.12cc: FileVersion: 6.50.0.1041
88680.12cc: SpecialBuild: 1041
89680.12cc: PrivateBuild: Build 1041 - 7/14/2014
90680.12cc: FileDescription: TrendMicro Common Module
91680.12cc: \SystemRoot\System32\drivers\tmactmon.sys:
92680.12cc: CreationTime: 2014-12-07T20:00:07.774365900Z
93680.12cc: LastWriteTime: 2014-07-14T07:39:46.000000000Z
94680.12cc: ChangeTime: 2014-12-07T20:00:09.337368800Z
95680.12cc: FileAttributes: 0x20
96680.12cc: Size: 0x1dc58
97680.12cc: NT Headers: 0xe0
98680.12cc: Timestamp: 0x53c3891b
99680.12cc: Machine: 0x8664 - amd64
100680.12cc: Timestamp: 0x53c3891b
101680.12cc: Image Version: 6.0
102680.12cc: SizeOfImage: 0x25000 (151552)
103680.12cc: Resource Dir: 0x23000 LB 0x780
104680.12cc: ProductName: Trend Micro Eyes
105680.12cc: ProductVersion: 6.50
106680.12cc: FileVersion: 6.50.0.1041
107680.12cc: SpecialBuild: 1041
108680.12cc: PrivateBuild: Build 1041 - 7/14/2014
109680.12cc: FileDescription: TrendMicro Activity Monitor Module
110680.12cc: \SystemRoot\System32\drivers\tmevtmgr.sys:
111680.12cc: CreationTime: 2014-12-07T20:00:07.774365900Z
112680.12cc: LastWriteTime: 2014-07-14T07:39:42.000000000Z
113680.12cc: ChangeTime: 2014-12-07T20:00:08.962968100Z
114680.12cc: FileAttributes: 0x20
115680.12cc: Size: 0x16de0
116680.12cc: NT Headers: 0xf0
117680.12cc: Timestamp: 0x53c3890d
118680.12cc: Machine: 0x8664 - amd64
119680.12cc: Timestamp: 0x53c3890d
120680.12cc: Image Version: 6.0
121680.12cc: SizeOfImage: 0x1b000 (110592)
122680.12cc: Resource Dir: 0x19000 LB 0x780
123680.12cc: ProductName: Trend Micro Eyes
124680.12cc: ProductVersion: 6.50
125680.12cc: FileVersion: 6.50.0.1041
126680.12cc: SpecialBuild: 1041
127680.12cc: PrivateBuild: Build 1041 - 7/14/2014
128680.12cc: FileDescription: TrendMicro Event Management Module
129680.12cc: \SystemRoot\System32\drivers\tmtdi.sys:
130680.12cc: CreationTime: 2013-10-05T07:20:26.996864300Z
131680.12cc: LastWriteTime: 2011-08-22T15:33:12.000000000Z
132680.12cc: ChangeTime: 2014-12-07T20:02:13.131734400Z
133680.12cc: FileAttributes: 0x80
134680.12cc: Size: 0x19d10
135680.12cc: NT Headers: 0xf0
136680.12cc: Timestamp: 0x4e527412
137680.12cc: Machine: 0x8664 - amd64
138680.12cc: Timestamp: 0x4e527412
139680.12cc: Image Version: 6.0
140680.12cc: SizeOfImage: 0x1c000 (114688)
141680.12cc: Resource Dir: 0x1b000 LB 0x560
142680.12cc: ProductName: Trend Micro Network Security Components
143680.12cc: ProductVersion: 6.8
144680.12cc: FileVersion: 6.8.0.1072
145680.12cc: SpecialBuild: 1072
146680.12cc: PrivateBuild: Build 1072 - 8/22/2011
147680.12cc: FileDescription: Trend Micro TDI Driver (amd64-fre)
148680.12cc: \SystemRoot\System32\drivers\tmebc64.sys:
149680.12cc: CreationTime: 2014-12-07T20:00:07.509165400Z
150680.12cc: LastWriteTime: 2014-07-09T16:02:40.000000000Z
151680.12cc: ChangeTime: 2014-12-07T20:00:07.649565700Z
152680.12cc: FileAttributes: 0x20
153680.12cc: Size: 0xc720
154680.12cc: NT Headers: 0xf0
155680.12cc: Timestamp: 0x51d17dd1
156680.12cc: Machine: 0x8664 - amd64
157680.12cc: Timestamp: 0x51d17dd1
158680.12cc: Image Version: 6.0
159680.12cc: SizeOfImage: 0xf000 (61440)
160680.12cc: Resource Dir: 0xe000 LB 0x6f0
161680.12cc: ProductName: Trend Micro Early Boot Clean
162680.12cc: ProductVersion: 1.5
163680.12cc: FileVersion: 1.5.0.1017
164680.12cc: SpecialBuild: 1017
165680.12cc: PrivateBuild: Build 1017 - 7/1/2013
166680.12cc: FileDescription: Trend Micro early boot driver
167680.12cc: \SystemRoot\System32\drivers\tmeevw.sys:
168680.12cc: CreationTime: 2014-12-07T20:00:09.976969900Z
169680.12cc: LastWriteTime: 2014-07-09T16:02:55.000000000Z
170680.12cc: ChangeTime: 2014-12-07T20:00:10.008170000Z
171680.12cc: FileAttributes: 0x20
172680.12cc: Size: 0x19f38
173680.12cc: NT Headers: 0xf0
174680.12cc: Timestamp: 0x53870a8a
175680.12cc: Machine: 0x8664 - amd64
176680.12cc: Timestamp: 0x53870a8a
177680.12cc: Image Version: 6.1
178680.12cc: SizeOfImage: 0x1e000 (122880)
179680.12cc: Resource Dir: 0x19000 LB 0x3338
180680.12cc: ProductName: Trend Micro EagleEye
181680.12cc: ProductVersion: 2.0
182680.12cc: FileVersion: 2.0.0.1009
183680.12cc: SpecialBuild: 1009
184680.12cc: PrivateBuild: Build 1009 - 5/29/2014
185680.12cc: FileDescription: Trend Micro EagleEye Driver (VW) (amd64-fre)
186680.12cc: Calling main()
187680.12cc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
188680.12cc: SUPR3HardenedMain: Respawn #1
189680.12cc: System32: \Device\HarddiskVolume1\Windows\System32
190680.12cc: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
191680.12cc: KnownDllPath: C:\Windows\system32
192680.12cc: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
193680.12cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
194680.12cc: supR3HardNtEnableThreadCreation:
195680.12cc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007755b690 pvNtTerminateThread=000000007757e100
196680.12cc: supR3HardenedWinDoReSpawn(1): New child 3570.35dc [kernel32].
197680.12cc: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd4000 cbPeb=0x380
198680.12cc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077530000 uNtDllChildAddr=0000000077530000
199680.12cc: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007755b690
200680.12cc: supR3HardenedWinSetupChildInit: Start child.
201680.12cc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
202680.12cc: supR3HardNtChildPurify: Startup delay kludge #1/0: 529 ms, 60 sleeps
203680.12cc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
204680.12cc: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
205680.12cc: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
206680.12cc: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
207680.12cc: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
208680.12cc: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
209680.12cc: 0000000000041000-fffffffffffa1fff 0x0001/0x0000 0x0000000
210680.12cc: *00000000000e0000-fffffffffffe3fff 0x0000/0x0004 0x0020000
211680.12cc: 00000000001dc000-00000000001d8fff 0x0104/0x0004 0x0020000
212680.12cc: 00000000001df000-00000000001ddfff 0x0004/0x0004 0x0020000
213680.12cc: 00000000001e0000-ffffffff88e8ffff 0x0001/0x0000 0x0000000
214680.12cc: *0000000077530000-000000007752efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
215680.12cc: 0000000077531000-0000000077433fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
216680.12cc: 000000007762e000-00000000775fefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
217680.12cc: 000000007765d000-0000000077654fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
218680.12cc: 0000000077665000-0000000077663fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
219680.12cc: 0000000077666000-0000000077662fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
220680.12cc: 0000000077669000-00000000775f9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
221680.12cc: 00000000776d8000-000000006fdcffff 0x0001/0x0000 0x0000000
222680.12cc: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
223680.12cc: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
224680.12cc: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
225680.12cc: 000000007fff0000-ffffffffc06fffff 0x0001/0x0000 0x0000000
226680.12cc: *000000013f8e0000-000000013f8defff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
227680.12cc: 000000013f8e1000-000000013f85cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
228680.12cc: 000000013f965000-000000013f963fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
229680.12cc: 000000013f966000-000000013f928fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
230680.12cc: 000000013f9a3000-000000013f9a1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
231680.12cc: 000000013f9a4000-000000013f9a2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
232680.12cc: 000000013f9a5000-000000013f9a2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
233680.12cc: 000000013f9a7000-000000013f9a5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
234680.12cc: 000000013f9a8000-000000013f9a6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
235680.12cc: 000000013f9a9000-000000013f9a4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
236680.12cc: 000000013f9ad000-000000013f973fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
237680.12cc: 000000013f9e6000-fffff8037fb7bfff 0x0001/0x0000 0x0000000
238680.12cc: *000007feff850000-000007feff84efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
239680.12cc: 000007feff851000-000007fdff0f1fff 0x0001/0x0000 0x0000000
240680.12cc: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
241680.12cc: 000007fffffd3000-000007fffffd1fff 0x0001/0x0000 0x0000000
242680.12cc: *000007fffffd4000-000007fffffd2fff 0x0004/0x0004 0x0020000
243680.12cc: 000007fffffd5000-000007fffffcbfff 0x0001/0x0000 0x0000000
244680.12cc: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
245680.12cc: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
246680.12cc: apisetschema.dll: timestamp 0x5507b7b1 (rc=VINF_SUCCESS)
247680.12cc: VirtualBox.exe: timestamp 0x550706a7 (rc=VINF_SUCCESS)
248680.12cc: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
249680.12cc: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports
250680.12cc: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
251680.12cc: supR3HardNtChildPurify: Done after 560 ms and 0 fixes (loop #0).
252680.12cc: supR3HardNtEnableThreadCreation:
2533570.35dc: Log file opened: 4.3.26r98988 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
2543570.35dc: supR3HardenedVmProcessInit: uNtDllAddr=0000000077530000
2553570.35dc: ntdll.dll: timestamp 0x5507b864 (rc=VINF_SUCCESS)
2563570.35dc: New simple heap: #1 00000000002e0000 LB 0x400000 (for 1736704 allocation)
2573570.35dc: System32: \Device\HarddiskVolume1\Windows\System32
2583570.35dc: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
2593570.35dc: KnownDllPath: C:\Windows\system32
2603570.35dc: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2613570.35dc: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2623570.35dc: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2633570.35dc: Registered Dll notification callback with NTDLL.
2643570.35dc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
2653570.35dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
2663570.35dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
2673570.35dc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2683570.35dc: supR3HardenedDllNotificationCallback: load 0000000077310000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
2693570.35dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2703570.35dc: supR3HardenedDllNotificationCallback: load 000007fefd630000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
2713570.35dc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
2723570.35dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
2733570.35dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077310000 'C:\Windows\system32\kernel32.dll'
2743570.35dc: supHardenedWinVerifyImageByHandle: -> -23021 (\Device\HarddiskVolume1\Program Files (x86)\Citrix\system32\radeaphook64.dll)
2753570.35dc: Error (rc=0):
2763570.35dc: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume1\Program Files (x86)\Citrix\system32\radeaphook64.dll: None of the 1 path(s) have a trust anchor.: \Device\HarddiskVolume1\Program Files (x86)\Citrix\system32\radeaphook64.dll
2773570.35dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files (x86)\Citrix\system32\radeaphook64.dll
2783570.35dc: Error (rc=0):
2793570.35dc: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Citrix\system32\radeaphook64.dll' (C:\Program Files (x86)\Citrix\system32\radeaphook64.dll): rcNt=0xc0000190
2803570.35dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Citrix\system32\radeaphook64.dll'
2813570.35dc: supHardenedWinVerifyImageByHandle: -> -23021 (\Device\HarddiskVolume1\Program Files (x86)\Citrix\system32\CtxSbxHook64.DLL)
2823570.35dc: Error (rc=0):
2833570.35dc: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume1\Program Files (x86)\Citrix\system32\CtxSbxHook64.DLL: None of the 1 path(s) have a trust anchor.: \Device\HarddiskVolume1\Program Files (x86)\Citrix\system32\CtxSbxHook64.DLL
2843570.35dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files (x86)\Citrix\system32\CtxSbxHook64.DLL
2853570.35dc: Error (rc=0):
2863570.35dc: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Citrix\system32\CtxSbxHook64.DLL' (C:\Program Files (x86)\Citrix\system32\CtxSbxHook64.DLL): rcNt=0xc0000190
2873570.35dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Citrix\system32\CtxSbxHook64.DLL'
2883570.35dc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007755b690 pvNtTerminateThread=000000007757e100
289680.12cc: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 31 ms.
2903570.35dc: \SystemRoot\System32\ntdll.dll:
2913570.35dc: CreationTime: 2015-04-15T10:34:19.759084800Z
2923570.35dc: LastWriteTime: 2015-03-17T05:19:37.641771700Z
2933570.35dc: ChangeTime: 2015-04-16T15:12:58.858418200Z
2943570.35dc: FileAttributes: 0x20
2953570.35dc: Size: 0x1a5da0
2963570.35dc: NT Headers: 0xe0
2973570.35dc: Timestamp: 0x5507b864
2983570.35dc: Machine: 0x8664 - amd64
2993570.35dc: Timestamp: 0x5507b864
3003570.35dc: Image Version: 6.1
3013570.35dc: SizeOfImage: 0x1a8000 (1736704)
3023570.35dc: Resource Dir: 0x14c000 LB 0x5a028
3033570.35dc: ProductName: Microsoft® Windows® Operating System
3043570.35dc: ProductVersion: 6.1.7601.18798
3053570.35dc: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
3063570.35dc: FileDescription: NT Layer DLL
3073570.35dc: \SystemRoot\System32\kernel32.dll:
3083570.35dc: CreationTime: 2015-04-15T10:34:19.603084500Z
3093570.35dc: LastWriteTime: 2015-03-17T05:16:34.921000000Z
3103570.35dc: ChangeTime: 2015-04-16T15:12:59.092418600Z
3113570.35dc: FileAttributes: 0x20
3123570.35dc: Size: 0x11c000
3133570.35dc: NT Headers: 0xe8
3143570.35dc: Timestamp: 0x5507b879
3153570.35dc: Machine: 0x8664 - amd64
3163570.35dc: Timestamp: 0x5507b879
3173570.35dc: Image Version: 6.1
3183570.35dc: SizeOfImage: 0x11f000 (1175552)
3193570.35dc: Resource Dir: 0x116000 LB 0x528
3203570.35dc: ProductName: Microsoft® Windows® Operating System
3213570.35dc: ProductVersion: 6.1.7601.18798
3223570.35dc: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
3233570.35dc: FileDescription: Windows NT BASE API Client DLL
3243570.35dc: \SystemRoot\System32\KernelBase.dll:
3253570.35dc: CreationTime: 2015-04-15T10:34:19.618684500Z
3263570.35dc: LastWriteTime: 2015-03-17T05:16:34.921000000Z
3273570.35dc: ChangeTime: 2015-04-16T15:12:59.108018700Z
3283570.35dc: FileAttributes: 0x20
3293570.35dc: Size: 0x67a00
3303570.35dc: NT Headers: 0xe8
3313570.35dc: Timestamp: 0x5507b87a
3323570.35dc: Machine: 0x8664 - amd64
3333570.35dc: Timestamp: 0x5507b87a
3343570.35dc: Image Version: 6.1
3353570.35dc: SizeOfImage: 0x6c000 (442368)
3363570.35dc: Resource Dir: 0x6a000 LB 0x530
3373570.35dc: ProductName: Microsoft® Windows® Operating System
3383570.35dc: ProductVersion: 6.1.7601.18798
3393570.35dc: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
3403570.35dc: FileDescription: Windows NT BASE API Client DLL
3413570.35dc: \SystemRoot\System32\apisetschema.dll:
3423570.35dc: CreationTime: 2015-04-15T10:34:16.373878800Z
3433570.35dc: LastWriteTime: 2015-03-17T05:11:07.952000000Z
3443570.35dc: ChangeTime: 2015-04-16T15:12:58.842818200Z
3453570.35dc: FileAttributes: 0x20
3463570.35dc: Size: 0x1a00
3473570.35dc: NT Headers: 0xc0
3483570.35dc: Timestamp: 0x5507b7b1
3493570.35dc: Machine: 0x8664 - amd64
3503570.35dc: Timestamp: 0x5507b7b1
3513570.35dc: Image Version: 6.1
3523570.35dc: SizeOfImage: 0x50000 (327680)
3533570.35dc: Resource Dir: 0x30000 LB 0x3f8
3543570.35dc: ProductName: Microsoft® Windows® Operating System
3553570.35dc: ProductVersion: 6.1.7601.18798
3563570.35dc: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
3573570.35dc: FileDescription: ApiSet Schema DLL
3583570.35dc: NtOpenDirectoryObject failed on \Driver: 0xc0000022
3593570.35dc: supR3HardenedWinFindAdversaries: 0x8
3603570.35dc: \SystemRoot\System32\drivers\tmcomm.sys:
3613570.35dc: CreationTime: 2014-12-07T20:00:07.774365900Z
3623570.35dc: LastWriteTime: 2014-07-14T07:39:36.000000000Z
3633570.35dc: ChangeTime: 2014-12-07T20:00:08.257966700Z
3643570.35dc: FileAttributes: 0x20
3653570.35dc: Size: 0x4aaa8
3663570.35dc: NT Headers: 0xe8
3673570.35dc: Timestamp: 0x53c3890f
3683570.35dc: Machine: 0x8664 - amd64
3693570.35dc: Timestamp: 0x53c3890f
3703570.35dc: Image Version: 6.0
3713570.35dc: SizeOfImage: 0x4e000 (319488)
3723570.35dc: Resource Dir: 0x4c000 LB 0x760
3733570.35dc: ProductName: Trend Micro Eyes
3743570.35dc: ProductVersion: 6.50
3753570.35dc: FileVersion: 6.50.0.1041
3763570.35dc: SpecialBuild: 1041
3773570.35dc: PrivateBuild: Build 1041 - 7/14/2014
3783570.35dc: FileDescription: TrendMicro Common Module
3793570.35dc: \SystemRoot\System32\drivers\tmactmon.sys:
3803570.35dc: CreationTime: 2014-12-07T20:00:07.774365900Z
3813570.35dc: LastWriteTime: 2014-07-14T07:39:46.000000000Z
3823570.35dc: ChangeTime: 2014-12-07T20:00:09.337368800Z
3833570.35dc: FileAttributes: 0x20
3843570.35dc: Size: 0x1dc58
3853570.35dc: NT Headers: 0xe0
3863570.35dc: Timestamp: 0x53c3891b
3873570.35dc: Machine: 0x8664 - amd64
3883570.35dc: Timestamp: 0x53c3891b
3893570.35dc: Image Version: 6.0
3903570.35dc: SizeOfImage: 0x25000 (151552)
3913570.35dc: Resource Dir: 0x23000 LB 0x780
3923570.35dc: ProductName: Trend Micro Eyes
3933570.35dc: ProductVersion: 6.50
3943570.35dc: FileVersion: 6.50.0.1041
3953570.35dc: SpecialBuild: 1041
3963570.35dc: PrivateBuild: Build 1041 - 7/14/2014
3973570.35dc: FileDescription: TrendMicro Activity Monitor Module
3983570.35dc: \SystemRoot\System32\drivers\tmevtmgr.sys:
3993570.35dc: CreationTime: 2014-12-07T20:00:07.774365900Z
4003570.35dc: LastWriteTime: 2014-07-14T07:39:42.000000000Z
4013570.35dc: ChangeTime: 2014-12-07T20:00:08.962968100Z
4023570.35dc: FileAttributes: 0x20
4033570.35dc: Size: 0x16de0
4043570.35dc: NT Headers: 0xf0
4053570.35dc: Timestamp: 0x53c3890d
4063570.35dc: Machine: 0x8664 - amd64
4073570.35dc: Timestamp: 0x53c3890d
4083570.35dc: Image Version: 6.0
4093570.35dc: SizeOfImage: 0x1b000 (110592)
4103570.35dc: Resource Dir: 0x19000 LB 0x780
4113570.35dc: ProductName: Trend Micro Eyes
4123570.35dc: ProductVersion: 6.50
4133570.35dc: FileVersion: 6.50.0.1041
4143570.35dc: SpecialBuild: 1041
4153570.35dc: PrivateBuild: Build 1041 - 7/14/2014
4163570.35dc: FileDescription: TrendMicro Event Management Module
4173570.35dc: \SystemRoot\System32\drivers\tmtdi.sys:
4183570.35dc: CreationTime: 2013-10-05T07:20:26.996864300Z
4193570.35dc: LastWriteTime: 2011-08-22T15:33:12.000000000Z
4203570.35dc: ChangeTime: 2014-12-07T20:02:13.131734400Z
4213570.35dc: FileAttributes: 0x80
4223570.35dc: Size: 0x19d10
4233570.35dc: NT Headers: 0xf0
4243570.35dc: Timestamp: 0x4e527412
4253570.35dc: Machine: 0x8664 - amd64
4263570.35dc: Timestamp: 0x4e527412
4273570.35dc: Image Version: 6.0
4283570.35dc: SizeOfImage: 0x1c000 (114688)
4293570.35dc: Resource Dir: 0x1b000 LB 0x560
4303570.35dc: ProductName: Trend Micro Network Security Components
4313570.35dc: ProductVersion: 6.8
4323570.35dc: FileVersion: 6.8.0.1072
4333570.35dc: SpecialBuild: 1072
4343570.35dc: PrivateBuild: Build 1072 - 8/22/2011
4353570.35dc: FileDescription: Trend Micro TDI Driver (amd64-fre)
4363570.35dc: \SystemRoot\System32\drivers\tmebc64.sys:
4373570.35dc: CreationTime: 2014-12-07T20:00:07.509165400Z
4383570.35dc: LastWriteTime: 2014-07-09T16:02:40.000000000Z
4393570.35dc: ChangeTime: 2014-12-07T20:00:07.649565700Z
4403570.35dc: FileAttributes: 0x20
4413570.35dc: Size: 0xc720
4423570.35dc: NT Headers: 0xf0
4433570.35dc: Timestamp: 0x51d17dd1
4443570.35dc: Machine: 0x8664 - amd64
4453570.35dc: Timestamp: 0x51d17dd1
4463570.35dc: Image Version: 6.0
4473570.35dc: SizeOfImage: 0xf000 (61440)
4483570.35dc: Resource Dir: 0xe000 LB 0x6f0
4493570.35dc: ProductName: Trend Micro Early Boot Clean
4503570.35dc: ProductVersion: 1.5
4513570.35dc: FileVersion: 1.5.0.1017
4523570.35dc: SpecialBuild: 1017
4533570.35dc: PrivateBuild: Build 1017 - 7/1/2013
4543570.35dc: FileDescription: Trend Micro early boot driver
4553570.35dc: \SystemRoot\System32\drivers\tmeevw.sys:
4563570.35dc: CreationTime: 2014-12-07T20:00:09.976969900Z
4573570.35dc: LastWriteTime: 2014-07-09T16:02:55.000000000Z
4583570.35dc: ChangeTime: 2014-12-07T20:00:10.008170000Z
4593570.35dc: FileAttributes: 0x20
4603570.35dc: Size: 0x19f38
4613570.35dc: NT Headers: 0xf0
4623570.35dc: Timestamp: 0x53870a8a
4633570.35dc: Machine: 0x8664 - amd64
4643570.35dc: Timestamp: 0x53870a8a
4653570.35dc: Image Version: 6.1
4663570.35dc: SizeOfImage: 0x1e000 (122880)
4673570.35dc: Resource Dir: 0x19000 LB 0x3338
4683570.35dc: ProductName: Trend Micro EagleEye
4693570.35dc: ProductVersion: 2.0
4703570.35dc: FileVersion: 2.0.0.1009
4713570.35dc: SpecialBuild: 1009
4723570.35dc: PrivateBuild: Build 1009 - 5/29/2014
4733570.35dc: FileDescription: Trend Micro EagleEye Driver (VW) (amd64-fre)
4743570.35dc: Calling main()
4753570.35dc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
4763570.35dc: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4773570.35dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
4783570.35dc: SUPR3HardenedMain: Respawn #2
4793570.35dc: supR3HardNtEnableThreadCreation:
4803570.35dc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\apphelp.dll)
4813570.35dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\apphelp.dll
4823570.35dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
4833570.35dc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
4843570.35dc: supR3HardenedDllNotificationCallback: load 000007fefcca0000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
4853570.35dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
4863570.35dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcca0000 'C:\Windows\system32\apphelp.dll'
4873570.35dc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007755b690 pvNtTerminateThread=000000007757e100
4883570.35dc: supR3HardenedWinDoReSpawn(2): New child 1a48.3220 [kernel32].
4893570.35dc: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd8000 cbPeb=0x380
4903570.35dc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077530000 uNtDllChildAddr=0000000077530000
4913570.35dc: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007755b690
4923570.35dc: supR3HardenedWinSetupChildInit: Start child.
4933570.35dc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
4943570.35dc: supR3HardNtChildPurify: Startup delay kludge #1/0: 514 ms, 33 sleeps
4953570.35dc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
4963570.35dc: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
4973570.35dc: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
4983570.35dc: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
4993570.35dc: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
5003570.35dc: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
5013570.35dc: 0000000000041000-fffffffffff71fff 0x0001/0x0000 0x0000000
5023570.35dc: *0000000000110000-0000000000013fff 0x0000/0x0004 0x0020000
5033570.35dc: 000000000020c000-0000000000208fff 0x0104/0x0004 0x0020000
5043570.35dc: 000000000020f000-000000000020dfff 0x0004/0x0004 0x0020000
5053570.35dc: 0000000000210000-ffffffff88eeffff 0x0001/0x0000 0x0000000
5063570.35dc: *0000000077530000-000000007752efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
5073570.35dc: 0000000077531000-0000000077433fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
5083570.35dc: 000000007762e000-00000000775fefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
5093570.35dc: 000000007765d000-0000000077654fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
5103570.35dc: 0000000077665000-0000000077663fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
5113570.35dc: 0000000077666000-0000000077662fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
5123570.35dc: 0000000077669000-00000000775f9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
5133570.35dc: 00000000776d8000-000000006fdcffff 0x0001/0x0000 0x0000000
5143570.35dc: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
5153570.35dc: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
5163570.35dc: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
5173570.35dc: 000000007fff0000-ffffffffc06fffff 0x0001/0x0000 0x0000000
5183570.35dc: *000000013f8e0000-000000013f8defff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
5193570.35dc: 000000013f8e1000-000000013f85cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
5203570.35dc: 000000013f965000-000000013f963fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
5213570.35dc: 000000013f966000-000000013f928fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
5223570.35dc: 000000013f9a3000-000000013f9a1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
5233570.35dc: 000000013f9a4000-000000013f9a2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
5243570.35dc: 000000013f9a5000-000000013f9a2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
5253570.35dc: 000000013f9a7000-000000013f9a5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
5263570.35dc: 000000013f9a8000-000000013f9a6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
5273570.35dc: 000000013f9a9000-000000013f9a4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
5283570.35dc: 000000013f9ad000-000000013f973fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
5293570.35dc: 000000013f9e6000-fffff8037fb7bfff 0x0001/0x0000 0x0000000
5303570.35dc: *000007feff850000-000007feff84efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
5313570.35dc: 000007feff851000-000007fdff0f1fff 0x0001/0x0000 0x0000000
5323570.35dc: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
5333570.35dc: 000007fffffd3000-000007fffffcdfff 0x0001/0x0000 0x0000000
5343570.35dc: *000007fffffd8000-000007fffffd6fff 0x0004/0x0004 0x0020000
5353570.35dc: 000007fffffd9000-000007fffffd3fff 0x0001/0x0000 0x0000000
5363570.35dc: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
5373570.35dc: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
5383570.35dc: apisetschema.dll: timestamp 0x5507b7b1 (rc=VINF_SUCCESS)
5393570.35dc: VirtualBox.exe: timestamp 0x550706a7 (rc=VINF_SUCCESS)
5403570.35dc: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
5413570.35dc: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports
5423570.35dc: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
5433570.35dc: supR3HardNtChildPurify: Done after 546 ms and 0 fixes (loop #0).
5443570.35dc: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002e0000 LB 0x400000)
5453570.35dc: supR3HardNtEnableThreadCreation:
5461a48.3220: Log file opened: 4.3.26r98988 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
5471a48.3220: supR3HardenedVmProcessInit: uNtDllAddr=0000000077530000
5481a48.3220: ntdll.dll: timestamp 0x5507b864 (rc=VINF_SUCCESS)
5491a48.3220: New simple heap: #1 0000000000310000 LB 0x400000 (for 1736704 allocation)
5501a48.3220: System32: \Device\HarddiskVolume1\Windows\System32
5511a48.3220: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
5521a48.3220: KnownDllPath: C:\Windows\system32
5531a48.3220: supR3HardenedVmProcessInit: Opening vboxdrv...
5541a48.3220: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
5551a48.3220: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
5561a48.3220: Registered Dll notification callback with NTDLL.
5571a48.3220: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
5581a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
5591a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
5601a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5611a48.3220: supR3HardenedDllNotificationCallback: load 0000000077310000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
5621a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5631a48.3220: supR3HardenedDllNotificationCallback: load 000007fefd630000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
5641a48.3220: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
5651a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
5661a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077310000 'C:\Windows\system32\kernel32.dll'
5671a48.3220: supHardenedWinVerifyImageByHandle: -> -23021 (\Device\HarddiskVolume1\Program Files (x86)\Citrix\system32\radeaphook64.dll)
5681a48.3220: Error (rc=0):
5691a48.3220: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume1\Program Files (x86)\Citrix\system32\radeaphook64.dll: None of the 1 path(s) have a trust anchor.: \Device\HarddiskVolume1\Program Files (x86)\Citrix\system32\radeaphook64.dll
5701a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files (x86)\Citrix\system32\radeaphook64.dll
5711a48.3220: Error (rc=0):
5721a48.3220: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Citrix\system32\radeaphook64.dll' (C:\Program Files (x86)\Citrix\system32\radeaphook64.dll): rcNt=0xc0000190
5731a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Citrix\system32\radeaphook64.dll'
5741a48.3220: supHardenedWinVerifyImageByHandle: -> -23021 (\Device\HarddiskVolume1\Program Files (x86)\Citrix\system32\CtxSbxHook64.DLL)
5751a48.3220: Error (rc=0):
5761a48.3220: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume1\Program Files (x86)\Citrix\system32\CtxSbxHook64.DLL: None of the 1 path(s) have a trust anchor.: \Device\HarddiskVolume1\Program Files (x86)\Citrix\system32\CtxSbxHook64.DLL
5771a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files (x86)\Citrix\system32\CtxSbxHook64.DLL
5781a48.3220: Error (rc=0):
5791a48.3220: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\Citrix\system32\CtxSbxHook64.DLL' (C:\Program Files (x86)\Citrix\system32\CtxSbxHook64.DLL): rcNt=0xc0000190
5801a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\Citrix\system32\CtxSbxHook64.DLL'
5811a48.3220: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007755b690 pvNtTerminateThread=000000007757e100
5823570.35dc: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 46 ms.
5831a48.3220: \SystemRoot\System32\ntdll.dll:
5841a48.3220: CreationTime: 2015-04-15T10:34:19.759084800Z
5851a48.3220: LastWriteTime: 2015-03-17T05:19:37.641771700Z
5861a48.3220: ChangeTime: 2015-04-16T15:12:58.858418200Z
5871a48.3220: FileAttributes: 0x20
5881a48.3220: Size: 0x1a5da0
5891a48.3220: NT Headers: 0xe0
5901a48.3220: Timestamp: 0x5507b864
5911a48.3220: Machine: 0x8664 - amd64
5921a48.3220: Timestamp: 0x5507b864
5931a48.3220: Image Version: 6.1
5941a48.3220: SizeOfImage: 0x1a8000 (1736704)
5951a48.3220: Resource Dir: 0x14c000 LB 0x5a028
5961a48.3220: ProductName: Microsoft® Windows® Operating System
5971a48.3220: ProductVersion: 6.1.7601.18798
5981a48.3220: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
5991a48.3220: FileDescription: NT Layer DLL
6001a48.3220: \SystemRoot\System32\kernel32.dll:
6011a48.3220: CreationTime: 2015-04-15T10:34:19.603084500Z
6021a48.3220: LastWriteTime: 2015-03-17T05:16:34.921000000Z
6031a48.3220: ChangeTime: 2015-04-16T15:12:59.092418600Z
6041a48.3220: FileAttributes: 0x20
6051a48.3220: Size: 0x11c000
6061a48.3220: NT Headers: 0xe8
6071a48.3220: Timestamp: 0x5507b879
6081a48.3220: Machine: 0x8664 - amd64
6091a48.3220: Timestamp: 0x5507b879
6101a48.3220: Image Version: 6.1
6111a48.3220: SizeOfImage: 0x11f000 (1175552)
6121a48.3220: Resource Dir: 0x116000 LB 0x528
6131a48.3220: ProductName: Microsoft® Windows® Operating System
6141a48.3220: ProductVersion: 6.1.7601.18798
6151a48.3220: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
6161a48.3220: FileDescription: Windows NT BASE API Client DLL
6171a48.3220: \SystemRoot\System32\KernelBase.dll:
6181a48.3220: CreationTime: 2015-04-15T10:34:19.618684500Z
6191a48.3220: LastWriteTime: 2015-03-17T05:16:34.921000000Z
6201a48.3220: ChangeTime: 2015-04-16T15:12:59.108018700Z
6211a48.3220: FileAttributes: 0x20
6221a48.3220: Size: 0x67a00
6231a48.3220: NT Headers: 0xe8
6241a48.3220: Timestamp: 0x5507b87a
6251a48.3220: Machine: 0x8664 - amd64
6261a48.3220: Timestamp: 0x5507b87a
6271a48.3220: Image Version: 6.1
6281a48.3220: SizeOfImage: 0x6c000 (442368)
6291a48.3220: Resource Dir: 0x6a000 LB 0x530
6301a48.3220: ProductName: Microsoft® Windows® Operating System
6311a48.3220: ProductVersion: 6.1.7601.18798
6321a48.3220: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
6331a48.3220: FileDescription: Windows NT BASE API Client DLL
6341a48.3220: \SystemRoot\System32\apisetschema.dll:
6351a48.3220: CreationTime: 2015-04-15T10:34:16.373878800Z
6361a48.3220: LastWriteTime: 2015-03-17T05:11:07.952000000Z
6371a48.3220: ChangeTime: 2015-04-16T15:12:58.842818200Z
6381a48.3220: FileAttributes: 0x20
6391a48.3220: Size: 0x1a00
6401a48.3220: NT Headers: 0xc0
6411a48.3220: Timestamp: 0x5507b7b1
6421a48.3220: Machine: 0x8664 - amd64
6431a48.3220: Timestamp: 0x5507b7b1
6441a48.3220: Image Version: 6.1
6451a48.3220: SizeOfImage: 0x50000 (327680)
6461a48.3220: Resource Dir: 0x30000 LB 0x3f8
6471a48.3220: ProductName: Microsoft® Windows® Operating System
6481a48.3220: ProductVersion: 6.1.7601.18798
6491a48.3220: FileVersion: 6.1.7601.18798 (win7sp1_gdr.150316-1654)
6501a48.3220: FileDescription: ApiSet Schema DLL
6511a48.3220: NtOpenDirectoryObject failed on \Driver: 0xc0000022
6521a48.3220: supR3HardenedWinFindAdversaries: 0x8
6531a48.3220: \SystemRoot\System32\drivers\tmcomm.sys:
6541a48.3220: CreationTime: 2014-12-07T20:00:07.774365900Z
6551a48.3220: LastWriteTime: 2014-07-14T07:39:36.000000000Z
6561a48.3220: ChangeTime: 2014-12-07T20:00:08.257966700Z
6571a48.3220: FileAttributes: 0x20
6581a48.3220: Size: 0x4aaa8
6591a48.3220: NT Headers: 0xe8
6601a48.3220: Timestamp: 0x53c3890f
6611a48.3220: Machine: 0x8664 - amd64
6621a48.3220: Timestamp: 0x53c3890f
6631a48.3220: Image Version: 6.0
6641a48.3220: SizeOfImage: 0x4e000 (319488)
6651a48.3220: Resource Dir: 0x4c000 LB 0x760
6661a48.3220: ProductName: Trend Micro Eyes
6671a48.3220: ProductVersion: 6.50
6681a48.3220: FileVersion: 6.50.0.1041
6691a48.3220: SpecialBuild: 1041
6701a48.3220: PrivateBuild: Build 1041 - 7/14/2014
6711a48.3220: FileDescription: TrendMicro Common Module
6721a48.3220: \SystemRoot\System32\drivers\tmactmon.sys:
6731a48.3220: CreationTime: 2014-12-07T20:00:07.774365900Z
6741a48.3220: LastWriteTime: 2014-07-14T07:39:46.000000000Z
6751a48.3220: ChangeTime: 2014-12-07T20:00:09.337368800Z
6761a48.3220: FileAttributes: 0x20
6771a48.3220: Size: 0x1dc58
6781a48.3220: NT Headers: 0xe0
6791a48.3220: Timestamp: 0x53c3891b
6801a48.3220: Machine: 0x8664 - amd64
6811a48.3220: Timestamp: 0x53c3891b
6821a48.3220: Image Version: 6.0
6831a48.3220: SizeOfImage: 0x25000 (151552)
6841a48.3220: Resource Dir: 0x23000 LB 0x780
6851a48.3220: ProductName: Trend Micro Eyes
6861a48.3220: ProductVersion: 6.50
6871a48.3220: FileVersion: 6.50.0.1041
6881a48.3220: SpecialBuild: 1041
6891a48.3220: PrivateBuild: Build 1041 - 7/14/2014
6901a48.3220: FileDescription: TrendMicro Activity Monitor Module
6911a48.3220: \SystemRoot\System32\drivers\tmevtmgr.sys:
6921a48.3220: CreationTime: 2014-12-07T20:00:07.774365900Z
6931a48.3220: LastWriteTime: 2014-07-14T07:39:42.000000000Z
6941a48.3220: ChangeTime: 2014-12-07T20:00:08.962968100Z
6951a48.3220: FileAttributes: 0x20
6961a48.3220: Size: 0x16de0
6971a48.3220: NT Headers: 0xf0
6981a48.3220: Timestamp: 0x53c3890d
6991a48.3220: Machine: 0x8664 - amd64
7001a48.3220: Timestamp: 0x53c3890d
7011a48.3220: Image Version: 6.0
7021a48.3220: SizeOfImage: 0x1b000 (110592)
7031a48.3220: Resource Dir: 0x19000 LB 0x780
7041a48.3220: ProductName: Trend Micro Eyes
7051a48.3220: ProductVersion: 6.50
7061a48.3220: FileVersion: 6.50.0.1041
7071a48.3220: SpecialBuild: 1041
7081a48.3220: PrivateBuild: Build 1041 - 7/14/2014
7091a48.3220: FileDescription: TrendMicro Event Management Module
7101a48.3220: \SystemRoot\System32\drivers\tmtdi.sys:
7111a48.3220: CreationTime: 2013-10-05T07:20:26.996864300Z
7121a48.3220: LastWriteTime: 2011-08-22T15:33:12.000000000Z
7131a48.3220: ChangeTime: 2014-12-07T20:02:13.131734400Z
7141a48.3220: FileAttributes: 0x80
7151a48.3220: Size: 0x19d10
7161a48.3220: NT Headers: 0xf0
7171a48.3220: Timestamp: 0x4e527412
7181a48.3220: Machine: 0x8664 - amd64
7191a48.3220: Timestamp: 0x4e527412
7201a48.3220: Image Version: 6.0
7211a48.3220: SizeOfImage: 0x1c000 (114688)
7221a48.3220: Resource Dir: 0x1b000 LB 0x560
7231a48.3220: ProductName: Trend Micro Network Security Components
7241a48.3220: ProductVersion: 6.8
7251a48.3220: FileVersion: 6.8.0.1072
7261a48.3220: SpecialBuild: 1072
7271a48.3220: PrivateBuild: Build 1072 - 8/22/2011
7281a48.3220: FileDescription: Trend Micro TDI Driver (amd64-fre)
7291a48.3220: \SystemRoot\System32\drivers\tmebc64.sys:
7301a48.3220: CreationTime: 2014-12-07T20:00:07.509165400Z
7311a48.3220: LastWriteTime: 2014-07-09T16:02:40.000000000Z
7321a48.3220: ChangeTime: 2014-12-07T20:00:07.649565700Z
7331a48.3220: FileAttributes: 0x20
7341a48.3220: Size: 0xc720
7351a48.3220: NT Headers: 0xf0
7361a48.3220: Timestamp: 0x51d17dd1
7371a48.3220: Machine: 0x8664 - amd64
7381a48.3220: Timestamp: 0x51d17dd1
7391a48.3220: Image Version: 6.0
7401a48.3220: SizeOfImage: 0xf000 (61440)
7411a48.3220: Resource Dir: 0xe000 LB 0x6f0
7421a48.3220: ProductName: Trend Micro Early Boot Clean
7431a48.3220: ProductVersion: 1.5
7441a48.3220: FileVersion: 1.5.0.1017
7451a48.3220: SpecialBuild: 1017
7461a48.3220: PrivateBuild: Build 1017 - 7/1/2013
7471a48.3220: FileDescription: Trend Micro early boot driver
7481a48.3220: \SystemRoot\System32\drivers\tmeevw.sys:
7491a48.3220: CreationTime: 2014-12-07T20:00:09.976969900Z
7501a48.3220: LastWriteTime: 2014-07-09T16:02:55.000000000Z
7511a48.3220: ChangeTime: 2014-12-07T20:00:10.008170000Z
7521a48.3220: FileAttributes: 0x20
7531a48.3220: Size: 0x19f38
7541a48.3220: NT Headers: 0xf0
7551a48.3220: Timestamp: 0x53870a8a
7561a48.3220: Machine: 0x8664 - amd64
7571a48.3220: Timestamp: 0x53870a8a
7581a48.3220: Image Version: 6.1
7591a48.3220: SizeOfImage: 0x1e000 (122880)
7601a48.3220: Resource Dir: 0x19000 LB 0x3338
7611a48.3220: ProductName: Trend Micro EagleEye
7621a48.3220: ProductVersion: 2.0
7631a48.3220: FileVersion: 2.0.0.1009
7641a48.3220: SpecialBuild: 1009
7651a48.3220: PrivateBuild: Build 1009 - 5/29/2014
7661a48.3220: FileDescription: Trend Micro EagleEye Driver (VW) (amd64-fre)
7671a48.3220: Calling main()
7681a48.3220: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
7691a48.3220: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
7701a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
7711a48.3220: SUPR3HardenedMain: Final process, opening VBoxDrv...
7721a48.3220: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000310000 LB 0x400000)
7731a48.3220: supR3HardNtEnableThreadCreation:
7741a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
7751a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
7761a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000834e90:C:\Windows\system32 [calling]
7771a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7781a48.3220: supR3HardenedDllNotificationCallback: load 000007fefb4b0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
7791a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7801a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7811a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
7821a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb4b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
7831a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7841a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
7851a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb4b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
7861a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb4b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
7871a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7881a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
7891a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
7901a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
7911a48.3220: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\wintrust.dll)
7921a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wintrust.dll
7931a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7941a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7951a48.3220: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll)
7961a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
7971a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
7981a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
7991a48.3220: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msasn1.dll)
8001a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msasn1.dll
8011a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
8021a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
8031a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8041a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
8051a48.3220: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\crypt32.dll)
8061a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\crypt32.dll
8071a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8081a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8091a48.3220: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msvcrt.dll)
8101a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
8111a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
8121a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
8131a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
8141a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8151a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8161a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8171a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000834e90:C:\Windows\system32 [calling]
8181a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8191a48.3220: supR3HardenedDllNotificationCallback: load 000007fefd360000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
8201a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8211a48.3220: supR3HardenedDllNotificationCallback: load 000007feff520000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
8221a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8231a48.3220: supR3HardenedDllNotificationCallback: load 000007fefd4c0000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
8241a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8251a48.3220: supR3HardenedDllNotificationCallback: load 000007fefd2f0000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
8261a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
8271a48.3220: supR3HardenedDllNotificationCallback: load 000007fefd8a0000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
8281a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8291a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd360000 'C:\Windows\system32\Wintrust.dll'
8301a48.3220: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptsp.dll)
8311a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptsp.dll
8321a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
8331a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
8341a48.3220: supR3HardenedDllNotificationCallback: load 000007fefc3a0000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
8351a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
8361a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc3a0000 'C:\Windows\system32\CRYPTSP.dll'
8371a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8381a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rsaenh.dll)
8391a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rsaenh.dll
8401a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8411a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8421a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8431a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
8441a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8451a48.3220: supR3HardenedDllNotificationCallback: load 000007fefc0a0000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
8461a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8471a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc0a0000 'C:\Windows\system32\rsaenh.dll'
8481a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8491a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
8501a48.3220: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\advapi32.dll)
8511a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\advapi32.dll
8521a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8531a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8541a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8551a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8561a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8571a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8581a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
8591a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
8601a48.3220: supR3HardenedDllNotificationCallback: load 000007fefd9d0000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
8611a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
8621a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
8631a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
8641a48.3220: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\sechost.dll)
8651a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sechost.dll
8661a48.3220: supR3HardenedDllNotificationCallback: load 000007fefdab0000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
8671a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\sechost.dll [lacks WinVerifyTrust]
8681a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9d0000 'C:\Windows\system32\ADVAPI32.dll'
8691a48.3220: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptbase.dll)
8701a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptbase.dll
8711a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8721a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8731a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8741a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8751a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8761a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8771a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
8781a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
8791a48.3220: supR3HardenedDllNotificationCallback: load 000007fefcd00000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
8801a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
8811a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd00000 'C:\Windows\system32\CRYPTBASE.dll'
8821a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
8831a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
8841a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077310000 'C:\Windows\system32\kernel32.dll'
8851a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8861a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
8871a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd360000 'C:\Windows\system32\WINTRUST.DLL'
8881a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8891a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
8901a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd4c0000 'C:\Windows\system32\CRYPT32.dll'
8911a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8921a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
8931a48.3220: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\imagehlp.dll)
8941a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\imagehlp.dll
8951a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
8961a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
8971a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
8981a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8991a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9001a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9011a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
9021a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
9031a48.3220: supR3HardenedDllNotificationCallback: load 000007fefdb00000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
9041a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
9051a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb00000 'C:\Windows\system32\imagehlp.dll'
9061a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
9071a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
9081a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc3a0000 'C:\Windows\system32\CRYPTSP.dll'
9091a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
9101a48.3220: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\user32.dll)
9111a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\user32.dll
9121a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
9131a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
9141a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
9151a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
9161a48.3220: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\gdi32.dll)
9171a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gdi32.dll
9181a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
9191a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume1\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
9201a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
9211a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
9221a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
9231a48.3220: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\lpk.dll)
9241a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\lpk.dll
9251a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9261a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9271a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
9281a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
9291a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume1\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
9301a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9311a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
9321a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
9331a48.3220: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\usp10.dll)
9341a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\usp10.dll
9351a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9361a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9371a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
9381a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
9391a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
9401a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
9411a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
9421a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
9431a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
9441a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9451a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9461a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
9471a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9481a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9491a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9501a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
9511a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
9521a48.3220: supR3HardenedDllNotificationCallback: load 0000000077430000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
9531a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
9541a48.3220: supR3HardenedDllNotificationCallback: load 000007feff1d0000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
9551a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
9561a48.3220: supR3HardenedDllNotificationCallback: load 000007feff6a0000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
9571a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\lpk.dll [lacks WinVerifyTrust]
9581a48.3220: supR3HardenedDllNotificationCallback: load 000007feff450000 LB 0x000c9000 C:\Windows\system32\USP10.dll [fFlags=0x0]
9591a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\usp10.dll [lacks WinVerifyTrust]
9601a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
9611a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
9621a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff1d0000 'C:\Windows\system32\gdi32.dll'
9631a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
9641a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
9651a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
9661a48.3220: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\imm32.dll)
9671a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\imm32.dll
9681a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
9691a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume1\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
9701a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9711a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
9721a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
9731a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
9741a48.3220: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msctf.dll)
9751a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msctf.dll
9761a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
9771a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
9781a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
9791a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9801a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9811a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
9821a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
9831a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
9841a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust]
9851a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
9861a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
9871a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
9881a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9891a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9901a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
9911a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9921a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9931a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9941a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
9951a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust]
9961a48.3220: supR3HardenedDllNotificationCallback: load 000007fefdad0000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
9971a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust]
9981a48.3220: supR3HardenedDllNotificationCallback: load 000007feff730000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
9991a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msctf.dll [lacks WinVerifyTrust]
10001a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdad0000 'C:\Windows\system32\IMM32.DLL'
10011a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077430000 'C:\Windows\system32\USER32.dll'
10021a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
10031a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
10041a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
10051a48.3220: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\ncrypt.dll)
10061a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ncrypt.dll
10071a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
10081a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
10091a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
10101a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10111a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10121a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10131a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
10141a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
10151a48.3220: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\bcrypt.dll)
10161a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcrypt.dll
10171a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
10181a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
10191a48.3220: supR3HardenedDllNotificationCallback: load 000007fefc520000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
10201a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
10211a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
10221a48.3220: supR3HardenedDllNotificationCallback: load 000007fefc4f0000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
10231a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
10241a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc520000 'C:\Windows\system32\ncrypt.dll'
10251a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
10261a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
10271a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll)
10281a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll
10291a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
10301a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
10311a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
10321a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
10331a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
10341a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
10351a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
10361a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
10371a48.3220: supR3HardenedDllNotificationCallback: load 000007fefbe10000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
10381a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
10391a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe10000 'C:\Windows\system32\bcryptprimitives.dll'
10401a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
10411a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
10421a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc4f0000 'C:\Windows\system32\bcrypt.dll'
10431a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10441a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
10451a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
10461a48.3220: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\userenv.dll)
10471a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\userenv.dll
10481a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
10491a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
10501a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10511a48.3220: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\profapi.dll)
10521a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\profapi.dll
10531a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10541a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10551a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10561a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10571a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10581a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10591a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10601a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10611a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10621a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
10631a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\userenv.dll [lacks WinVerifyTrust]
10641a48.3220: supR3HardenedDllNotificationCallback: load 000007fefd490000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
10651a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\userenv.dll [lacks WinVerifyTrust]
10661a48.3220: supR3HardenedDllNotificationCallback: load 000007fefd300000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
10671a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\profapi.dll [lacks WinVerifyTrust]
10681a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd490000 'C:\Windows\system32\USERENV.dll'
10691a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
10701a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdab0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
10711a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
10721a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdab0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
10731a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10741a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
10751a48.3220: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\gpapi.dll)
10761a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gpapi.dll
10771a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10781a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10791a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10801a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10811a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10821a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10831a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
10841a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
10851a48.3220: supR3HardenedDllNotificationCallback: load 000007fefcb40000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
10861a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
10871a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb40000 'C:\Windows\system32\GPAPI.dll'
10881a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
10891a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdab0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
10901a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10911a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
10921a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8a0000 'C:\Windows\system32\rpcrt4.dll'
10931a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
10941a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdab0000 'API-MS-WIN-Service-Management-L2-1-0.dll'
10951a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
10961a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdab0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
10971a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10981a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
10991a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
11001a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
11011a48.3220: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptnet.dll)
11021a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptnet.dll
11031a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
11041a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume1\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
11051a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11061a48.3220: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\Wldap32.dll)
11071a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\Wldap32.dll
11081a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
11091a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
11101a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
11111a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11121a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11131a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
11141a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11151a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11161a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11171a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11181a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11191a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11201a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
11211a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11221a48.3220: supR3HardenedDllNotificationCallback: load 000007fef5790000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
11231a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11241a48.3220: supR3HardenedDllNotificationCallback: load 000007feff170000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
11251a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
11261a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11271a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
11281a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5790000 'C:\Windows\system32\cryptnet.dll'
11291a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11301a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
11311a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5790000 'C:\Windows\system32\cryptnet.dll'
11321a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11331a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
11341a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5790000 'C:\Windows\system32\cryptnet.dll'
11351a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11361a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
11371a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5790000 'C:\Windows\system32\cryptnet.dll'
11381a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11391a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
11401a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5790000 'C:\Windows\system32\cryptnet.dll'
11411a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11421a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
11431a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5790000 'C:\Windows\system32\cryptnet.dll'
11441a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11451a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5790000 'C:\Windows\system32\cryptnet.dll'
11461a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11471a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5790000 'C:\Windows\system32\cryptnet.dll'
11481a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11491a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5790000 'C:\Windows\system32\cryptnet.dll'
11501a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11511a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5790000 'C:\Windows\system32\cryptnet.dll'
11521a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11531a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5790000 'C:\Windows\system32\cryptnet.dll'
11541a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5790000 'C:\Windows\system32\cryptnet.dll'
11551a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11561a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5790000 'C:\Windows\system32\cryptnet.dll'
11571a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
11581a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdab0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
11591a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\profapi.dll [lacks WinVerifyTrust]
11601a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
11611a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd300000 'C:\Windows\system32\profapi.dll'
11621a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
11631a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
11641a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
11651a48.3220: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\shlwapi.dll)
11661a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
11671a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11681a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11691a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11701a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11711a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11721a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
11731a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11741a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11751a48.3220: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11761a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
11771a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
11781a48.3220: supR3HardenedDllNotificationCallback: load 000007feff6b0000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
11791a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
11801a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff6b0000 'C:\Windows\system32\SHLWAPI.dll'
11811a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
11821a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000008864a0
11831a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
11841a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0CF27465443C34B4834B9578EF0D5E85CCDCA8FB
11851a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
11861a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdab0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
11871a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
11881a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdab0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
11891a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
11901a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdab0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
11911a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
11921a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
11931a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9d0000 'C:\Windows\system32\ADVAPI32.dll'
11941a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
11951a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdab0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
11961a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
11971a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdab0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
11981a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3045999~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\SystemRoot\System32\ntdll.dll'
11991a48.3220: g_pfnWinVerifyTrust=000007fefd361010
12001a48.3220: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
12011a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e8 pwszName=\Device\HarddiskVolume1\Windows\System32\crypt32.dll
12021a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
12031a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
12041a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B757256DD06374F77FF8DC61E1FEC0E93F3DF2F3
12051a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_192_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\crypt32.dll'
12061a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12071a48.3220: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\crypt32.dll'
12081a48.3220: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
12091a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume1\Windows\System32\wintrust.dll
12101a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
12111a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
12121a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E9D66460DAFA96F2CF96829A002753DECB7ED7CF
12131a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\wintrust.dll'
12141a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12151a48.3220: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\wintrust.dll'
12161a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000394 pwszName=\Device\HarddiskVolume1\Windows\System32\shlwapi.dll
12171a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
12181a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
12191a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
12201a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\shlwapi.dll'
12211a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12221a48.3220: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll'
12231a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000038c pwszName=\Device\HarddiskVolume1\Windows\System32\Wldap32.dll
12241a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
12251a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
12261a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
12271a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\Wldap32.dll'
12281a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12291a48.3220: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\Wldap32.dll'
12301a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000388 pwszName=\Device\HarddiskVolume1\Windows\System32\cryptnet.dll
12311a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
12321a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
12331a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2545617940C2A353D1E2B307B3C55DF27B1EEBE9
12341a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\cryptnet.dll'
12351a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12361a48.3220: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptnet.dll'
12371a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000264 pwszName=\Device\HarddiskVolume1\Windows\System32\gpapi.dll
12381a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
12391a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
12401a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
12411a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\gpapi.dll'
12421a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12431a48.3220: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\gpapi.dll'
12441a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d0 pwszName=\Device\HarddiskVolume1\Windows\System32\profapi.dll
12451a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
12461a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
12471a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
12481a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\profapi.dll'
12491a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12501a48.3220: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\profapi.dll'
12511a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001cc pwszName=\Device\HarddiskVolume1\Windows\System32\userenv.dll
12521a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
12531a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
12541a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
12551a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\userenv.dll'
12561a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12571a48.3220: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\userenv.dll'
12581a48.3220: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll'
12591a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a4 pwszName=\Device\HarddiskVolume1\Windows\System32\bcrypt.dll
12601a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
12611a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
12621a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
12631a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\bcrypt.dll'
12641a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12651a48.3220: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll'
12661a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a0 pwszName=\Device\HarddiskVolume1\Windows\System32\ncrypt.dll
12671a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
12681a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
12691a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9F11FC56A83EE70C3BF8B3C8B0314EB87575055B
12701a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3045999~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\ncrypt.dll'
12711a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12721a48.3220: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\ncrypt.dll'
12731a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume1\Windows\System32\msctf.dll
12741a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
12751a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
12761a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03916BC73EE5A0E312E3D3100D0ACE1B78E93BB1
12771a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3033889~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\msctf.dll'
12781a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12791a48.3220: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msctf.dll'
12801a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume1\Windows\System32\imm32.dll
12811a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
12821a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
12831a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
12841a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\imm32.dll'
12851a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12861a48.3220: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\imm32.dll'
12871a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume1\Windows\System32\usp10.dll
12881a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
12891a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
12901a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F1AA8340DE02FC1B6341EE2706E55D56EDF63B8
12911a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2957509~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume1\Windows\System32\usp10.dll'
12921a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12931a48.3220: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\usp10.dll'
12941a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000178 pwszName=\Device\HarddiskVolume1\Windows\System32\lpk.dll
12951a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
12961a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
12971a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A9BD2F77F6F16827206A18B4C9CB5FCFA62A60CF
12981a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3032323~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume1\Windows\System32\lpk.dll'
12991a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13001a48.3220: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\lpk.dll'
13011a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000174 pwszName=\Device\HarddiskVolume1\Windows\System32\gdi32.dll
13021a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
13031a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
13041a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1707E74860DCBF0241835EF4A1E7C39B40ED3ACA
13051a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3046306~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
13061a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13071a48.3220: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
13081a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000170 pwszName=\Device\HarddiskVolume1\Windows\System32\user32.dll
13091a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
13101a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
13111a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B723D1B8AD72750B0CF5F6BEC66171B1254ED879
13121a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\user32.dll'
13131a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13141a48.3220: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\user32.dll'
13151a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000016c pwszName=\Device\HarddiskVolume1\Windows\System32\imagehlp.dll
13161a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
13171a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
13181a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
13191a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\imagehlp.dll'
13201a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13211a48.3220: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\imagehlp.dll'
13221a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000128 pwszName=\Device\HarddiskVolume1\Windows\System32\cryptbase.dll
13231a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
13241a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
13251a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A965CC5DB13A5FB23BBB1B6B5FA6D400DC49462F
13261a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\cryptbase.dll'
13271a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13281a48.3220: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptbase.dll'
13291a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume1\Windows\System32\sechost.dll
13301a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
13311a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
13321a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323
13331a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\sechost.dll'
13341a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13351a48.3220: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\sechost.dll'
13361a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000110 pwszName=\Device\HarddiskVolume1\Windows\System32\advapi32.dll
13371a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
13381a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
13391a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7C0A1C638CE7C1160F49C473EC1420BD3AB693C4
13401a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2882822~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume1\Windows\System32\advapi32.dll'
13411a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13421a48.3220: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\advapi32.dll'
13431a48.3220: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\rsaenh.dll'
13441a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000010c pwszName=\Device\HarddiskVolume1\Windows\System32\cryptsp.dll
13451a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
13461a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
13471a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BA7AC4A7E8ADDFEA90AC951ECB6D6546E4873613
13481a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\cryptsp.dll'
13491a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13501a48.3220: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptsp.dll'
13511a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000ec pwszName=\Device\HarddiskVolume1\Windows\System32\msvcrt.dll
13521a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
13531a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
13541a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
13551a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
13561a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13571a48.3220: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
13581a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume1\Windows\System32\msasn1.dll
13591a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
13601a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
13611a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
13621a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\msasn1.dll'
13631a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13641a48.3220: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msasn1.dll'
13651a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
13661a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
13671a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
13681a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03E871CFC4A3E7194619AFC99CEEA1EC75982D12
13691a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2978668~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll'
13701a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13711a48.3220: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll'
13721a48.3220: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
13731a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume1\Windows\System32\KernelBase.dll
13741a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
13751a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
13761a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2703E04E5F64FCA33765E53C5EB160799413C2FA
13771a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3045999~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\KernelBase.dll'
13781a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13791a48.3220: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\KernelBase.dll'
13801a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume1\Windows\System32\kernel32.dll
13811a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
13821a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
13831a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B39F531406FFFC9A8725E241096C684DBB516132
13841a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3045999~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\kernel32.dll'
13851a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13861a48.3220: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\kernel32.dll'
13871a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
13881a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000092a770:C:\Windows\system32 [calling]
13891a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd4c0000 'C:\Windows\system32\crypt32.dll'
13901a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0x3d65cec321d7a700 O=hp.com, OU=IT Infrastructure, C=US, O=Hewlett-Packard Company, CN=Hewlett-Packard Private Class 2 Certification Authority
13911a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0x20bdbe8bfdd57e27 O=hp.com, OU=IT Infrastructure, C=US, O=Hewlett-Packard Company, CN=Hewlett-Packard Primary Class 2 Certification Authority
13921a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
13931a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
13941a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
13951a48.3220: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=US, O=Hewlett-Packard Company, OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=Class 2 Managed PKI Individual Subscriber CA, CN=Collaboration Certification Authority G2
13961a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
13971a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0x66a414c72c45a400 O=hp.com, OU=IT Infrastructure, C=US, O=Hewlett-Packard Company, OU=FOR TEST PURPOSES ONLY, CN=Hewlett-Packard Private Class 2 TEST Certification Authority
13981a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
13991a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0x7304ab64a8b308d3 O=hp.com, OU=IT Infrastructure, C=US, O=Hewlett-Packard Company, OU=For Test Purposes Only, CN=Hewlett-Packard Primary Class 2 Test Certification Authority
14001a48.3220: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=BZ, ST=Belize, L=Belize City, O=DT Soft Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, CN=DT Soft Ltd
14011a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
14021a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0x20bdbe8bfdd57e27 O=hp.com, OU=IT Infrastructure, C=US, O=Hewlett-Packard Company, CN=Hewlett-Packard Primary Class 2 Certification Authority
14031a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0xf4d5fe5ad0fa400 CN=localhost, O=Skype Click to Call, OU=Skype Click to Call
14041a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
14051a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
14061a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0x91e3728b8b40d000 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority
14071a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
14081a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
14091a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
14101a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
14111a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
14121a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
14131a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
14141a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
14151a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
14161a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
14171a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0xff3891b54348328 C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
14181a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
14191a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
14201a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
14211a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
14221a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
14231a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0x5534b165029017e7 C=US, O=Equifax Secure Inc., CN=Equifax Secure Global eBusiness CA-1
14241a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
14251a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
14261a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, [email protected]
14271a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
14281a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
14291a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0x6e2ba21058eedf00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC
14301a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
14311a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
14321a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
14331a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
14341a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0x30669a4e82fa800 C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
14351a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
14361a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
14371a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
14381a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
14391a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0xe66b56ffc86e50a4 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, [email protected]
14401a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
14411a48.3220: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
14421a48.3220: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=50
14431a48.3220: SUPR3HardenedMain: Load Runtime...
14441a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
14451a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
14461a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
14471a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
14481a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll)WinVerifyTrust
14491a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
14501a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14511a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14521a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
14531a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
14541a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
14551a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000428 pwszName=\Device\HarddiskVolume1\Windows\System32\ws2_32.dll
14561a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
14571a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
14581a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
14591a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\ws2_32.dll'
14601a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14611a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14621a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
14631a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
14641a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ws2_32.dll)WinVerifyTrust
14651a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
14661a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14671a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14681a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
14691a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll)WinVerifyTrust
14701a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
14711a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14721a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14731a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll)WinVerifyTrust
14741a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
14751a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14761a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14771a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
14781a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
14791a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
14801a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000440 pwszName=\Device\HarddiskVolume1\Windows\System32\nsi.dll
14811a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
14821a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
14831a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
14841a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\nsi.dll'
14851a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14861a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\nsi.dll)WinVerifyTrust
14871a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\nsi.dll
14881a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14891a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14901a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
14911a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14921a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14931a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
14941a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008d0180:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
14951a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
14961a48.3220: supR3HardenedDllNotificationCallback: load 000007fee8200000 LB 0x00531000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
14971a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
14981a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
14991a48.3220: supR3HardenedDllNotificationCallback: load 0000000052f50000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
15001a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
15011a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
15021a48.3220: supR3HardenedDllNotificationCallback: load 0000000066eb0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
15031a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
15041a48.3220: supR3HardenedDllNotificationCallback: load 000007fefdb20000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
15051a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
15061a48.3220: supR3HardenedDllNotificationCallback: load 000007fefd6b0000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
15071a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll
15081a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
15091a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
15101a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15111a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
15121a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
15131a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15141a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
15151a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
15161a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15171a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
15181a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
15191a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15201a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
15211a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
15221a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15231a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
15241a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
15251a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15261a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15271a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15281a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15291a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15301a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15311a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15321a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15331a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
15341a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
15351a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15361a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15371a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15381a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15391a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15401a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15411a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15421a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15431a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15441a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15451a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15461a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15471a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15481a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15491a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15501a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15511a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
15521a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000835820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\RA2HP\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services;C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Online Services;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Citrix\system32\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\ActivIdentity\ActivClient\;C:\Program Files (x86)\ActivIdentity\ActivClient\;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\ [calling]
15531a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15541a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15551a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15561a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15571a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll
15581a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000052b790:C:\Windows\system32 [calling]
15591a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd360000 'C:\Windows\system32\Wintrust.dll'
15601a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
15611a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000052b790:C:\Windows\system32 [calling]
15621a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd4c0000 'C:\Windows\system32\crypt32.dll'
15631a48.3220: SUPR3HardenedMain: Load TrustedMain...
15641a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
15651a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
15661a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
15671a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
15681a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
15691a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
15701a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'.
15711a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
15721a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
15731a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
15741a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
15751a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
15761a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
15771a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
15781a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
15791a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
15801a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.dll)WinVerifyTrust
15811a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.dll
15821a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
15831a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
15841a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000494 pwszName=\Device\HarddiskVolume1\Windows\System32\winmm.dll
15851a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
15861a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
15871a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
15881a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\winmm.dll'
15891a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15901a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
15911a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
15921a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winmm.dll)WinVerifyTrust
15931a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winmm.dll
15941a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
15951a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume1\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
15961a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000047c pwszName=\Device\HarddiskVolume1\Windows\System32\comdlg32.dll
15971a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
15981a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
15991a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
16001a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\comdlg32.dll'
16011a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16021a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16031a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
16041a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
16051a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
16061a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
16071a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
16081a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\comdlg32.dll)WinVerifyTrust
16091a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\comdlg32.dll
16101a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
16111a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
16121a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a0 pwszName=\Device\HarddiskVolume1\Windows\System32\oleaut32.dll
16131a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
16141a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
16151a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8A837B0D823EB506C6A4C447C1962174D27ED954
16161a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3020338~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\oleaut32.dll'
16171a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16181a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
16191a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
16201a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
16211a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
16221a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
16231a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\oleaut32.dll)WinVerifyTrust
16241a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
16251a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16261a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16271a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000498 pwszName=\Device\HarddiskVolume1\Windows\System32\ole32.dll
16281a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
16291a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
16301a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E64AE329BD5124592BC8CB0B327AA3B95DC65B7
16311a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\ole32.dll'
16321a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16331a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16341a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
16351a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
16361a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
16371a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ole32.dll)WinVerifyTrust
16381a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ole32.dll
16391a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
16401a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
16411a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000048c pwszName=\Device\HarddiskVolume1\Windows\System32\shell32.dll
16421a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
16431a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
16441a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0ED534A13973A0F8A98CD4EDC6CBC56E0448E994
16451a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3039066~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\shell32.dll'
16461a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16471a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16481a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
16491a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
16501a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
16511a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\shell32.dll)WinVerifyTrust
16521a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shell32.dll
16531a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16541a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16551a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
16561a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16571a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16581a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll
16591a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16601a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16611a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
16621a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
16631a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
16641a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
16651a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
16661a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
16671a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
16681a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
16691a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll)WinVerifyTrust
16701a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
16711a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'...
16721a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008]
16731a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
16741a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
16751a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
16761a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll)WinVerifyTrust
16771a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
16781a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
16791a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
16801a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
16811a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
16821a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
16831a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
16841a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
16851a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
16861a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
16871a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
16881a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
16891a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
16901a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
16911a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
16921a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
16931a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)WinVerifyTrust
16941a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
16951a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
16961a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
16971a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
16981a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
16991a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
17001a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
17011a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
17021a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
17031a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)WinVerifyTrust
17041a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
17051a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17061a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17071a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
17081a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
17091a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
17101a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
17111a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
17121a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
17131a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
17141a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
17151a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d0 pwszName=\Device\HarddiskVolume1\Windows\System32\opengl32.dll
17161a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
17171a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
17181a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
17191a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\opengl32.dll'
17201a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17211a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17221a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
17231a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
17241a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
17251a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
17261a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
17271a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\opengl32.dll)WinVerifyTrust
17281a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\opengl32.dll
17291a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17301a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17311a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
17321a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume1\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
17331a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004bc pwszName=\Device\HarddiskVolume1\Windows\System32\ddraw.dll
17341a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
17351a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
17361a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
17371a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\ddraw.dll'
17381a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17391a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17401a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
17411a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
17421a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
17431a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
17441a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
17451a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ddraw.dll)WinVerifyTrust
17461a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ddraw.dll
17471a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
17481a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume1\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
17491a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000049c pwszName=\Device\HarddiskVolume1\Windows\System32\glu32.dll
17501a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
17511a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
17521a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
17531a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\glu32.dll'
17541a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17551a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17561a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
17571a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
17581a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\glu32.dll)WinVerifyTrust
17591a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\glu32.dll
17601a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17611a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17621a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17631a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17641a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
17651a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17661a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17671a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17681a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17691a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
17701a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
17711a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
17721a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
17731a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
17741a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
17751a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
17761a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17771a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17781a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
17791a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17801a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
17811a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17821a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17831a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17841a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17851a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
17861a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
17871a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
17881a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
17891a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
17901a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
17911a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
17921a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
17931a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
17941a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
17951a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17961a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17971a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17981a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17991a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18001a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
18011a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
18021a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
18031a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume1\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
18041a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b8 pwszName=\Device\HarddiskVolume1\Windows\System32\winspool.drv
18051a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
18061a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
18071a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
18081a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\winspool.drv'
18091a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18101a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18111a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
18121a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
18131a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winspool.drv)WinVerifyTrust
18141a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winspool.drv
18151a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
18161a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
18171a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
18181a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
18191a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
18201a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\imm32.dll
18211a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18221a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18231a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
18241a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
18251a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume1\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
18261a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\comdlg32.dll
18271a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18281a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18291a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18301a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18311a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
18321a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
18331a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
18341a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
18351a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
18361a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
18371a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
18381a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18391a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18401a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
18411a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
18421a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
18431a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
18441a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
18451a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
18461a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
18471a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18481a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18491a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18501a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18511a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
18521a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
18531a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
18541a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18551a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18561a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18571a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18581a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
18591a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
18601a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
18611a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18621a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18631a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18641a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18651a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18661a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18671a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18681a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18691a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18701a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18711a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18721a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18731a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18741a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18751a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
18761a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18771a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18781a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18791a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18801a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18811a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
18821a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
18831a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
18841a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
18851a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
18861a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
18871a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
18881a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c0 pwszName=\Device\HarddiskVolume1\Windows\System32\comctl32.dll
18891a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
18901a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
18911a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A2FB6B10717AFC03CD9FE6E8F1337A8EA94BF9B
18921a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2864058~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\comctl32.dll'
18931a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18941a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
18951a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
18961a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
18971a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\comctl32.dll)WinVerifyTrust
18981a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\comctl32.dll
18991a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19001a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19011a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19021a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19031a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
19041a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
19051a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
19061a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19071a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19081a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19091a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19101a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19111a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19121a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19131a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19141a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19151a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19161a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll
19171a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19181a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19191a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19201a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19211a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19221a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19231a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19241a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19251a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19261a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19271a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
19281a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
19291a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
19301a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19311a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19321a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
19331a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
19341a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e0 pwszName=\Device\HarddiskVolume1\Windows\System32\dwmapi.dll
19351a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
19361a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
19371a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B79EE7B5AD74EF51A849809202E043183A2C727E
19381a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\dwmapi.dll'
19391a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19401a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19411a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
19421a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
19431a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dwmapi.dll)WinVerifyTrust
19441a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dwmapi.dll
19451a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
19461a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
19471a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f0 pwszName=\Device\HarddiskVolume1\Windows\System32\setupapi.dll
19481a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
19491a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
19501a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
19511a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\setupapi.dll'
19521a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19531a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
19541a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
19551a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
19561a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
19571a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
19581a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
19591a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
19601a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\setupapi.dll)WinVerifyTrust
19611a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\setupapi.dll
19621a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19631a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19641a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
19651a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume1\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
19661a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e4 pwszName=\Device\HarddiskVolume1\Windows\System32\dciman32.dll
19671a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
19681a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
19691a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8C17410BD716DCF557221B982F7A015B5B6AC2B4
19701a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3032323~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume1\Windows\System32\dciman32.dll'
19711a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19721a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19731a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
19741a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
19751a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dciman32.dll)WinVerifyTrust
19761a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dciman32.dll
19771a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19781a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19791a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19801a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19811a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19821a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19831a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19841a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19851a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19861a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19871a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
19881a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume1\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
19891a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d4 pwszName=\Device\HarddiskVolume1\Windows\System32\devobj.dll
19901a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
19911a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
19921a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
19931a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\devobj.dll'
19941a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19951a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19961a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
19971a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\devobj.dll)WinVerifyTrust
19981a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\devobj.dll
19991a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
20001a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
20011a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
20021a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20031a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20041a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20051a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20061a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20071a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20081a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20091a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20101a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
20111a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
20121a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004fc pwszName=\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
20131a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
20141a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
20151a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
20161a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll'
20171a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20181a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20191a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
20201a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
20211a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll)WinVerifyTrust
20221a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
20231a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20241a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20251a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20261a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20271a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20281a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20291a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20301a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20311a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20321a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20331a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20341a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20351a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
20361a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
20371a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
20381a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20391a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20401a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008d0180:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
20411a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.dll
20421a48.3220: supR3HardenedDllNotificationCallback: load 000007feddba0000 LB 0x00875000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
20431a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.dll
20441a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
20451a48.3220: supR3HardenedDllNotificationCallback: load 000007fee80e0000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
20461a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
20471a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\glu32.dll
20481a48.3220: supR3HardenedDllNotificationCallback: load 000007feeac10000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
20491a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\glu32.dll
20501a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ddraw.dll
20511a48.3220: supR3HardenedDllNotificationCallback: load 000007fee5290000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
20521a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ddraw.dll
20531a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dciman32.dll
20541a48.3220: supR3HardenedDllNotificationCallback: load 000007fefa7a0000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
20551a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dciman32.dll
20561a48.3220: supR3HardenedDllNotificationCallback: load 000007fefd6c0000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
20571a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
20581a48.3220: supR3HardenedDllNotificationCallback: load 000007fefd320000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
20591a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
20601a48.3220: supR3HardenedDllNotificationCallback: load 000007feff5c0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
20611a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
20621a48.3220: supR3HardenedDllNotificationCallback: load 000007feff240000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
20631a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
20641a48.3220: supR3HardenedDllNotificationCallback: load 000007fefd470000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
20651a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\devobj.dll
20661a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dwmapi.dll
20671a48.3220: supR3HardenedDllNotificationCallback: load 000007fefad40000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
20681a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dwmapi.dll
20691a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
20701a48.3220: supR3HardenedDllNotificationCallback: load 0000000050a20000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
20711a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
20721a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
20731a48.3220: supR3HardenedDllNotificationCallback: load 0000000064530000 LB 0x00969000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
20741a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
20751a48.3220: supR3HardenedDllNotificationCallback: load 000007feff050000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
20761a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\comdlg32.dll
20771a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
20781a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
20791a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
20801a48.3220: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll)
20811a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll
20821a48.3220: supR3HardenedDllNotificationCallback: load 000007fef91d0000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\COMCTL32.dll [fFlags=0x0]
20831a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll [avoiding WinVerifyTrust]
20841a48.3220: supR3HardenedDllNotificationCallback: load 000007fefdb70000 LB 0x00d89000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
20851a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
20861a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
20871a48.3220: supR3HardenedDllNotificationCallback: load 000007fefb9b0000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
20881a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
20891a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winspool.drv
20901a48.3220: supR3HardenedDllNotificationCallback: load 000007fefa8d0000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
20911a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winspool.drv
20921a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
20931a48.3220: supR3HardenedDllNotificationCallback: load 0000000050910000 LB 0x00105000 C:\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll [fFlags=0x0]
20941a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
20951a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
20961a48.3220: supR3HardenedDllNotificationCallback: load 0000000050830000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
20971a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
20981a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000504 pwszName=\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll
20991a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
21001a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
21011a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A2FB6B10717AFC03CD9FE6E8F1337A8EA94BF9B
21021a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2864058~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll'
21031a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21041a48.3220: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll'
21051a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\imm32.dll
21061a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21071a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21081a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21091a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21101a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21111a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21121a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008d0570:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21131a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdad0000 'C:\Windows\system32\imm32.dll'
21141a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feddba0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
21151a48.3220: SUPR3HardenedMain: Calling TrustedMain (000007feddba1ca0)...
21161a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
21171a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008d0180:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21181a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb9b0000 'C:\Windows\system32\winmm.dll'
21191a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005a0 pwszName=\Device\HarddiskVolume1\Windows\System32\uxtheme.dll
21201a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
21211a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
21221a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
21231a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\uxtheme.dll'
21241a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21251a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21261a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
21271a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
21281a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\uxtheme.dll)WinVerifyTrust
21291a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
21301a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21311a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21321a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21331a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21341a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21351a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21361a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000536d00:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21371a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
21381a48.3220: supR3HardenedDllNotificationCallback: load 000007fefb110000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
21391a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
21401a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb110000 'C:\Windows\system32\uxtheme.dll'
21411a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
21421a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000536d00:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21431a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb110000 'C:\Windows\system32\uxtheme.dll'
21441a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
21451a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000005378b0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21461a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb110000 'C:\Windows\system32\uxtheme.dll'
21471a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
21481a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000005378b0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21491a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb110000 'C:\Windows\system32\uxtheme.dll'
21501a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dwmapi.dll
21511a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008d0180:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21521a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad40000 'C:\Windows\system32\dwmapi.dll'
21531a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll
21541a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008d0180:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21551a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd00000 'C:\Windows\system32\CRYPTBASE.dll'
21561a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
21571a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008d0180:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21581a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb70000 'C:\Windows\system32\shell32.dll'
21591a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll
21601a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008d0180:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21611a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077310000 'C:\Windows\system32\kernel32.dll'
21621a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
21631a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008d0180:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21641a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb110000 'C:\Windows\system32\uxtheme.dll'
21651a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
21661a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008d0180:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21671a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb110000 'C:\Windows\system32\uxtheme.dll'
21681a48.3220: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
21691a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008d0180:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21701a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
21711a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077430000 'C:\Windows\system32\user32.dll'
21721a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
21731a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008d0180:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21741a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb110000 'C:\Windows\system32\uxtheme.dll'
21751a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077430000 'C:\Windows\system32\user32.dll'
21761a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9d0000 'C:\Windows\system32\advapi32.dll'
21771a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\userenv.dll
21781a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008d0180:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21791a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd490000 'C:\Windows\system32\userenv.dll'
21801a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll
21811a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008d0180:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21821a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077310000 'C:\Windows\system32\kernel32.dll'
21831a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005f4 pwszName=\Device\HarddiskVolume1\Windows\System32\clbcatq.dll
21841a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
21851a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
21861a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
21871a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\clbcatq.dll'
21881a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21891a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21901a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
21911a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
21921a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
21931a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
21941a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
21951a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\clbcatq.dll)WinVerifyTrust
21961a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\clbcatq.dll
21971a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21981a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21991a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22001a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22011a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
22021a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22031a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22041a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22051a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22061a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22071a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22081a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
22091a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22101a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22111a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
22121a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008d0180:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22131a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\clbcatq.dll
22141a48.3220: supR3HardenedDllNotificationCallback: load 000007fefefb0000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
22151a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\clbcatq.dll
22161a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefefb0000 'C:\Windows\system32\CLBCatQ.DLL'
22171a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
22181a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008d0720:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22191a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9d0000 'C:\Windows\system32\ADVAPI32.dll'
22201a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll
22211a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008d0840:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22221a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc3a0000 'C:\Windows\system32\CRYPTSP.dll'
22231a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000614 pwszName=\Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll
22241a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
22251a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
22261a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
22271a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll'
22281a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22291a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
22301a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll)WinVerifyTrust
22311a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll
22321a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22331a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22341a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008d0840:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22351a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll
22361a48.3220: supR3HardenedDllNotificationCallback: load 000007fefcd10000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
22371a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll
22381a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd10000 'C:\Windows\system32\RpcRtRemote.dll'
22391a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
22401a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000537960:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22411a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff5c0000 'C:\Windows\system32\oleaut32.dll'
22421a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000634 pwszName=\Device\HarddiskVolume1\Windows\System32\sxs.dll
22431a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
22441a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
22451a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FCAC019C19F878C2B628662A84ECE75A01818BC9
22461a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\sxs.dll'
22471a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22481a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\sxs.dll)WinVerifyTrust
22491a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sxs.dll
22501a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SXS.DLL (Input=SXS.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008d0b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22511a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\sxs.dll
22521a48.3220: supR3HardenedDllNotificationCallback: load 000007fefd160000 LB 0x00091000 C:\Windows\system32\SXS.DLL [fFlags=0x0]
22531a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\sxs.dll
22541a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd160000 'C:\Windows\system32\SXS.DLL'
22551a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9d0000 'C:\Windows\system32\ADVAPI32.dll'
22561a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
22571a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008d0b10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22581a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff5c0000 'C:\Windows\system32\OLEAUT32.dll'
22591a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9d0000 'C:\Windows\system32\ADVAPI32.dll'
22601a48.3220: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
22611a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008d0e70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22621a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
22631a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff1d0000 'C:\Windows\system32\gdi32.dll'
22641a48.2f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22651a48.2f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
22661a48.2f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22671a48.2f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
22681a48.2f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
22691a48.2f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
22701a48.2f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
22711a48.2f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll)WinVerifyTrust
22721a48.2f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll
22731a48.2f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22741a48.2f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22751a48.2f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
22761a48.2f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22771a48.2f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22781a48.2f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
22791a48.2f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
22801a48.2f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
22811a48.2f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
22821a48.2f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22831a48.2f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22841a48.2f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22851a48.2f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22861a48.2f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22871a48.2f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
22881a48.2f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
22891a48.2f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22901a48.2f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22911a48.2f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002b0dd60:C:\Program Files\Oracle\VirtualBox;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22921a48.2f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll
22931a48.2f0: supR3HardenedDllNotificationCallback: load 000007fedeb40000 LB 0x004f8000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
22941a48.2f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll
22951a48.2f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeb40000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
22961a48.39b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22971a48.39b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
22981a48.39b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll)WinVerifyTrust
22991a48.39b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
23001a48.39b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23011a48.39b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23021a48.39b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23031a48.39b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23041a48.39b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002ab1a40:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23051a48.39b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
23061a48.39b4: supR3HardenedDllNotificationCallback: load 000007fefb4a0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
23071a48.39b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
23081a48.39b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb4a0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL'
23091a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077430000 'C:\Windows\system32\user32.dll'
23101a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
23111a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008d0ba0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23121a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb70000 'C:\Windows\system32\shell32.dll'
23131a48.3220: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x800b010c (<NULL>) on '\Device\HarddiskVolume1\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll'
23141a48.3220: supHardenedWinVerifyImageByHandle: -> -22919 (\Device\HarddiskVolume1\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll)WinVerifyTrust
23151a48.3220: Error (rc=0):
23161a48.3220: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume1\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll: WinVerifyTrust failed with hrc=Unknown Status 0x800B010C on '\Device\HarddiskVolume1\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll'
23171a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
23181a48.3220: Error (rc=0):
23191a48.3220: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll' (C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll): rcNt=0xc0000190
23201a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll'
23211a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
23221a48.3220: Error (rc=0):
23231a48.3220: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume1\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
23241a48.3220: Error (rc=0):
23251a48.3220: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll' (C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll): rcNt=0xc0000190
23261a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll'
23271a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
23281a48.3220: Error (rc=0):
23291a48.3220: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume1\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
23301a48.3220: Error (rc=0):
23311a48.3220: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll' (C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll): rcNt=0xc0000190
23321a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll'
23331a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
23341a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008d0ba0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23351a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff240000 'C:\Windows\system32\ole32.dll'
23361a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
23371a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002ab2190:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23381a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff240000 'C:\Windows\system32\ole32.dll'
23391a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
23401a48.3220: Error (rc=0):
23411a48.3220: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=3 \Device\HarddiskVolume1\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
23421a48.3220: Error (rc=0):
23431a48.3220: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll' (C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll): rcNt=0xc0000190
23441a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll'
23451a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msctf.dll
23461a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000538a90:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23471a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff730000 'C:\Windows\system32\MSCTF.dll'
23481a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
23491a48.3220: Error (rc=0):
23501a48.3220: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=4 \Device\HarddiskVolume1\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
23511a48.3220: Error (rc=0):
23521a48.3220: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll' (C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll): rcNt=0xc0000190
23531a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll'
23541a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
23551a48.3220: Error (rc=0):
23561a48.3220: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=5 \Device\HarddiskVolume1\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
23571a48.3220: Error (rc=0):
23581a48.3220: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll' (C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll): rcNt=0xc0000190
23591a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll'
23601a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff240000 'C:\Windows\system32\ole32.dll'
23611a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
23621a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002ab2190:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23631a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff5c0000 'C:\Windows\system32\OLEAUT32.dll'
23641a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009cc pwszName=\Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
23651a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
23661a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
23671a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9D23EA973FAFAFAD87237AB3723340580276449F
23681a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WIN8IP-Microsoft-Windows-WMI-Package~31bf3856ad364e35~amd64~~7.1.7601.16398.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll'
23691a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23701a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23711a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
23721a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
23731a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
23741a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'wbemcomn2.dll'.
23751a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
23761a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll)WinVerifyTrust
23771a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
23781a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23791a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23801a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn2.dll'...
23811a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn2.dll' -> '\Device\HarddiskVolume1\Windows\System32\wbemcomn2.dll' [rcNtRedir=0xc0150008]
23821a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009c0 pwszName=\Device\HarddiskVolume1\Windows\System32\wbemcomn2.dll
23831a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
23841a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
23851a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4FBA45F4BB79A35153BA469FD01507C644BE39AB
23861a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WIN8IP-Microsoft-Windows-WMI-Package~31bf3856ad364e35~amd64~~7.1.7601.16398.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbemcomn2.dll'
23871a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23881a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23891a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
23901a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
23911a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
23921a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbemcomn2.dll)WinVerifyTrust
23931a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbemcomn2.dll
23941a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
23951a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
23961a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
23971a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23981a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23991a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24001a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24011a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24021a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24031a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
24041a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
24051a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
24061a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
24071a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
24081a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24091a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24101a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24111a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24121a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000888130:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24131a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
24141a48.3220: supR3HardenedDllNotificationCallback: load 000007fef9340000 LB 0x0000e000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
24151a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
24161a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbemcomn2.dll
24171a48.3220: supR3HardenedDllNotificationCallback: load 000007fef98a0000 LB 0x0007d000 C:\Windows\system32\wbemcomn2.dll [fFlags=0x0]
24181a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbemcomn2.dll
24191a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9340000 'C:\Windows\system32\wbem\wbemprox.dll'
24201a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009f8 pwszName=\Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
24211a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
24221a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
24231a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=77AE9E0AB565BD4B55146072708C69CC76B02AEC
24241a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WIN8IP-Microsoft-Windows-WMI-Package~31bf3856ad364e35~amd64~~7.1.7601.16398.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll'
24251a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24261a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24271a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
24281a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
24291a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll)WinVerifyTrust
24301a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
24311a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24321a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24331a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24341a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24351a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24361a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24371a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000888130:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24381a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
24391a48.3220: supR3HardenedDllNotificationCallback: load 000007feedfd0000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
24401a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
24411a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feedfd0000 'C:\Windows\system32\wbem\wbemsvc.dll'
24421a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a04 pwszName=\Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
24431a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
24441a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
24451a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F312241187BEEDD628B7F991D95066A380534AC2
24461a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WIN8IP-Microsoft-Windows-WMI-Package~31bf3856ad364e35~amd64~~7.1.7601.16398.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll'
24471a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24481a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24491a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
24501a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
24511a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'wbemcomn2.dll'.
24521a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
24531a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ntdsapi.dll'.
24541a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll)WinVerifyTrust
24551a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
24561a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
24571a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
24581a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009ec pwszName=\Device\HarddiskVolume1\Windows\System32\ntdsapi.dll
24591a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008864a0
24601a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008864a0
24611a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
24621a48.3220: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\ntdsapi.dll'
24631a48.3220: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24641a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24651a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
24661a48.3220: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
24671a48.3220: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ntdsapi.dll)WinVerifyTrust
24681a48.3220: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ntdsapi.dll
24691a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24701a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24711a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn2.dll'...
24721a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn2.dll' -> '\Device\HarddiskVolume1\Windows\System32\wbemcomn2.dll' [rcNtRedir=0xc0150008]
24731a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbemcomn2.dll
24741a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24751a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24761a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
24771a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
24781a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24791a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24801a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
24811a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
24821a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
24831a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24841a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24851a48.3220: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
24861a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24871a48.3220: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24881a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000888130:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
24891a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
24901a48.3220: supR3HardenedDllNotificationCallback: load 000007fef9920000 LB 0x000d4000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
24911a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
24921a48.3220: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntdsapi.dll
24931a48.3220: supR3HardenedDllNotificationCallback: load 000007fef9830000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
24941a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntdsapi.dll
24951a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9920000 'C:\Windows\system32\wbem\fastprox.dll'
24961a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff5c0000 'C:\Windows\system32\OLEAUT32.dll'
24971a48.3424: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff5c0000 'C:\Windows\system32\OLEAUT32.dll'
24981a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
24991a48.3220: Error (rc=0):
25001a48.3220: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=6 \Device\HarddiskVolume1\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
25011a48.3220: Error (rc=0):
25021a48.3220: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll' (C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll): rcNt=0xc0000190
25031a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll'
25041a48.3220: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll' [redir]
25051a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll
25061a48.3220: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000002ab22b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
25071a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef91d0000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll'
25081a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
25091a48.3220: Error (rc=0):
25101a48.3220: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=7 \Device\HarddiskVolume1\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
25111a48.3220: Error (rc=0):
25121a48.3220: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll' (C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll): rcNt=0xc0000190
25131a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll'
25141a48.3220: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
25151a48.3220: Error (rc=0):
25161a48.3220: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=8 \Device\HarddiskVolume1\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
25171a48.3220: Error (rc=0):
25181a48.3220: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll' (C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll): rcNt=0xc0000190
25191a48.3220: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll'
25201a48.3b00: supR3HardenedDllNotificationCallback: Unload 000007fefb4a0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [flags=0x0]
25211a48.3220: supR3HardenedDllNotificationCallback: Unload 000007fef9920000 LB 0x000d4000 C:\Windows\system32\wbem\fastprox.dll [flags=0x0]
25221a48.3220: supR3HardenedDllNotificationCallback: Unload 000007fef9830000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [flags=0x0]
25231a48.3220: supR3HardenedDllNotificationCallback: Unload 000007feedfd0000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [flags=0x0]
25241a48.3220: supR3HardenedDllNotificationCallback: Unload 000007fef9340000 LB 0x0000e000 C:\Windows\system32\wbem\wbemprox.dll [flags=0x0]
25251a48.3220: supR3HardenedDllNotificationCallback: Unload 000007fef98a0000 LB 0x0007d000 C:\Windows\system32\wbemcomn2.dll [flags=0x0]
25261a48.3220: supR3HardenedDllNotificationCallback: Unload 000007fedeb40000 LB 0x004f8000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
25271a48.3220: Terminating the normal way: rcExit=0
25283570.35dc: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 5064 ms, the end);
2529680.12cc: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 5750 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette