Ticket #14774: VBoxHardening.2.log

File VBoxHardening.2.log, 330.3 KB (added by GoodGodd, 9 years ago)

Line
1	d88.d8c: Log file opened: 5.0.10r104061 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
2	d88.d8c: \SystemRoot\System32\ntdll.dll:
3	d88.d8c: CreationTime: 2015-06-30T18:24:53.606504900Z
4	d88.d8c: LastWriteTime: 2015-05-25T18:21:21.289963400Z
5	d88.d8c: ChangeTime: 2015-06-30T22:16:12.090281900Z
6	d88.d8c: FileAttributes: 0x20
7	d88.d8c: Size: 0x1a61c0
8	d88.d8c: NT Headers: 0xe0
9	d88.d8c: Timestamp: 0x556366f2
10	d88.d8c: Machine: 0x8664 - amd64
11	d88.d8c: Timestamp: 0x556366f2
12	d88.d8c: Image Version: 6.1
13	d88.d8c: SizeOfImage: 0x1a9000 (1740800)
14	d88.d8c: Resource Dir: 0x14d000 LB 0x5a028
15	d88.d8c: ProductName: Microsoft® Windows® Operating System
16	d88.d8c: ProductVersion: 6.1.7601.18869
17	d88.d8c: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
18	d88.d8c: FileDescription: NT Layer DLL
19	d88.d8c: \SystemRoot\System32\kernel32.dll:
20	d88.d8c: CreationTime: 2015-06-30T18:24:53.107304100Z
21	d88.d8c: LastWriteTime: 2015-05-25T18:19:02.585000000Z
22	d88.d8c: ChangeTime: 2015-06-30T22:16:12.324282300Z
23	d88.d8c: FileAttributes: 0x20
24	d88.d8c: Size: 0x11be00
25	d88.d8c: NT Headers: 0xe8
26	d88.d8c: Timestamp: 0x556366fc
27	d88.d8c: Machine: 0x8664 - amd64
28	d88.d8c: Timestamp: 0x556366fc
29	d88.d8c: Image Version: 6.1
30	d88.d8c: SizeOfImage: 0x11f000 (1175552)
31	d88.d8c: Resource Dir: 0x116000 LB 0x528
32	d88.d8c: ProductName: Microsoft® Windows® Operating System
33	d88.d8c: ProductVersion: 6.1.7601.18869
34	d88.d8c: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
35	d88.d8c: FileDescription: Windows NT BASE API Client DLL
36	d88.d8c: \SystemRoot\System32\KernelBase.dll:
37	d88.d8c: CreationTime: 2015-06-30T18:24:53.060504000Z
38	d88.d8c: LastWriteTime: 2015-05-25T18:19:02.585000000Z
39	d88.d8c: ChangeTime: 2015-06-30T22:16:12.324282300Z
40	d88.d8c: FileAttributes: 0x20
41	d88.d8c: Size: 0x67c00
42	d88.d8c: NT Headers: 0xe8
43	d88.d8c: Timestamp: 0x556366fd
44	d88.d8c: Machine: 0x8664 - amd64
45	d88.d8c: Timestamp: 0x556366fd
46	d88.d8c: Image Version: 6.1
47	d88.d8c: SizeOfImage: 0x6c000 (442368)
48	d88.d8c: Resource Dir: 0x6a000 LB 0x530
49	d88.d8c: ProductName: Microsoft® Windows® Operating System
50	d88.d8c: ProductVersion: 6.1.7601.18869
51	d88.d8c: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
52	d88.d8c: FileDescription: Windows NT BASE API Client DLL
53	d88.d8c: \SystemRoot\System32\apisetschema.dll:
54	d88.d8c: CreationTime: 2015-06-30T18:24:52.124502300Z
55	d88.d8c: LastWriteTime: 2015-05-25T18:11:40.254000000Z
56	d88.d8c: ChangeTime: 2015-06-30T22:16:12.074681900Z
57	d88.d8c: FileAttributes: 0x20
58	d88.d8c: Size: 0x1a00
59	d88.d8c: NT Headers: 0xc0
60	d88.d8c: Timestamp: 0x55636622
61	d88.d8c: Machine: 0x8664 - amd64
62	d88.d8c: Timestamp: 0x55636622
63	d88.d8c: Image Version: 6.1
64	d88.d8c: SizeOfImage: 0x50000 (327680)
65	d88.d8c: Resource Dir: 0x30000 LB 0x3f8
66	d88.d8c: ProductName: Microsoft® Windows® Operating System
67	d88.d8c: ProductVersion: 6.1.7601.18869
68	d88.d8c: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
69	d88.d8c: FileDescription: ApiSet Schema DLL
70	d88.d8c: supR3HardenedWinFindAdversaries: 0x80
71	d88.d8c: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
72	d88.d8c: CreationTime: 2015-07-18T23:42:46.446818300Z
73	d88.d8c: LastWriteTime: 2015-07-27T17:41:10.541992700Z
74	d88.d8c: ChangeTime: 2015-07-27T17:41:10.541992700Z
75	d88.d8c: FileAttributes: 0x20
76	d88.d8c: Size: 0x1bcd8
77	d88.d8c: NT Headers: 0xe8
78	d88.d8c: Timestamp: 0x552c190f
79	d88.d8c: Machine: 0x8664 - amd64
80	d88.d8c: Timestamp: 0x552c190f
81	d88.d8c: Image Version: 6.1
82	d88.d8c: SizeOfImage: 0x21000 (135168)
83	d88.d8c: Resource Dir: 0x1f000 LB 0x3f0
84	d88.d8c: ProductName: Malwarebytes Anti-Malware
85	d88.d8c: ProductVersion: 0.2.22.0
86	d88.d8c: FileVersion: 0.2.22.0
87	d88.d8c: FileDescription: Malwarebytes Anti-Malware
88	d88.d8c: \SystemRoot\System32\drivers\mwac.sys:
89	d88.d8c: CreationTime: 2015-07-18T23:42:36.308030900Z
90	d88.d8c: LastWriteTime: 2015-06-18T08:48:04.000000000Z
91	d88.d8c: ChangeTime: 2015-07-18T23:43:21.166227100Z
92	d88.d8c: FileAttributes: 0x20
93	d88.d8c: Size: 0xf8d8
94	d88.d8c: NT Headers: 0xf8
95	d88.d8c: Timestamp: 0x53a0f42a
96	d88.d8c: Machine: 0x8664 - amd64
97	d88.d8c: Timestamp: 0x53a0f42a
98	d88.d8c: Image Version: 6.2
99	d88.d8c: SizeOfImage: 0x12000 (73728)
100	d88.d8c: Resource Dir: 0x10000 LB 0x3e0
101	d88.d8c: ProductName: Malwarebytes Web Access Control
102	d88.d8c: ProductVersion: 1.0.6.0
103	d88.d8c: FileVersion: 1.0.6.0
104	d88.d8c: FileDescription: Malwarebytes Web Access Control
105	d88.d8c: \SystemRoot\System32\drivers\mbamchameleon.sys:
106	d88.d8c: CreationTime: 2015-07-18T23:42:36.315031800Z
107	d88.d8c: LastWriteTime: 2015-06-18T08:47:54.000000000Z
108	d88.d8c: ChangeTime: 2015-07-18T23:43:21.178228700Z
109	d88.d8c: FileAttributes: 0x20
110	d88.d8c: Size: 0x1aad8
111	d88.d8c: NT Headers: 0xd8
112	d88.d8c: Timestamp: 0x554cf757
113	d88.d8c: Machine: 0x8664 - amd64
114	d88.d8c: Timestamp: 0x554cf757
115	d88.d8c: Image Version: 6.1
116	d88.d8c: SizeOfImage: 0x1e000 (122880)
117	d88.d8c: Resource Dir: 0x1c000 LB 0xbd8
118	d88.d8c: ProductName: Malwarebytes Chameleon
119	d88.d8c: ProductVersion: 1.1.20.0
120	d88.d8c: FileVersion: 1.1.20.0
121	d88.d8c: FileDescription: Malwarebytes Chameleon Protection Driver
122	d88.d8c: \SystemRoot\System32\drivers\mbam.sys:
123	d88.d8c: CreationTime: 2015-07-18T23:42:36.304030400Z
124	d88.d8c: LastWriteTime: 2015-06-18T08:47:50.000000000Z
125	d88.d8c: ChangeTime: 2015-07-18T23:43:21.159226300Z
126	d88.d8c: FileAttributes: 0x20
127	d88.d8c: Size: 0x64d8
128	d88.d8c: NT Headers: 0xd8
129	d88.d8c: Timestamp: 0x540754e1
130	d88.d8c: Machine: 0x8664 - amd64
131	d88.d8c: Timestamp: 0x540754e1
132	d88.d8c: Image Version: 6.1
133	d88.d8c: SizeOfImage: 0xa000 (40960)
134	d88.d8c: Resource Dir: 0x8000 LB 0x3d0
135	d88.d8c: ProductName: Malwarebytes Anti-Malware
136	d88.d8c: ProductVersion: 0.1.15.0
137	d88.d8c: FileVersion: 0.1.15.0
138	d88.d8c: FileDescription: Malwarebytes Anti-Malware
139	d88.d8c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
140	d88.d8c: Calling main()
141	d88.d8c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
142	d88.d8c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
143	d88.d8c: SUPR3HardenedMain: Respawn #1
144	d88.d8c: System32: \Device\HarddiskVolume2\Windows\System32
145	d88.d8c: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
146	d88.d8c: KnownDllPath: C:\Windows\system32
147	d88.d8c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
148	d88.d8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
149	d88.d8c: supR3HardNtEnableThreadCreation:
150	d88.d8c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007784b780 pvNtTerminateThread=000000007786e0e0
151	d88.d8c: supR3HardenedWinDoReSpawn(1): New child d90.d94 [kernel32].
152	d88.d8c: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd4000 cbPeb=0x380
153	d88.d8c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077820000 uNtDllChildAddr=0000000077820000
154	d88.d8c: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007784b780
155	d88.d8c: supR3HardenedWinSetupChildInit: Start child.
156	d88.d8c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
157	d88.d8c: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 33 sleeps
158	d88.d8c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
159	d88.d8c: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
160	d88.d8c: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
161	d88.d8c: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
162	d88.d8c: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
163	d88.d8c: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
164	d88.d8c: 0000000000041000-0000000000001fff 0x0001/0x0000 0x0000000
165	d88.d8c: *0000000000080000-fffffffffff83fff 0x0000/0x0004 0x0020000
166	d88.d8c: 000000000017c000-0000000000178fff 0x0104/0x0004 0x0020000
167	d88.d8c: 000000000017f000-000000000017dfff 0x0004/0x0004 0x0020000
168	d88.d8c: 0000000000180000-ffffffff88adffff 0x0001/0x0000 0x0000000
169	d88.d8c: *0000000077820000-0000000077820fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
170	d88.d8c: 0000000077821000-000000007791efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
171	d88.d8c: 000000007791f000-000000007794dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
172	d88.d8c: 000000007794e000-0000000077955fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
173	d88.d8c: 0000000077956000-0000000077956fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
174	d88.d8c: 0000000077957000-0000000077959fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
175	d88.d8c: 000000007795a000-00000000779c8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
176	d88.d8c: 00000000779c9000-00000000703b1fff 0x0001/0x0000 0x0000000
177	d88.d8c: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
178	d88.d8c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
179	d88.d8c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
180	d88.d8c: 000000007fff0000-ffffffffc045ffff 0x0001/0x0000 0x0000000
181	d88.d8c: *000000013fb80000-000000013fb80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
182	d88.d8c: 000000013fb81000-000000013fc07fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
183	d88.d8c: 000000013fc08000-000000013fc08fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
184	d88.d8c: 000000013fc09000-000000013fc53fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
185	d88.d8c: 000000013fc54000-000000013fc54fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
186	d88.d8c: 000000013fc55000-000000013fc55fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
187	d88.d8c: 000000013fc56000-000000013fc5afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
188	d88.d8c: 000000013fc5b000-000000013fc5bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
189	d88.d8c: 000000013fc5c000-000000013fc5cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
190	d88.d8c: 000000013fc5d000-000000013fc60fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
191	d88.d8c: 000000013fc61000-000000013fcabfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
192	d88.d8c: 000000013fcac000-fffff8037fe17fff 0x0001/0x0000 0x0000000
193	d88.d8c: *000007feffb40000-000007feffb40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
194	d88.d8c: 000007feffb41000-000007fdff6d1fff 0x0001/0x0000 0x0000000
195	d88.d8c: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
196	d88.d8c: 000007fffffd3000-000007fffffd1fff 0x0001/0x0000 0x0000000
197	d88.d8c: *000007fffffd4000-000007fffffd2fff 0x0004/0x0004 0x0020000
198	d88.d8c: 000007fffffd5000-000007fffffcbfff 0x0001/0x0000 0x0000000
199	d88.d8c: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
200	d88.d8c: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
201	d88.d8c: apisetschema.dll: timestamp 0x55636622 (rc=VINF_SUCCESS)
202	d88.d8c: VirtualBox.exe: timestamp 0x564221d3 (rc=VINF_SUCCESS)
203	d88.d8c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
204	d88.d8c: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
205	d88.d8c: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
206	d88.d8c: supR3HardNtChildPurify: Done after 546 ms and 0 fixes (loop #0).
207	d90.d94: Log file opened: 5.0.10r104061 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
208	d90.d94: supR3HardenedVmProcessInit: uNtDllAddr=0000000077820000
209	d90.d94: ntdll.dll: timestamp 0x556366f2 (rc=VINF_SUCCESS)
210	d90.d94: New simple heap: #1 0000000000280000 LB 0x400000 (for 1740800 allocation)
211	d88.d8c: supR3HardNtEnableThreadCreation:
212	d90.d94: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
213	d90.d94: System32: \Device\HarddiskVolume2\Windows\System32
214	d90.d94: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
215	d90.d94: KnownDllPath: C:\Windows\system32
216	d90.d94: supR3HardenedVmProcessInit: Opening vboxdrv stub...
217	d90.d94: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
218	d90.d94: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
219	d90.d94: Registered Dll notification callback with NTDLL.
220	d90.d94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
221	d90.d94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
222	d90.d94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
223	d90.d94: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
224	d90.d94: supR3HardenedDllNotificationCallback: load 0000000077700000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
225	d90.d94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
226	d90.d94: supR3HardenedDllNotificationCallback: load 000007fefd630000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
227	d90.d94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
228	d90.d94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
229	d90.d94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077700000 'C:\Windows\system32\kernel32.dll'
230	d90.d94: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007784b780 pvNtTerminateThread=000000007786e0e0
231	d88.d8c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 16 ms.
232	d90.d94: \SystemRoot\System32\ntdll.dll:
233	d90.d94: CreationTime: 2015-06-30T18:24:53.606504900Z
234	d90.d94: LastWriteTime: 2015-05-25T18:21:21.289963400Z
235	d90.d94: ChangeTime: 2015-06-30T22:16:12.090281900Z
236	d90.d94: FileAttributes: 0x20
237	d90.d94: Size: 0x1a61c0
238	d90.d94: NT Headers: 0xe0
239	d90.d94: Timestamp: 0x556366f2
240	d90.d94: Machine: 0x8664 - amd64
241	d90.d94: Timestamp: 0x556366f2
242	d90.d94: Image Version: 6.1
243	d90.d94: SizeOfImage: 0x1a9000 (1740800)
244	d90.d94: Resource Dir: 0x14d000 LB 0x5a028
245	d90.d94: ProductName: Microsoft® Windows® Operating System
246	d90.d94: ProductVersion: 6.1.7601.18869
247	d90.d94: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
248	d90.d94: FileDescription: NT Layer DLL
249	d90.d94: \SystemRoot\System32\kernel32.dll:
250	d90.d94: CreationTime: 2015-06-30T18:24:53.107304100Z
251	d90.d94: LastWriteTime: 2015-05-25T18:19:02.585000000Z
252	d90.d94: ChangeTime: 2015-06-30T22:16:12.324282300Z
253	d90.d94: FileAttributes: 0x20
254	d90.d94: Size: 0x11be00
255	d90.d94: NT Headers: 0xe8
256	d90.d94: Timestamp: 0x556366fc
257	d90.d94: Machine: 0x8664 - amd64
258	d90.d94: Timestamp: 0x556366fc
259	d90.d94: Image Version: 6.1
260	d90.d94: SizeOfImage: 0x11f000 (1175552)
261	d90.d94: Resource Dir: 0x116000 LB 0x528
262	d90.d94: ProductName: Microsoft® Windows® Operating System
263	d90.d94: ProductVersion: 6.1.7601.18869
264	d90.d94: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
265	d90.d94: FileDescription: Windows NT BASE API Client DLL
266	d90.d94: \SystemRoot\System32\KernelBase.dll:
267	d90.d94: CreationTime: 2015-06-30T18:24:53.060504000Z
268	d90.d94: LastWriteTime: 2015-05-25T18:19:02.585000000Z
269	d90.d94: ChangeTime: 2015-06-30T22:16:12.324282300Z
270	d90.d94: FileAttributes: 0x20
271	d90.d94: Size: 0x67c00
272	d90.d94: NT Headers: 0xe8
273	d90.d94: Timestamp: 0x556366fd
274	d90.d94: Machine: 0x8664 - amd64
275	d90.d94: Timestamp: 0x556366fd
276	d90.d94: Image Version: 6.1
277	d90.d94: SizeOfImage: 0x6c000 (442368)
278	d90.d94: Resource Dir: 0x6a000 LB 0x530
279	d90.d94: ProductName: Microsoft® Windows® Operating System
280	d90.d94: ProductVersion: 6.1.7601.18869
281	d90.d94: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
282	d90.d94: FileDescription: Windows NT BASE API Client DLL
283	d90.d94: \SystemRoot\System32\apisetschema.dll:
284	d90.d94: CreationTime: 2015-06-30T18:24:52.124502300Z
285	d90.d94: LastWriteTime: 2015-05-25T18:11:40.254000000Z
286	d90.d94: ChangeTime: 2015-06-30T22:16:12.074681900Z
287	d90.d94: FileAttributes: 0x20
288	d90.d94: Size: 0x1a00
289	d90.d94: NT Headers: 0xc0
290	d90.d94: Timestamp: 0x55636622
291	d90.d94: Machine: 0x8664 - amd64
292	d90.d94: Timestamp: 0x55636622
293	d90.d94: Image Version: 6.1
294	d90.d94: SizeOfImage: 0x50000 (327680)
295	d90.d94: Resource Dir: 0x30000 LB 0x3f8
296	d90.d94: ProductName: Microsoft® Windows® Operating System
297	d90.d94: ProductVersion: 6.1.7601.18869
298	d90.d94: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
299	d90.d94: FileDescription: ApiSet Schema DLL
300	d90.d94: supR3HardenedWinFindAdversaries: 0x80
301	d90.d94: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
302	d90.d94: CreationTime: 2015-07-18T23:42:46.446818300Z
303	d90.d94: LastWriteTime: 2015-07-27T17:41:10.541992700Z
304	d90.d94: ChangeTime: 2015-07-27T17:41:10.541992700Z
305	d90.d94: FileAttributes: 0x20
306	d90.d94: Size: 0x1bcd8
307	d90.d94: NT Headers: 0xe8
308	d90.d94: Timestamp: 0x552c190f
309	d90.d94: Machine: 0x8664 - amd64
310	d90.d94: Timestamp: 0x552c190f
311	d90.d94: Image Version: 6.1
312	d90.d94: SizeOfImage: 0x21000 (135168)
313	d90.d94: Resource Dir: 0x1f000 LB 0x3f0
314	d90.d94: ProductName: Malwarebytes Anti-Malware
315	d90.d94: ProductVersion: 0.2.22.0
316	d90.d94: FileVersion: 0.2.22.0
317	d90.d94: FileDescription: Malwarebytes Anti-Malware
318	d90.d94: \SystemRoot\System32\drivers\mwac.sys:
319	d90.d94: CreationTime: 2015-07-18T23:42:36.308030900Z
320	d90.d94: LastWriteTime: 2015-06-18T08:48:04.000000000Z
321	d90.d94: ChangeTime: 2015-07-18T23:43:21.166227100Z
322	d90.d94: FileAttributes: 0x20
323	d90.d94: Size: 0xf8d8
324	d90.d94: NT Headers: 0xf8
325	d90.d94: Timestamp: 0x53a0f42a
326	d90.d94: Machine: 0x8664 - amd64
327	d90.d94: Timestamp: 0x53a0f42a
328	d90.d94: Image Version: 6.2
329	d90.d94: SizeOfImage: 0x12000 (73728)
330	d90.d94: Resource Dir: 0x10000 LB 0x3e0
331	d90.d94: ProductName: Malwarebytes Web Access Control
332	d90.d94: ProductVersion: 1.0.6.0
333	d90.d94: FileVersion: 1.0.6.0
334	d90.d94: FileDescription: Malwarebytes Web Access Control
335	d90.d94: \SystemRoot\System32\drivers\mbamchameleon.sys:
336	d90.d94: CreationTime: 2015-07-18T23:42:36.315031800Z
337	d90.d94: LastWriteTime: 2015-06-18T08:47:54.000000000Z
338	d90.d94: ChangeTime: 2015-07-18T23:43:21.178228700Z
339	d90.d94: FileAttributes: 0x20
340	d90.d94: Size: 0x1aad8
341	d90.d94: NT Headers: 0xd8
342	d90.d94: Timestamp: 0x554cf757
343	d90.d94: Machine: 0x8664 - amd64
344	d90.d94: Timestamp: 0x554cf757
345	d90.d94: Image Version: 6.1
346	d90.d94: SizeOfImage: 0x1e000 (122880)
347	d90.d94: Resource Dir: 0x1c000 LB 0xbd8
348	d90.d94: ProductName: Malwarebytes Chameleon
349	d90.d94: ProductVersion: 1.1.20.0
350	d90.d94: FileVersion: 1.1.20.0
351	d90.d94: FileDescription: Malwarebytes Chameleon Protection Driver
352	d90.d94: \SystemRoot\System32\drivers\mbam.sys:
353	d90.d94: CreationTime: 2015-07-18T23:42:36.304030400Z
354	d90.d94: LastWriteTime: 2015-06-18T08:47:50.000000000Z
355	d90.d94: ChangeTime: 2015-07-18T23:43:21.159226300Z
356	d90.d94: FileAttributes: 0x20
357	d90.d94: Size: 0x64d8
358	d90.d94: NT Headers: 0xd8
359	d90.d94: Timestamp: 0x540754e1
360	d90.d94: Machine: 0x8664 - amd64
361	d90.d94: Timestamp: 0x540754e1
362	d90.d94: Image Version: 6.1
363	d90.d94: SizeOfImage: 0xa000 (40960)
364	d90.d94: Resource Dir: 0x8000 LB 0x3d0
365	d90.d94: ProductName: Malwarebytes Anti-Malware
366	d90.d94: ProductVersion: 0.1.15.0
367	d90.d94: FileVersion: 0.1.15.0
368	d90.d94: FileDescription: Malwarebytes Anti-Malware
369	d90.d94: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
370	d90.d94: Calling main()
371	d90.d94: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
372	d90.d94: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
373	d90.d94: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
374	d90.d94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
375	d90.d94: SUPR3HardenedMain: Respawn #2
376	d90.d94: supR3HardNtEnableThreadCreation:
377	d90.d94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
378	d90.d94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
379	d90.d94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
380	d90.d94: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
381	d90.d94: supR3HardenedDllNotificationCallback: load 000007fefd3d0000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
382	d90.d94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
383	d90.d94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3d0000 'C:\Windows\system32\apphelp.dll'
384	d90.d94: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007784b780 pvNtTerminateThread=000000007786e0e0
385	d90.d94: supR3HardenedWinDoReSpawn(2): New child d98.d9c [kernel32].
386	d90.d94: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
387	d90.d94: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077820000 uNtDllChildAddr=0000000077820000
388	d90.d94: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007784b780
389	d90.d94: supR3HardenedWinSetupChildInit: Start child.
390	d90.d94: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
391	d90.d94: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 33 sleeps
392	d90.d94: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
393	d90.d94: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
394	d90.d94: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
395	d90.d94: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
396	d90.d94: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
397	d90.d94: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
398	d90.d94: 0000000000041000-ffffffffffef1fff 0x0001/0x0000 0x0000000
399	d90.d94: *0000000000190000-0000000000093fff 0x0000/0x0004 0x0020000
400	d90.d94: 000000000028c000-0000000000288fff 0x0104/0x0004 0x0020000
401	d90.d94: 000000000028f000-000000000028dfff 0x0004/0x0004 0x0020000
402	d90.d94: 0000000000290000-ffffffff88cfffff 0x0001/0x0000 0x0000000
403	d90.d94: *0000000077820000-0000000077820fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
404	d90.d94: 0000000077821000-000000007791efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
405	d90.d94: 000000007791f000-000000007794dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
406	d90.d94: 000000007794e000-0000000077955fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
407	d90.d94: 0000000077956000-0000000077956fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
408	d90.d94: 0000000077957000-0000000077959fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
409	d90.d94: 000000007795a000-00000000779c8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
410	d90.d94: 00000000779c9000-00000000703b1fff 0x0001/0x0000 0x0000000
411	d90.d94: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
412	d90.d94: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
413	d90.d94: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
414	d90.d94: 000000007fff0000-ffffffffc045ffff 0x0001/0x0000 0x0000000
415	d90.d94: *000000013fb80000-000000013fb80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
416	d90.d94: 000000013fb81000-000000013fc07fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
417	d90.d94: 000000013fc08000-000000013fc08fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
418	d90.d94: 000000013fc09000-000000013fc53fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
419	d90.d94: 000000013fc54000-000000013fc54fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
420	d90.d94: 000000013fc55000-000000013fc55fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
421	d90.d94: 000000013fc56000-000000013fc5afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
422	d90.d94: 000000013fc5b000-000000013fc5bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
423	d90.d94: 000000013fc5c000-000000013fc5cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
424	d90.d94: 000000013fc5d000-000000013fc60fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
425	d90.d94: 000000013fc61000-000000013fcabfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
426	d90.d94: 000000013fcac000-fffff8037fe17fff 0x0001/0x0000 0x0000000
427	d90.d94: *000007feffb40000-000007feffb40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
428	d90.d94: 000007feffb41000-000007fdff6d1fff 0x0001/0x0000 0x0000000
429	d90.d94: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
430	d90.d94: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000
431	d90.d94: *000007fffffdd000-000007fffffdafff 0x0004/0x0004 0x0020000
432	d90.d94: *000007fffffdf000-000007fffffddfff 0x0004/0x0004 0x0020000
433	d90.d94: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
434	d90.d94: apisetschema.dll: timestamp 0x55636622 (rc=VINF_SUCCESS)
435	d90.d94: VirtualBox.exe: timestamp 0x564221d3 (rc=VINF_SUCCESS)
436	d90.d94: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
437	d90.d94: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
438	d90.d94: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
439	d90.d94: supR3HardNtChildPurify: Done after 546 ms and 0 fixes (loop #0).
440	d98.d9c: Log file opened: 5.0.10r104061 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
441	d98.d9c: supR3HardenedVmProcessInit: uNtDllAddr=0000000077820000
442	d98.d9c: ntdll.dll: timestamp 0x556366f2 (rc=VINF_SUCCESS)
443	d98.d9c: New simple heap: #1 0000000000290000 LB 0x400000 (for 1740800 allocation)
444	d90.d94: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000280000 LB 0x400000)
445	d90.d94: supR3HardNtEnableThreadCreation:
446	d98.d9c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
447	d98.d9c: System32: \Device\HarddiskVolume2\Windows\System32
448	d98.d9c: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
449	d98.d9c: KnownDllPath: C:\Windows\system32
450	d98.d9c: supR3HardenedVmProcessInit: Opening vboxdrv...
451	d98.d9c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
452	d98.d9c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
453	d98.d9c: Registered Dll notification callback with NTDLL.
454	d98.d9c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
455	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
456	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
457	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
458	d98.d9c: supR3HardenedDllNotificationCallback: load 0000000077700000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
459	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
460	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fefd630000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
461	d98.d9c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
462	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
463	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077700000 'C:\Windows\system32\kernel32.dll'
464	d98.d9c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007784b780 pvNtTerminateThread=000000007786e0e0
465	d90.d94: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 32 ms.
466	d98.d9c: \SystemRoot\System32\ntdll.dll:
467	d98.d9c: CreationTime: 2015-06-30T18:24:53.606504900Z
468	d98.d9c: LastWriteTime: 2015-05-25T18:21:21.289963400Z
469	d98.d9c: ChangeTime: 2015-06-30T22:16:12.090281900Z
470	d98.d9c: FileAttributes: 0x20
471	d98.d9c: Size: 0x1a61c0
472	d98.d9c: NT Headers: 0xe0
473	d98.d9c: Timestamp: 0x556366f2
474	d98.d9c: Machine: 0x8664 - amd64
475	d98.d9c: Timestamp: 0x556366f2
476	d98.d9c: Image Version: 6.1
477	d98.d9c: SizeOfImage: 0x1a9000 (1740800)
478	d98.d9c: Resource Dir: 0x14d000 LB 0x5a028
479	d98.d9c: ProductName: Microsoft® Windows® Operating System
480	d98.d9c: ProductVersion: 6.1.7601.18869
481	d98.d9c: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
482	d98.d9c: FileDescription: NT Layer DLL
483	d98.d9c: \SystemRoot\System32\kernel32.dll:
484	d98.d9c: CreationTime: 2015-06-30T18:24:53.107304100Z
485	d98.d9c: LastWriteTime: 2015-05-25T18:19:02.585000000Z
486	d98.d9c: ChangeTime: 2015-06-30T22:16:12.324282300Z
487	d98.d9c: FileAttributes: 0x20
488	d98.d9c: Size: 0x11be00
489	d98.d9c: NT Headers: 0xe8
490	d98.d9c: Timestamp: 0x556366fc
491	d98.d9c: Machine: 0x8664 - amd64
492	d98.d9c: Timestamp: 0x556366fc
493	d98.d9c: Image Version: 6.1
494	d98.d9c: SizeOfImage: 0x11f000 (1175552)
495	d98.d9c: Resource Dir: 0x116000 LB 0x528
496	d98.d9c: ProductName: Microsoft® Windows® Operating System
497	d98.d9c: ProductVersion: 6.1.7601.18869
498	d98.d9c: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
499	d98.d9c: FileDescription: Windows NT BASE API Client DLL
500	d98.d9c: \SystemRoot\System32\KernelBase.dll:
501	d98.d9c: CreationTime: 2015-06-30T18:24:53.060504000Z
502	d98.d9c: LastWriteTime: 2015-05-25T18:19:02.585000000Z
503	d98.d9c: ChangeTime: 2015-06-30T22:16:12.324282300Z
504	d98.d9c: FileAttributes: 0x20
505	d98.d9c: Size: 0x67c00
506	d98.d9c: NT Headers: 0xe8
507	d98.d9c: Timestamp: 0x556366fd
508	d98.d9c: Machine: 0x8664 - amd64
509	d98.d9c: Timestamp: 0x556366fd
510	d98.d9c: Image Version: 6.1
511	d98.d9c: SizeOfImage: 0x6c000 (442368)
512	d98.d9c: Resource Dir: 0x6a000 LB 0x530
513	d98.d9c: ProductName: Microsoft® Windows® Operating System
514	d98.d9c: ProductVersion: 6.1.7601.18869
515	d98.d9c: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
516	d98.d9c: FileDescription: Windows NT BASE API Client DLL
517	d98.d9c: \SystemRoot\System32\apisetschema.dll:
518	d98.d9c: CreationTime: 2015-06-30T18:24:52.124502300Z
519	d98.d9c: LastWriteTime: 2015-05-25T18:11:40.254000000Z
520	d98.d9c: ChangeTime: 2015-06-30T22:16:12.074681900Z
521	d98.d9c: FileAttributes: 0x20
522	d98.d9c: Size: 0x1a00
523	d98.d9c: NT Headers: 0xc0
524	d98.d9c: Timestamp: 0x55636622
525	d98.d9c: Machine: 0x8664 - amd64
526	d98.d9c: Timestamp: 0x55636622
527	d98.d9c: Image Version: 6.1
528	d98.d9c: SizeOfImage: 0x50000 (327680)
529	d98.d9c: Resource Dir: 0x30000 LB 0x3f8
530	d98.d9c: ProductName: Microsoft® Windows® Operating System
531	d98.d9c: ProductVersion: 6.1.7601.18869
532	d98.d9c: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
533	d98.d9c: FileDescription: ApiSet Schema DLL
534	d98.d9c: supR3HardenedWinFindAdversaries: 0x80
535	d98.d9c: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
536	d98.d9c: CreationTime: 2015-07-18T23:42:46.446818300Z
537	d98.d9c: LastWriteTime: 2015-07-27T17:41:10.541992700Z
538	d98.d9c: ChangeTime: 2015-07-27T17:41:10.541992700Z
539	d98.d9c: FileAttributes: 0x20
540	d98.d9c: Size: 0x1bcd8
541	d98.d9c: NT Headers: 0xe8
542	d98.d9c: Timestamp: 0x552c190f
543	d98.d9c: Machine: 0x8664 - amd64
544	d98.d9c: Timestamp: 0x552c190f
545	d98.d9c: Image Version: 6.1
546	d98.d9c: SizeOfImage: 0x21000 (135168)
547	d98.d9c: Resource Dir: 0x1f000 LB 0x3f0
548	d98.d9c: ProductName: Malwarebytes Anti-Malware
549	d98.d9c: ProductVersion: 0.2.22.0
550	d98.d9c: FileVersion: 0.2.22.0
551	d98.d9c: FileDescription: Malwarebytes Anti-Malware
552	d98.d9c: \SystemRoot\System32\drivers\mwac.sys:
553	d98.d9c: CreationTime: 2015-07-18T23:42:36.308030900Z
554	d98.d9c: LastWriteTime: 2015-06-18T08:48:04.000000000Z
555	d98.d9c: ChangeTime: 2015-07-18T23:43:21.166227100Z
556	d98.d9c: FileAttributes: 0x20
557	d98.d9c: Size: 0xf8d8
558	d98.d9c: NT Headers: 0xf8
559	d98.d9c: Timestamp: 0x53a0f42a
560	d98.d9c: Machine: 0x8664 - amd64
561	d98.d9c: Timestamp: 0x53a0f42a
562	d98.d9c: Image Version: 6.2
563	d98.d9c: SizeOfImage: 0x12000 (73728)
564	d98.d9c: Resource Dir: 0x10000 LB 0x3e0
565	d98.d9c: ProductName: Malwarebytes Web Access Control
566	d98.d9c: ProductVersion: 1.0.6.0
567	d98.d9c: FileVersion: 1.0.6.0
568	d98.d9c: FileDescription: Malwarebytes Web Access Control
569	d98.d9c: \SystemRoot\System32\drivers\mbamchameleon.sys:
570	d98.d9c: CreationTime: 2015-07-18T23:42:36.315031800Z
571	d98.d9c: LastWriteTime: 2015-06-18T08:47:54.000000000Z
572	d98.d9c: ChangeTime: 2015-07-18T23:43:21.178228700Z
573	d98.d9c: FileAttributes: 0x20
574	d98.d9c: Size: 0x1aad8
575	d98.d9c: NT Headers: 0xd8
576	d98.d9c: Timestamp: 0x554cf757
577	d98.d9c: Machine: 0x8664 - amd64
578	d98.d9c: Timestamp: 0x554cf757
579	d98.d9c: Image Version: 6.1
580	d98.d9c: SizeOfImage: 0x1e000 (122880)
581	d98.d9c: Resource Dir: 0x1c000 LB 0xbd8
582	d98.d9c: ProductName: Malwarebytes Chameleon
583	d98.d9c: ProductVersion: 1.1.20.0
584	d98.d9c: FileVersion: 1.1.20.0
585	d98.d9c: FileDescription: Malwarebytes Chameleon Protection Driver
586	d98.d9c: \SystemRoot\System32\drivers\mbam.sys:
587	d98.d9c: CreationTime: 2015-07-18T23:42:36.304030400Z
588	d98.d9c: LastWriteTime: 2015-06-18T08:47:50.000000000Z
589	d98.d9c: ChangeTime: 2015-07-18T23:43:21.159226300Z
590	d98.d9c: FileAttributes: 0x20
591	d98.d9c: Size: 0x64d8
592	d98.d9c: NT Headers: 0xd8
593	d98.d9c: Timestamp: 0x540754e1
594	d98.d9c: Machine: 0x8664 - amd64
595	d98.d9c: Timestamp: 0x540754e1
596	d98.d9c: Image Version: 6.1
597	d98.d9c: SizeOfImage: 0xa000 (40960)
598	d98.d9c: Resource Dir: 0x8000 LB 0x3d0
599	d98.d9c: ProductName: Malwarebytes Anti-Malware
600	d98.d9c: ProductVersion: 0.1.15.0
601	d98.d9c: FileVersion: 0.1.15.0
602	d98.d9c: FileDescription: Malwarebytes Anti-Malware
603	d98.d9c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
604	d98.d9c: Calling main()
605	d98.d9c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
606	d98.d9c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
607	d98.d9c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
608	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
609	d98.d9c: SUPR3HardenedMain: Final process, opening VBoxDrv...
610	d98.d9c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000290000 LB 0x400000)
611	d98.d9c: supR3HardNtEnableThreadCreation:
612	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
613	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
614	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000693bf0:C:\Windows\system32 [calling]
615	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
616	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fefaee0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
617	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
618	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
619	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
620	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaee0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
621	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
622	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
623	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaee0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
624	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaee0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
625	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
626	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
627	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
628	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
629	d98.d9c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
630	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
631	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
632	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
633	d98.d9c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
634	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
635	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
636	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
637	d98.d9c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
638	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
639	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
640	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
641	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
642	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
643	d98.d9c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
644	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
645	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
646	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
647	d98.d9c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
648	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
649	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
650	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
651	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
652	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
653	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
654	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
655	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000693bf0:C:\Windows\system32 [calling]
656	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
657	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fefd7b0000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
658	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
659	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fefe400000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
660	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
661	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fefd7f0000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
662	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
663	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fefd5d0000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
664	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
665	d98.d9c: supR3HardenedDllNotificationCallback: load 000007feff250000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
666	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
667	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7b0000 'C:\Windows\system32\Wintrust.dll'
668	d98.d9c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
669	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
670	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006d8e20:C:\Windows\system32 [calling]
671	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
672	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fefcf20000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
673	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
674	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf20000 'C:\Windows\system32\bcrypt.dll'
675	d98.d9c: bcrypt.dll loaded at 000007fefcf20000, BCryptOpenAlgorithmProvider at 000007fefcf22640, preloading providers:
676	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
677	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
678	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
679	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
680	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
681	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
682	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
683	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
684	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
685	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
686	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
687	d98.d9c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
688	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
689	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
690	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
691	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
692	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
693	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
694	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
695	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
696	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
697	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fefca10000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
698	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
699	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fefe320000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
700	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
701	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
702	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
703	d98.d9c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
704	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
705	d98.d9c: supR3HardenedDllNotificationCallback: load 000007feff230000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
706	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
707	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca10000 'C:\Windows\system32\bcryptprimitives.dll'
708	d98.d9c: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000006da500)
709	d98.d9c: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000006dd3c0)
710	d98.d9c: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000006dd4e0)
711	d98.d9c: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000006dd6f0)
712	d98.d9c: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000006dd810)
713	d98.d9c: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000006dd930)
714	d98.d9c: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000006ddb70)
715	d98.d9c: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000006ddc90)
716	d98.d9c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
717	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
718	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
719	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
720	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
721	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
722	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
723	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
724	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
725	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
726	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fefcdd0000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
727	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
728	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcdd0000 'C:\Windows\system32\CRYPTSP.dll'
729	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
730	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
731	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
732	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
733	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
734	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
735	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
736	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
737	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fefcad0000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
738	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
739	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcad0000 'C:\Windows\system32\rsaenh.dll'
740	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
741	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
742	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe320000 'C:\Windows\system32\ADVAPI32.dll'
743	d98.d9c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
744	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
745	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
746	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
747	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fefd470000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
748	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
749	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd470000 'C:\Windows\system32\CRYPTBASE.dll'
750	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
751	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
752	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077700000 'C:\Windows\system32\kernel32.dll'
753	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
754	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
755	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7b0000 'C:\Windows\system32\WINTRUST.DLL'
756	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
757	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
758	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7f0000 'C:\Windows\system32\CRYPT32.dll'
759	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
760	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
761	d98.d9c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
762	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
763	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
764	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
765	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
766	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
767	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
768	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
769	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
770	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
771	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fefda60000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
772	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
773	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda60000 'C:\Windows\system32\imagehlp.dll'
774	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
775	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
776	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcdd0000 'C:\Windows\system32\CRYPTSP.dll'
777	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
778	d98.d9c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
779	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
780	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
781	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
782	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
783	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
784	d98.d9c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
785	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
786	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
787	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
788	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
789	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
790	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
791	d98.d9c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
792	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
793	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
794	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
795	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
796	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
797	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
798	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
799	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
800	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
801	d98.d9c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
802	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
803	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
804	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
805	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
806	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
807	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
808	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
809	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
810	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
811	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
812	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
813	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
814	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
815	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
816	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
817	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
818	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
819	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
820	d98.d9c: supR3HardenedDllNotificationCallback: load 0000000077600000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
821	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
822	d98.d9c: supR3HardenedDllNotificationCallback: load 000007feffac0000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
823	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
824	d98.d9c: supR3HardenedDllNotificationCallback: load 000007feff8d0000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
825	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
826	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fefd990000 LB 0x000c9000 C:\Windows\system32\USP10.dll [fFlags=0x0]
827	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
828	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
829	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
830	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffac0000 'C:\Windows\system32\gdi32.dll'
831	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
832	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
833	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
834	d98.d9c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
835	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
836	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
837	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
838	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
839	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
840	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
841	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
842	d98.d9c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
843	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
844	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
845	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
846	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
847	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
848	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
849	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
850	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
851	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
852	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
853	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
854	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
855	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
856	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
857	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
858	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
859	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
860	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
861	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
862	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
863	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
864	d98.d9c: supR3HardenedDllNotificationCallback: load 000007feff380000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
865	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
866	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fefda80000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
867	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
868	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff380000 'C:\Windows\system32\IMM32.DLL'
869	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077600000 'C:\Windows\system32\USER32.dll'
870	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
871	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
872	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
873	d98.d9c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
874	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
875	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
876	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
877	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
878	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
879	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
880	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
881	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
882	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
883	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
884	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
885	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
886	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fefcf50000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
887	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
888	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf50000 'C:\Windows\system32\ncrypt.dll'
889	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
890	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
891	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf20000 'C:\Windows\system32\bcrypt.dll'
892	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
893	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
894	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
895	d98.d9c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
896	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
897	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
898	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
899	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
900	d98.d9c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
901	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
902	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
903	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
904	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
905	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
906	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
907	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
908	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
909	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
910	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
911	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
912	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
913	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fefd970000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
914	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
915	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fefd5e0000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
916	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
917	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd970000 'C:\Windows\system32\USERENV.dll'
918	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
919	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff230000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
920	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
921	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff230000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
922	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
923	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
924	d98.d9c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
925	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
926	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
927	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
928	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
929	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
930	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
931	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
932	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
933	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
934	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fefc890000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
935	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
936	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc890000 'C:\Windows\system32\GPAPI.dll'
937	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
938	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff230000 'API-MS-WIN-Service-Management-L1-1-0.dll'
939	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
940	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
941	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff250000 'C:\Windows\system32\rpcrt4.dll'
942	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
943	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff230000 'API-MS-WIN-Service-Management-L2-1-0.dll'
944	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
945	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff230000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
946	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
947	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
948	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
949	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
950	d98.d9c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
951	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
952	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
953	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
954	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
955	d98.d9c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
956	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
957	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
958	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
959	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
960	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
961	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
962	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
963	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
964	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
965	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
966	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
967	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
968	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
969	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
970	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
971	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fefa110000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
972	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
973	d98.d9c: supR3HardenedDllNotificationCallback: load 000007feff4e0000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
974	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
975	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
976	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
977	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa110000 'C:\Windows\system32\cryptnet.dll'
978	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
979	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
980	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa110000 'C:\Windows\system32\cryptnet.dll'
981	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
982	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
983	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa110000 'C:\Windows\system32\cryptnet.dll'
984	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
985	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
986	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa110000 'C:\Windows\system32\cryptnet.dll'
987	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
988	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
989	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa110000 'C:\Windows\system32\cryptnet.dll'
990	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
991	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
992	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa110000 'C:\Windows\system32\cryptnet.dll'
993	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
994	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa110000 'C:\Windows\system32\cryptnet.dll'
995	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
996	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa110000 'C:\Windows\system32\cryptnet.dll'
997	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
998	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa110000 'C:\Windows\system32\cryptnet.dll'
999	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1000	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa110000 'C:\Windows\system32\cryptnet.dll'
1001	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1002	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa110000 'C:\Windows\system32\cryptnet.dll'
1003	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa110000 'C:\Windows\system32\cryptnet.dll'
1004	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1005	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa110000 'C:\Windows\system32\cryptnet.dll'
1006	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1007	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff230000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1008	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
1009	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1010	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5e0000 'C:\Windows\system32\profapi.dll'
1011	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1012	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1013	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
1014	d98.d9c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
1015	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1016	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1017	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1018	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1019	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1020	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1021	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1022	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1023	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1024	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1025	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1026	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1027	d98.d9c: supR3HardenedDllNotificationCallback: load 000007feff3b0000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
1028	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1029	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff3b0000 'C:\Windows\system32\SHLWAPI.dll'
1030	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
1031	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000006de810
1032	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1033	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EDC3F71C5551972E1510D1BCC6D436D5B6B426E8
1034	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1035	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff230000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1036	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1037	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff230000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1038	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1039	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff230000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
1040	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1041	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1042	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe320000 'C:\Windows\system32\ADVAPI32.dll'
1043	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1044	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff230000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1045	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1046	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff230000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1047	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\SystemRoot\System32\ntdll.dll'
1048	d98.d9c: g_pfnWinVerifyTrust=000007fefd7b1010
1049	d98.d9c: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
1050	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
1051	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1052	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1053	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BFD41401EDEBD4D914977D62B588ECABEE60CFD3
1054	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_112_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1055	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1056	d98.d9c: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1057	d98.d9c: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
1058	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
1059	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1060	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1061	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E1BBE4EB6D114F50142F24E2E2749EFD81021486
1062	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1063	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1064	d98.d9c: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1065	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000038c pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1066	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1067	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1068	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
1069	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1070	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1071	d98.d9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1072	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000380 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
1073	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1074	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1075	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
1076	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1077	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1078	d98.d9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1079	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000037c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1080	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1081	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1082	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=756DC088EE40CF9369C990D71B200F3CB59FC35D
1083	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1084	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1085	d98.d9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1086	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000258 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
1087	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1088	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1089	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
1090	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1091	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1092	d98.d9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1093	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c4 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
1094	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1095	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1096	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
1097	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1098	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1099	d98.d9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1100	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c0 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
1101	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1102	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1103	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
1104	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1105	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1106	d98.d9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1107	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001ac pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
1108	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1109	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1110	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B24A74F7868A1824679A2006F7E6D98D206BCD0A
1111	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1112	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1113	d98.d9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1114	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
1115	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1116	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1117	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03916BC73EE5A0E312E3D3100D0ACE1B78E93BB1
1118	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3033889~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1119	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1120	d98.d9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1121	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
1122	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1123	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1124	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
1125	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1126	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1127	d98.d9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1128	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
1129	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1130	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1131	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F1AA8340DE02FC1B6341EE2706E55D56EDF63B8
1132	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2957509~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1133	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1134	d98.d9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1135	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
1136	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1137	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1138	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A9BD2F77F6F16827206A18B4C9CB5FCFA62A60CF
1139	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3032323~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1140	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1141	d98.d9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1142	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
1143	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1144	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1145	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1707E74860DCBF0241835EF4A1E7C39B40ED3ACA
1146	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3046306~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1147	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1148	d98.d9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1149	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
1150	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1151	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1152	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B723D1B8AD72750B0CF5F6BEC66171B1254ED879
1153	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
1154	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1155	d98.d9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
1156	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
1157	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1158	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1159	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
1160	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1161	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1162	d98.d9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1163	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1164	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1165	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1166	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A965CC5DB13A5FB23BBB1B6B5FA6D400DC49462F
1167	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1168	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1169	d98.d9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1170	d98.d9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
1171	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000012c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
1172	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1173	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1174	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BA7AC4A7E8ADDFEA90AC951ECB6D6546E4873613
1175	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1176	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1177	d98.d9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1178	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
1179	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1180	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1181	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB669FA8DB80F8E50A29D055BB8D558E10E5E6B4
1182	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1183	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1184	d98.d9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1185	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
1186	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1187	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1188	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9BBB1FC4DED54F17702B287B63F8FE24EE5D7844
1189	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1190	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1191	d98.d9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1192	d98.d9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
1193	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
1194	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1195	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1196	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
1197	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1198	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1199	d98.d9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1200	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1201	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1202	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1203	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
1204	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1205	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1206	d98.d9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1207	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
1208	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1209	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1210	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
1211	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1212	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1213	d98.d9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1214	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1215	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1216	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1217	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03E871CFC4A3E7194619AFC99CEEA1EC75982D12
1218	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2978668~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1219	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1220	d98.d9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1221	d98.d9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1222	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1223	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1224	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1225	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FD34F960ED54F1FB26E76A32FB91273E3093869E
1226	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1227	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1228	d98.d9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1229	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
1230	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1231	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1232	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1C47BBB61CB0D4D781B3BEC602422D40A0784762
1233	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1234	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1235	d98.d9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1236	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1237	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000749540:C:\Windows\system32 [calling]
1238	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7f0000 'C:\Windows\system32\crypt32.dll'
1239	d98.d9c: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1240	d98.d9c: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1241	d98.d9c: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1242	d98.d9c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1243	d98.d9c: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1244	d98.d9c: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1245	d98.d9c: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1246	d98.d9c: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1247	d98.d9c: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1248	d98.d9c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1249	d98.d9c: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1250	d98.d9c: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1251	d98.d9c: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1252	d98.d9c: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1253	d98.d9c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1254	d98.d9c: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1255	d98.d9c: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, [email protected]
1256	d98.d9c: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1257	d98.d9c: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1258	d98.d9c: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1259	d98.d9c: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=20
1260	d98.d9c: SUPR3HardenedMain: Load Runtime...
1261	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1262	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1263	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1264	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1265	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1266	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1267	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1268	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1269	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1270	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1271	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1272	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000040c pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1273	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1274	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1275	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
1276	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
1277	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1278	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1279	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1280	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
1281	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
1282	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1283	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1284	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1285	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1286	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1287	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1288	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1289	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1290	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1291	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1292	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1293	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1294	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1295	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1296	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1297	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000438 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
1298	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1299	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1300	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
1301	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
1302	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1303	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
1304	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
1305	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1306	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1307	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1308	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1309	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1310	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1311	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000704870:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1312	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1313	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fef40b0000 LB 0x0055f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1314	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1315	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1316	d98.d9c: supR3HardenedDllNotificationCallback: load 0000000075080000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1317	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1318	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1319	d98.d9c: supR3HardenedDllNotificationCallback: load 0000000074fe0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1320	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1321	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fefe250000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
1322	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1323	d98.d9c: supR3HardenedDllNotificationCallback: load 000007feff4d0000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
1324	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
1325	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1326	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1327	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef40b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1328	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1329	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1330	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef40b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1331	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1332	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1333	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef40b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1334	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1335	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1336	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef40b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1337	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1338	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1339	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef40b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1340	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1341	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1342	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef40b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1343	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef40b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1344	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef40b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1345	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef40b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1346	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef40b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1347	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef40b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1348	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef40b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1349	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef40b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1350	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1351	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1352	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef40b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1353	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef40b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1354	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef40b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1355	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef40b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1356	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef40b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1357	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef40b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1358	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef40b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1359	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef40b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1360	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef40b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1361	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef40b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1362	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef40b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1363	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef40b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1364	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef40b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1365	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef40b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1366	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef40b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1367	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef40b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1368	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1369	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000694020:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1370	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef40b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1371	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef40b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1372	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef40b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1373	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef40b0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1374	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1375	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000749900:C:\Windows\system32 [calling]
1376	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7b0000 'C:\Windows\system32\Wintrust.dll'
1377	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1378	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000749900:C:\Windows\system32 [calling]
1379	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7f0000 'C:\Windows\system32\crypt32.dll'
1380	d98.d9c: SUPR3HardenedMain: Load TrustedMain...
1381	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1382	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1383	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1384	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1385	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1386	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
1387	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtopenglvbox4.dll'.
1388	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1389	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1390	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'advapi32.dll'.
1391	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'shell32.dll'.
1392	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ole32.dll'.
1393	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'oleaut32.dll'.
1394	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'comdlg32.dll'.
1395	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
1396	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
1397	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1398	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1399	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1400	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000480 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
1401	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1402	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1403	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
1404	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
1405	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1406	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1407	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1408	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
1409	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1410	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1411	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1412	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000460 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1413	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1414	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1415	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
1416	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
1417	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1418	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1419	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1420	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1421	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1422	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1423	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1424	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
1425	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1426	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1427	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1428	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000474 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1429	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1430	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1431	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8A837B0D823EB506C6A4C447C1962174D27ED954
1432	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3020338~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
1433	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1434	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1435	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1436	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1437	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1438	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1439	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
1440	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1441	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1442	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1443	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000048c pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
1444	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1445	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1446	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E64AE329BD5124592BC8CB0B327AA3B95DC65B7
1447	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
1448	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1449	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1450	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1451	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
1452	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1453	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
1454	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
1455	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1456	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1457	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000484 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
1458	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1459	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1460	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0ED534A13973A0F8A98CD4EDC6CBC56E0448E994
1461	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3039066~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
1462	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1463	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1464	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
1465	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1466	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1467	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
1468	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1469	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1470	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1471	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1472	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1473	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1474	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1475	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1476	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1477	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
1478	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
1479	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1480	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1481	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1482	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
1483	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1484	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1485	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust
1486	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1487	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1488	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1489	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1490	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
1491	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
1492	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1493	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1494	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1495	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1496	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1497	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
1498	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
1499	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
1500	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
1501	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
1502	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll) WinVerifyTrust
1503	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1504	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1505	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1506	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1507	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1508	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1509	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
1510	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1511	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1512	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll) WinVerifyTrust
1513	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1514	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1515	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1516	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1517	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1518	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1519	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1520	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1521	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1522	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1523	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1524	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c0 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1525	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1526	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1527	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
1528	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1529	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1530	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1531	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1532	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1533	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1534	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1535	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1536	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
1537	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1538	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1539	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1540	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1541	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1542	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c8 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
1543	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1544	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1545	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
1546	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
1547	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1548	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1549	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1550	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1551	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1552	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1553	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1554	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
1555	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1556	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1557	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1558	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b8 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
1559	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1560	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1561	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
1562	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
1563	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1564	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1565	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1566	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1567	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
1568	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1569	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1570	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1571	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1572	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1573	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1574	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1575	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1576	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1577	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1578	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1579	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1580	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1581	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1582	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1583	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1584	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1585	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1586	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1587	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1588	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1589	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1590	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1591	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1592	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1593	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1594	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1595	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1596	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1597	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1598	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1599	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1600	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1601	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1602	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1603	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1604	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1605	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1606	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1607	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1608	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1609	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1610	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1611	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1612	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1613	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1614	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c4 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
1615	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1616	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1617	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
1618	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
1619	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1620	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1621	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1622	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1623	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust
1624	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
1625	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1626	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1627	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1628	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1629	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1630	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1631	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1632	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1633	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1634	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1635	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1636	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1637	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1638	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1639	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1640	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1641	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1642	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1643	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1644	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1645	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1646	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1647	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1648	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1649	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1650	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1651	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1652	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1653	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1654	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1655	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1656	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1657	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1658	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1659	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1660	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1661	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1662	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1663	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1664	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1665	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1666	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1667	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1668	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1669	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1670	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1671	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1672	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1673	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1674	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1675	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1676	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1677	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1678	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1679	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1680	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1681	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1682	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1683	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1684	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1685	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1686	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1687	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1688	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1689	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d4 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
1690	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1691	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1692	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
1693	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
1694	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1695	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1696	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1697	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1698	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
1699	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
1700	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1701	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1702	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1703	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1704	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1705	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1706	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1707	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1708	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1709	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1710	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1711	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1712	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1713	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1714	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1715	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1716	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1717	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1718	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1719	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1720	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1721	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1722	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1723	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1724	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1725	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1726	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1727	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1728	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1729	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1730	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1731	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1732	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1733	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
1734	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
1735	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000498 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1736	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1737	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1738	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C408F88301F22BE596490B4A80BD2E09034763B4
1739	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3048761~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
1740	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1741	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1742	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1743	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1744	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
1745	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1746	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1747	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1748	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b0 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
1749	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1750	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1751	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
1752	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
1753	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1754	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
1755	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
1756	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
1757	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1758	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1759	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
1760	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
1761	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
1762	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1763	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1764	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1765	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1766	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1767	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e4 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
1768	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1769	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1770	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8C17410BD716DCF557221B982F7A015B5B6AC2B4
1771	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3032323~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
1772	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1773	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1774	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1775	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1776	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
1777	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1778	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1779	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1780	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1781	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1782	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1783	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1784	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1785	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1786	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1787	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1788	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
1789	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
1790	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ec pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
1791	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1792	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1793	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
1794	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
1795	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1796	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1797	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
1798	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
1799	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
1800	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1801	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1802	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1803	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1804	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1805	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1806	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1807	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1808	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1809	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1810	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1811	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1812	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1813	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e0 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1814	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1815	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1816	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
1817	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
1818	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1819	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1820	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
1821	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1822	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) WinVerifyTrust
1823	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1824	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1825	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1826	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1827	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1828	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1829	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1830	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1831	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1832	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1833	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1834	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1835	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1836	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1837	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1838	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1839	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1840	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1841	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000704870:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1842	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1843	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fef2850000 LB 0x00abb000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
1844	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1845	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1846	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fef3f90000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
1847	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1848	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1849	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fef4680000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
1850	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1851	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1852	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fef3e90000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
1853	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1854	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1855	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fef4e40000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
1856	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1857	d98.d9c: supR3HardenedDllNotificationCallback: load 000007feff8e0000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
1858	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1859	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fefd6a0000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1860	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1861	d98.d9c: supR3HardenedDllNotificationCallback: load 000007feff540000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1862	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1863	d98.d9c: supR3HardenedDllNotificationCallback: load 000007feff6c0000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1864	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1865	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fefd6e0000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1866	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
1867	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1868	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fefba20000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
1869	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1870	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1871	d98.d9c: supR3HardenedDllNotificationCallback: load 0000000074d00000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
1872	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1873	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1874	d98.d9c: supR3HardenedDllNotificationCallback: load 0000000074390000 LB 0x0096c000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
1875	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1876	d98.d9c: supR3HardenedDllNotificationCallback: load 000007feff620000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
1877	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1878	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1879	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1880	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1881	d98.d9c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
1882	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
1883	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fef8140000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
1884	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
1885	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fefe4a0000 LB 0x00d89000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
1886	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1887	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1888	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fefb6b0000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
1889	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1890	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
1891	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fef8480000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
1892	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
1893	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1894	d98.d9c: supR3HardenedDllNotificationCallback: load 00000000742b0000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
1895	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1896	d98.d9c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
1897	d98.d9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
1898	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1899	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1900	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1901	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1902	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1903	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1904	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1905	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000704b40:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1906	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff380000 'C:\Windows\system32\imm32.dll'
1907	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2850000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
1908	d98.d9c: SUPR3HardenedMain: Calling TrustedMain (000007fef28510d0)...
1909	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1910	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000704870:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1911	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6b0000 'C:\Windows\system32\winmm.dll'
1912	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000584 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1913	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1914	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1915	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
1916	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
1917	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1918	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1919	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1920	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
1921	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
1922	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1923	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1924	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1925	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1926	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1927	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1928	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1929	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000292c740:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1930	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1931	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fefbe50000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
1932	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1933	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe50000 'C:\Windows\system32\uxtheme.dll'
1934	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1935	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000292c740:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1936	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe50000 'C:\Windows\system32\uxtheme.dll'
1937	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1938	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000292d450:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1939	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe50000 'C:\Windows\system32\uxtheme.dll'
1940	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1941	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000292d450:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1942	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe50000 'C:\Windows\system32\uxtheme.dll'
1943	d98.d9c: \Device\HarddiskVolume2\Program Files (x86)\TeamViewer\tv_x64.dll: Owner is administrators group.
1944	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'version.dll'.
1945	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comctl32.dll'.
1946	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1947	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1948	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'shell32.dll'.
1949	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1950	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files (x86)\TeamViewer\tv_x64.dll) WinVerifyTrust
1951	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files (x86)\TeamViewer\tv_x64.dll
1952	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1953	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1954	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1955	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1956	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1957	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1958	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1959	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1960	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1961	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1962	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1963	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1964	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comctl32.dll
1965	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
1966	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
1967	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005a8 pwszName=\Device\HarddiskVolume2\Windows\System32\version.dll
1968	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
1969	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
1970	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A3AB94A028D0330A3DBCAE54C04C648532198DB9
1971	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\version.dll'
1972	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1973	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1974	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\version.dll) WinVerifyTrust
1975	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll
1976	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1977	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1978	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1979	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\TeamViewer\tv_x64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007275c0:C:\Program Files (x86)\TeamViewer;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1980	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\TeamViewer\tv_x64.dll
1981	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fef6ca0000 LB 0x00048000 C:\Program Files (x86)\TeamViewer\tv_x64.dll [fFlags=0x0]
1982	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\TeamViewer\tv_x64.dll
1983	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
1984	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fefc6c0000 LB 0x0000c000 C:\Windows\system32\VERSION.dll [fFlags=0x0]
1985	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
1986	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6ca0000 'C:\Program Files (x86)\TeamViewer\tv_x64.dll'
1987	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe320000 'C:\Windows\system32\advapi32.dll'
1988	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1989	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000704870:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1990	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefba20000 'C:\Windows\system32\dwmapi.dll'
1991	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1992	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000704870:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1993	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd470000 'C:\Windows\system32\CRYPTBASE.dll'
1994	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1995	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000704870:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1996	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4a0000 'C:\Windows\system32\shell32.dll'
1997	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1998	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000704870:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1999	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077700000 'C:\Windows\system32\kernel32.dll'
2000	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2001	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000704870:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2002	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe50000 'C:\Windows\system32\uxtheme.dll'
2003	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2004	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000704870:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2005	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe50000 'C:\Windows\system32\uxtheme.dll'
2006	d98.d9c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
2007	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000704870:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2008	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
2009	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077600000 'C:\Windows\system32\user32.dll'
2010	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2011	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000704870:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2012	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe50000 'C:\Windows\system32\uxtheme.dll'
2013	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077600000 'C:\Windows\system32\user32.dll'
2014	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe320000 'C:\Windows\system32\advapi32.dll'
2015	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
2016	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000704870:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2017	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd970000 'C:\Windows\system32\userenv.dll'
2018	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2019	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000704870:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2020	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077700000 'C:\Windows\system32\kernel32.dll'
2021	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000620 pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2022	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
2023	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
2024	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
2025	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
2026	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2027	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2028	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2029	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2030	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2031	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2032	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2033	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) WinVerifyTrust
2034	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2035	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2036	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2037	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2038	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2039	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2040	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2041	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2042	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2043	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2044	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2045	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2046	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2047	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2048	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2049	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000704870:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2050	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2051	d98.d9c: supR3HardenedDllNotificationCallback: load 000007feff430000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
2052	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2053	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff430000 'C:\Windows\system32\CLBCatQ.DLL'
2054	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2055	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000704ea0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2056	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe320000 'C:\Windows\system32\ADVAPI32.dll'
2057	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
2058	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000704b40:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2059	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcdd0000 'C:\Windows\system32\CRYPTSP.dll'
2060	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000640 pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2061	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
2062	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
2063	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
2064	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
2065	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2066	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
2067	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
2068	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2069	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2070	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2071	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000704b40:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2072	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2073	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fefd520000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
2074	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2075	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd520000 'C:\Windows\system32\RpcRtRemote.dll'
2076	d98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2077	d98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2078	d98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'psapi.dll'.
2079	d98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
2080	d98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2081	d98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'version.dll'.
2082	d98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
2083	d98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
2084	d98.e30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
2085	d98.e30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
2086	d98.e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2087	d98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2088	d98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2089	d98.e30: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2090	d98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2091	d98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2092	d98.e30: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2093	d98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2094	d98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2095	d98.e30: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2096	d98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
2097	d98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
2098	d98.e30: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
2099	d98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2100	d98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2101	d98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2102	d98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2103	d98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
2104	d98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
2105	d98.e30: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000680 pwszName=\Device\HarddiskVolume2\Windows\System32\psapi.dll
2106	d98.e30: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
2107	d98.e30: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
2108	d98.e30: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=561BAAB249C395B66D294444DF251EDB701DB607
2109	d98.e30: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\psapi.dll'
2110	d98.e30: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2111	d98.e30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\psapi.dll) WinVerifyTrust
2112	d98.e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\psapi.dll
2113	d98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2114	d98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2115	d98.e30: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2116	d98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2117	d98.e30: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2118	d98.e30: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
2119	d98.e30: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000727900:C:\Program Files\Oracle\VirtualBox;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2120	d98.e30: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2121	d98.e30: supR3HardenedDllNotificationCallback: load 000007fef1460000 LB 0x005d7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
2122	d98.e30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2123	d98.e30: supR3HardenedDllNotificationCallback: load 00000000779e0000 LB 0x00007000 C:\Windows\system32\PSAPI.DLL [fFlags=0x0]
2124	d98.e30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\psapi.dll
2125	d98.e30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1460000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
2126	d98.e30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2127	d98.e30: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000292d500:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2128	d98.e30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff540000 'C:\Windows\system32\oleaut32.dll'
2129	d98.e30: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006a4 pwszName=\Device\HarddiskVolume2\Windows\System32\sxs.dll
2130	d98.e30: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
2131	d98.e30: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
2132	d98.e30: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FCAC019C19F878C2B628662A84ECE75A01818BC9
2133	d98.e30: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\sxs.dll'
2134	d98.e30: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2135	d98.e30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sxs.dll) WinVerifyTrust
2136	d98.e30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sxs.dll
2137	d98.e30: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SXS.DLL (Input=SXS.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007053b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2138	d98.e30: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
2139	d98.e30: supR3HardenedDllNotificationCallback: load 000007fefd480000 LB 0x00091000 C:\Windows\system32\SXS.DLL [fFlags=0x0]
2140	d98.e30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
2141	d98.e30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd480000 'C:\Windows\system32\SXS.DLL'
2142	d98.e30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe320000 'C:\Windows\system32\ADVAPI32.dll'
2143	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2144	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007058c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2145	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff540000 'C:\Windows\system32\OLEAUT32.dll'
2146	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe320000 'C:\Windows\system32\ADVAPI32.dll'
2147	d98.d9c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
2148	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007058c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2149	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
2150	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffac0000 'C:\Windows\system32\gdi32.dll'
2151	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
2152	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\user32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705830:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2153	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077600000 'C:\Windows\system32\user32.dll'
2154	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2155	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705830:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2156	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4a0000 'C:\Windows\system32\shell32.dll'
2157	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a6c pwszName=\Device\HarddiskVolume2\Windows\System32\apphelp.dll
2158	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
2159	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
2160	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8FFB8CDACDC5C9C6D9256E97FB0710E2753FFAA1
2161	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3045645~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\apphelp.dll'
2162	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2163	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll) WinVerifyTrust
2164	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
2165	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
2166	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll
2167	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fefd3d0000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
2168	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll
2169	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3d0000 'C:\Windows\system32\apphelp.dll'
2170	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxoglhostcrutil.dll'.
2171	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2172	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
2173	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtcorevbox4.dll'.
2174	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtguivbox4.dll'.
2175	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtopenglvbox4.dll'.
2176	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'opengl32.dll'.
2177	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxTestOGL.exe)
2178	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxTestOGL.exe
2179	d98.d9c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxTestOGL.exe'
2180	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2181	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
2182	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
2183	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2184	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
2185	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
2186	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
2187	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
2188	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
2189	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
2190	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
2191	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
2192	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
2193	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2194	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2195	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2196	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2197	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
2198	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
2199	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2200	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2201	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
2202	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
2203	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll) WinVerifyTrust
2204	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
2205	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2206	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2207	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2208	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2209	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2210	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2211	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2212	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2213	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2214	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2215	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705830:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2216	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff6c0000 'C:\Windows\system32\ole32.dll'
2217	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2218	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007054d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2219	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4a0000 'C:\Windows\system32\shell32.dll'
2220	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2221	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007054d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2222	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4a0000 'C:\Windows\system32\shell32.dll'
2223	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff6c0000 'C:\Windows\system32\ole32.dll'
2224	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2225	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007054d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2226	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff540000 'C:\Windows\system32\OLEAUT32.dll'
2227	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ae0 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2228	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
2229	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
2230	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
2231	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
2232	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2233	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2234	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
2235	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2236	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2237	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
2238	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
2239	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
2240	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2241	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2242	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2243	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2244	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2245	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2246	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2247	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2248	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2249	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2250	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2251	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2252	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ae8 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2253	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
2254	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
2255	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
2256	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
2257	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2258	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2259	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
2260	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2261	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2262	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
2263	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
2264	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2265	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2266	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2267	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2268	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2269	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2270	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2271	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2272	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2273	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2274	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2275	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2276	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2277	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2278	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000032e4a30:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2279	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2280	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fef9670000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
2281	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2282	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2283	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fef9920000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
2284	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2285	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9670000 'C:\Windows\system32\wbem\wbemprox.dll'
2286	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b18 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2287	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
2288	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
2289	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
2290	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
2291	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2292	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2293	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2294	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
2295	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2296	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2297	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2298	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2299	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2300	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000032e4a30:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2301	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2302	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fef9190000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
2303	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2304	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9190000 'C:\Windows\system32\wbem\wbemsvc.dll'
2305	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b3c pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2306	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
2307	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
2308	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
2309	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
2310	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2311	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2312	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
2313	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
2314	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
2315	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2316	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
2317	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
2318	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2319	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
2320	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
2321	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b2c pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2322	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
2323	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
2324	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
2325	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll'
2326	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2327	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2328	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
2329	d98.d9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
2330	d98.d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll) WinVerifyTrust
2331	d98.d9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2332	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2333	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2334	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2335	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2336	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2337	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2338	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2339	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2340	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2341	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2342	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2343	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2344	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2345	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2346	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2347	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2348	d98.d9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2349	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2350	d98.d9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2351	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000032e4f70:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2352	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2353	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fef9750000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
2354	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2355	d98.d9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2356	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fef9720000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
2357	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2358	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9750000 'C:\Windows\system32\wbem\fastprox.dll'
2359	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff540000 'C:\Windows\system32\OLEAUT32.dll'
2360	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2361	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705560:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2362	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6b0000 'C:\Windows\system32\WINMM.dll'
2363	d98.e8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2364	d98.e8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
2365	d98.e8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2366	d98.e8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
2367	d98.e8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2368	d98.e8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2369	d98.e8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2370	d98.e8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
2371	d98.e8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
2372	d98.e8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
2373	d98.e8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2374	d98.e8c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
2375	d98.e8c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
2376	d98.e8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2377	d98.e8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2378	d98.e8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2379	d98.e8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2380	d98.e8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2381	d98.e8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2382	d98.e8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2383	d98.e8c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2384	d98.e8c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2385	d98.e8c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2386	d98.e8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705440:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2387	d98.e8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2388	d98.e8c: supR3HardenedDllNotificationCallback: load 000007feeeee0000 LB 0x0029c000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
2389	d98.e8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2390	d98.e8c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2391	d98.e8c: supR3HardenedDllNotificationCallback: load 0000000074130000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
2392	d98.e8c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2393	d98.e8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeeee0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2394	d98.ea8: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys: Owner is administrators group.
2395	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ndis.sys'.
2396	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ntoskrnl.exe'.
2397	d98.ea8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys)
2398	d98.ea8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys
2399	d98.ea8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys [avoiding WinVerifyTrust]
2400	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2401	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
2402	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
2403	d98.ea8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys)
2404	d98.ea8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys
2405	d98.ea8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys [avoiding WinVerifyTrust]
2406	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2407	d98.ea8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys)
2408	d98.ea8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys
2409	d98.ea8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys [avoiding WinVerifyTrust]
2410	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2411	d98.ea8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys)
2412	d98.ea8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys
2413	d98.ea8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys [avoiding WinVerifyTrust]
2414	d98.ecc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys'
2415	d98.ecc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys'
2416	d98.ecc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys'
2417	d98.ecc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys'
2418	d98.ecc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2419	d98.ecc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2420	d98.ecc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2421	d98.ecc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2422	d98.ecc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
2423	d98.ecc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2424	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2425	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2426	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2427	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2428	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2429	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2430	d98.ecc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2431	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2432	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2433	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2434	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2435	d98.ecc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'pshed.dll'.
2436	d98.ecc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2437	d98.ecc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'kdcom.dll'.
2438	d98.ecc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'clfs.sys'.
2439	d98.ecc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ci.dll'.
2440	d98.ecc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe) WinVerifyTrust
2441	d98.ecc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2442	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2443	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2444	d98.ecc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2445	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
2446	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
2447	d98.ecc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2448	d98.ecc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
2449	d98.ecc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msrpc.sys'.
2450	d98.ecc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys) WinVerifyTrust
2451	d98.ecc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\netio.sys
2452	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
2453	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
2454	d98.ecc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2455	d98.ecc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2456	d98.ecc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
2457	d98.ecc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys) WinVerifyTrust
2458	d98.ecc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys
2459	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2460	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2461	d98.ecc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2462	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2463	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2464	d98.ecc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2465	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
2466	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
2467	d98.ecc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys
2468	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
2469	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
2470	d98.ecc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\netio.sys
2471	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2472	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2473	d98.ecc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2474	d98.ecc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'kdcom.dll'.
2475	d98.ecc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'pshed.dll'.
2476	d98.ecc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\hal.dll) WinVerifyTrust
2477	d98.ecc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\hal.dll
2478	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2479	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2480	d98.ecc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2481	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
2482	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msrpc.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys' [rcNtRedir=0xc0150008]
2483	d98.ecc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2484	d98.ecc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys) WinVerifyTrust
2485	d98.ecc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys
2486	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
2487	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
2488	d98.ecc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys
2489	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2490	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2491	d98.ecc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2492	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ci.dll'...
2493	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ci.dll' -> '\Device\HarddiskVolume2\Windows\System32\ci.dll' [rcNtRedir=0xc0150008]
2494	d98.ecc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2495	d98.ecc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ci.dll) WinVerifyTrust
2496	d98.ecc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ci.dll
2497	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'clfs.sys'...
2498	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: 'clfs.sys' -> '\Device\HarddiskVolume2\Windows\System32\clfs.sys' [rcNtRedir=0xc0150008]
2499	d98.ecc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2500	d98.ecc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clfs.sys) WinVerifyTrust
2501	d98.ecc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clfs.sys
2502	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
2503	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume2\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
2504	d98.ecc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2505	d98.ecc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2506	d98.ecc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kdcom.dll) WinVerifyTrust
2507	d98.ecc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kdcom.dll
2508	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2509	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2510	d98.ecc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll
2511	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
2512	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume2\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
2513	d98.ecc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2514	d98.ecc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2515	d98.ecc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\PSHED.DLL) WinVerifyTrust
2516	d98.ecc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\PSHED.DLL
2517	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2518	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2519	d98.ecc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll
2520	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2521	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2522	d98.ecc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2523	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2524	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2525	d98.ecc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll
2526	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2527	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2528	d98.ecc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2529	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2530	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2531	d98.ecc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2532	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2533	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2534	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2535	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2536	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
2537	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume2\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
2538	d98.ecc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\PSHED.DLL
2539	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
2540	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume2\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
2541	d98.ecc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kdcom.dll
2542	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2543	d98.ecc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2544	d98.ecc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705440:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2545	d98.ecc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2546	d98.ecc: supR3HardenedDllNotificationCallback: load 000007fef86e0000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2547	d98.ecc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2548	d98.ecc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef86e0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2549	d98.ed4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2550	d98.ed4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2551	d98.ed4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2552	d98.ed4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
2553	d98.ed4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2554	d98.ed4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2555	d98.ed4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2556	d98.ed4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2557	d98.ed4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2558	d98.ed4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2559	d98.ed4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2560	d98.ed4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2561	d98.ed4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705440:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2562	d98.ed4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2563	d98.ed4: supR3HardenedDllNotificationCallback: load 000007fef86d0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2564	d98.ed4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2565	d98.ed4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef86d0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2566	d98.ea8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxTestOGL.exe
2567	d98.efc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2568	d98.efc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
2569	d98.efc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2570	d98.efc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxvmm.dll'.
2571	d98.efc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxoglrenderspu.dll'.
2572	d98.efc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
2573	d98.efc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'.
2574	d98.efc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'oleaut32.dll'.
2575	d98.efc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll) WinVerifyTrust
2576	d98.efc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
2577	d98.efc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2578	d98.efc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2579	d98.efc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2580	d98.efc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2581	d98.efc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2582	d98.efc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2583	d98.efc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglrenderspu.dll'...
2584	d98.efc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglrenderspu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglrenderspu.dll' [rcNtRedir=0xc0150008]
2585	d98.efc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2586	d98.efc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
2587	d98.efc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2588	d98.efc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2589	d98.efc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
2590	d98.efc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
2591	d98.efc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll) WinVerifyTrust
2592	d98.efc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
2593	d98.efc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2594	d98.efc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2595	d98.efc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2596	d98.efc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2597	d98.efc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2598	d98.efc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
2599	d98.efc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
2600	d98.efc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
2601	d98.efc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2602	d98.efc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2603	d98.efc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2604	d98.efc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2605	d98.efc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2606	d98.efc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2607	d98.efc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2608	d98.efc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2609	d98.efc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2610	d98.efc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2611	d98.efc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
2612	d98.efc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
2613	d98.efc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
2614	d98.efc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2615	d98.efc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2616	d98.efc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705440:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2617	d98.efc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
2618	d98.efc: supR3HardenedDllNotificationCallback: load 000007feeedb0000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL [fFlags=0x0]
2619	d98.efc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
2620	d98.efc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
2621	d98.efc: supR3HardenedDllNotificationCallback: load 000007feeed70000 LB 0x00034000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [fFlags=0x0]
2622	d98.efc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
2623	d98.efc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
2624	d98.efc: supR3HardenedDllNotificationCallback: load 000007fef8630000 LB 0x00028000 C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll [fFlags=0x0]
2625	d98.efc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
2626	d98.efc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeedb0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL'
2627	d98.efc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
2628	d98.efc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705440:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2629	d98.efc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8630000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll'
2630	d98.efc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2631	d98.efc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
2632	d98.efc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll) WinVerifyTrust
2633	d98.efc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
2634	d98.efc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
2635	d98.efc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
2636	d98.efc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
2637	d98.efc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2638	d98.efc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2639	d98.efc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
2640	d98.efc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705440:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2641	d98.efc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
2642	d98.efc: supR3HardenedDllNotificationCallback: load 000007fef13b0000 LB 0x0001a000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll [fFlags=0x0]
2643	d98.efc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
2644	d98.efc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef13b0000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll'
2645	d98.efc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2646	d98.efc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/opengl32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705440:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2647	d98.efc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2648	d98.efc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3f90000 'C:\Windows\system32/opengl32.dll'
2649	d98.efc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2650	d98.efc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000705440:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2651	d98.efc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3f90000 'C:\Windows\system32\OPENGL32.dll'
2652	d98.efc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffac0000 'C:\Windows\system32\gdi32.dll'
2653	d98.efc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffac0000 'C:\Windows\system32\gdi32.dll'
2654	d98.efc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3f90000 'C:\Windows\system32\OPENGL32.dll'
2655	d98.efc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3f90000 'C:\Windows\system32\OPENGL32.dll'
2656	d98.efc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3f90000 'C:\Windows\system32\OPENGL32.dll'
2657	d98.efc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3f90000 'C:\Windows\system32\OPENGL32.dll'
2658	d98.efc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3f90000 'C:\Windows\system32\OPENGL32.dll'
2659	d98.efc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3f90000 'C:\Windows\system32\OPENGL32.dll'
2660	d98.f04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2661	d98.f04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2662	d98.f04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2663	d98.f04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
2664	d98.f04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2665	d98.f04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2666	d98.f04: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2667	d98.f04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2668	d98.f04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2669	d98.f04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2670	d98.f04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2671	d98.f04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2672	d98.f04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000032db7d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2673	d98.f04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2674	d98.f04: supR3HardenedDllNotificationCallback: load 000007fef86c0000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
2675	d98.f04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2676	d98.f04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef86c0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
2677	d98.f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2678	d98.f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2679	d98.f0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2680	d98.f0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
2681	d98.f0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2682	d98.f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2683	d98.f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2684	d98.f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2685	d98.f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2686	d98.f0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2687	d98.f0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2688	d98.f0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000032db7d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2689	d98.f0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2690	d98.f0c: supR3HardenedDllNotificationCallback: load 000007feeed60000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
2691	d98.f0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2692	d98.f0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeed60000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
2693	d98.ea8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4a0000 'C:\Windows\system32/Shell32.dll'
2694	d98.ea8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff6c0000 'C:\Windows\system32\ole32.dll'
2695	d98.ea8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000032db7d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2696	d98.ea8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff230000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
2697	d98.ea8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
2698	d98.ea8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000032db7d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2699	d98.ea8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5e0000 'C:\Windows\system32\profapi.dll'
2700	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2701	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2702	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2703	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2704	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2705	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2706	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2707	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2708	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2709	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2710	d98.ea8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
2711	d98.ea8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2712	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2713	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2714	d98.ea8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e44 pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2715	d98.ea8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
2716	d98.ea8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
2717	d98.ea8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
2718	d98.ea8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
2719	d98.ea8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2720	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2721	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
2722	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
2723	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
2724	d98.ea8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
2725	d98.ea8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2726	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2727	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2728	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2729	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2730	d98.ea8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2731	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2732	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2733	d98.ea8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2734	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2735	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2736	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2737	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2738	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2739	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2740	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2741	d98.ea8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
2742	d98.ea8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2743	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2744	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
2745	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2746	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2747	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2748	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2749	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
2750	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
2751	d98.ea8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
2752	d98.ea8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2753	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2754	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2755	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2756	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2757	d98.ea8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2758	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2759	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2760	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2761	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2762	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
2763	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume2\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
2764	d98.ea8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e54 pwszName=\Device\HarddiskVolume2\Windows\System32\newdev.dll
2765	d98.ea8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
2766	d98.ea8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
2767	d98.ea8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F4B2CF91DA6B4233E3BF5D2EC9677240BFF983C
2768	d98.ea8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume2\Windows\System32\newdev.dll'
2769	d98.ea8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2770	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2771	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2772	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2773	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
2774	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'uxtheme.dll'.
2775	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'cfgmgr32.dll'.
2776	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'setupapi.dll'.
2777	d98.ea8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\newdev.dll) WinVerifyTrust
2778	d98.ea8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\newdev.dll
2779	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2780	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2781	d98.ea8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2782	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2783	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2784	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2785	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2786	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2787	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2788	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2789	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2790	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2791	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2792	d98.ea8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2793	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2794	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2795	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2796	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2797	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
2798	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
2799	d98.ea8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e38 pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll
2800	d98.ea8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
2801	d98.ea8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
2802	d98.ea8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91
2803	d98.ea8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
2804	d98.ea8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2805	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2806	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2807	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
2808	d98.ea8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust
2809	d98.ea8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2810	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2811	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2812	d98.ea8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2813	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2814	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2815	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2816	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2817	d98.ea8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2818	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2819	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2820	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2821	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2822	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2823	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2824	d98.ea8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2825	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2826	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2827	d98.ea8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2828	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
2829	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
2830	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2831	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2832	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2833	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2834	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2835	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2836	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2837	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2838	d98.ea8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000032db7d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2839	d98.ea8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2840	d98.ea8: supR3HardenedDllNotificationCallback: load 000007feee470000 LB 0x008e3000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
2841	d98.ea8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2842	d98.ea8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2843	d98.ea8: supR3HardenedDllNotificationCallback: load 000007fef3a10000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
2844	d98.ea8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2845	d98.ea8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
2846	d98.ea8: supR3HardenedDllNotificationCallback: load 000007fef6e40000 LB 0x00051000 C:\Windows\system32\newdev.dll [fFlags=0x0]
2847	d98.ea8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
2848	d98.ea8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2849	d98.ea8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
2850	d98.ea8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
2851	d98.ea8: supR3HardenedDllNotificationCallback: load 000007fefc8b0000 LB 0x00012000 C:\Windows\system32\devrtl.DLL [fFlags=0x0]
2852	d98.ea8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
2853	d98.ea8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2854	d98.ea8: supR3HardenedDllNotificationCallback: load 000007feee430000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
2855	d98.ea8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2856	d98.ea8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2857	d98.ea8: supR3HardenedDllNotificationCallback: load 000007fefb220000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0]
2858	d98.ea8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2859	d98.ea8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2860	d98.ea8: supR3HardenedDllNotificationCallback: load 000007fefb210000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0]
2861	d98.ea8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2862	d98.ea8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee470000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
2863	d98.ea8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e4c pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
2864	d98.ea8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
2865	d98.ea8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
2866	d98.ea8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=445E5B0E9F43B5D56A5B9C4BC3369E3D076ACA1A
2867	d98.ea8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
2868	d98.ea8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2869	d98.ea8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
2870	d98.ea8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2871	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2872	d98.ea8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2873	d98.ea8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000032db7d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2874	d98.ea8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2875	d98.ea8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1460000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
2876	d98.ea8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2877	d98.ea8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000032db7d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2878	d98.ea8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2879	d98.ea8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee430000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
2880	d98.f30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2881	d98.f30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2882	d98.f30: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2883	d98.f30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
2884	d98.f30: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2885	d98.f30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2886	d98.f30: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2887	d98.f30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2888	d98.f30: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2889	d98.f30: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2890	d98.f30: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2891	d98.f30: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2892	d98.f30: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000032db7d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2893	d98.f30: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2894	d98.f30: supR3HardenedDllNotificationCallback: load 000007feee420000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
2895	d98.f30: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2896	d98.f30: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee420000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
2897	d98.ea8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2898	d98.ea8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000032db7d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2899	d98.ea8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2900	d98.ea8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077700000 'C:\Windows\system32/kernel32.dll'
2901	d98.e8c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff540000 'C:\Windows\system32\OLEAUT32.dll'
2902	d98.d9c: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [redir]
2903	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [redoing WinVerifyTrust]
2904	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004fc pwszName=\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
2905	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006de810
2906	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006de810
2907	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
2908	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
2909	d98.d9c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2910	d98.d9c: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
2911	d98.d9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007057a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2912	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8140000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
2913	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4a0000 'C:\Windows\system32\shell32.dll'
2914	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4a0000 'C:\Windows\system32\shell32.dll'
2915	d98.f00: supR3HardenedDllNotificationCallback: Unload 000007fef6ca0000 LB 0x00048000 C:\Program Files (x86)\TeamViewer\tv_x64.dll [flags=0x0]
2916	d98.ed0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\TeamViewer\tv_x64.dll
2917	d98.ed0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\TeamViewer\tv_x64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004c470c0:C:\Program Files (x86)\TeamViewer;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2918	d98.ed0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\TeamViewer\tv_x64.dll
2919	d98.ed0: supR3HardenedDllNotificationCallback: load 000007fef6ca0000 LB 0x00048000 C:\Program Files (x86)\TeamViewer\tv_x64.dll [fFlags=0x0]
2920	d98.ed0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\TeamViewer\tv_x64.dll
2921	d98.ed0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6ca0000 'C:\Program Files (x86)\TeamViewer\tv_x64.dll'
2922	d98.ed0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe320000 'C:\Windows\system32\advapi32.dll'
2923	d98.d9c: supR3HardenedDllNotificationCallback: Unload 000007fef6ca0000 LB 0x00048000 C:\Program Files (x86)\TeamViewer\tv_x64.dll [flags=0x0]
2924	d98.ed0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\TeamViewer\tv_x64.dll
2925	d98.ed0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\TeamViewer\tv_x64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003339c90:C:\Program Files (x86)\TeamViewer;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2926	d98.ed0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\TeamViewer\tv_x64.dll
2927	d98.ed0: supR3HardenedDllNotificationCallback: load 000007fef6ca0000 LB 0x00048000 C:\Program Files (x86)\TeamViewer\tv_x64.dll [fFlags=0x0]
2928	d98.ed0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\TeamViewer\tv_x64.dll
2929	d98.ed0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6ca0000 'C:\Program Files (x86)\TeamViewer\tv_x64.dll'
2930	d98.ed0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe320000 'C:\Windows\system32\advapi32.dll'
2931	d98.d9c: supR3HardenedDllNotificationCallback: Unload 000007fef6ca0000 LB 0x00048000 C:\Program Files (x86)\TeamViewer\tv_x64.dll [flags=0x0]
2932	d98.d9c: supR3HardenedDllNotificationCallback: load 000007fef6ca0000 LB 0x00048000 C:\Program Files (x86)\TeamViewer\tv_x64.dll [fFlags=0x0]
2933	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6ca0000 'C:\Program Files (x86)\TeamViewer\tv_x64.dll'
2934	d98.d9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe320000 'C:\Windows\system32\advapi32.dll'
2935	d98.d9c: supR3HardenedDllNotificationCallback: Unload 000007fef6ca0000 LB 0x00048000 C:\Program Files (x86)\TeamViewer\tv_x64.dll [flags=0x0]
2936	d98.ed0: supR3HardenedDllNotificationCallback: load 000007fef6ca0000 LB 0x00048000 C:\Program Files (x86)\TeamViewer\tv_x64.dll [fFlags=0x0]
2937	d98.ed0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6ca0000 'C:\Program Files (x86)\TeamViewer\tv_x64.dll'
2938	d98.ed0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe320000 'C:\Windows\system32\advapi32.dll'
2939	d98.f30: supR3HardenedDllNotificationCallback: Unload 000007feee420000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
2940	d98.f0c: supR3HardenedDllNotificationCallback: Unload 000007feeed60000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
2941	d98.f04: supR3HardenedDllNotificationCallback: Unload 000007fef86c0000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
2942	d98.efc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3f90000 'C:\Windows\system32\OPENGL32.dll'
2943	d98.efc: supR3HardenedDllNotificationCallback: Unload 000007fef13b0000 LB 0x0001a000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll [flags=0x0]
2944	d98.efc: supR3HardenedDllNotificationCallback: Unload 000007feeedb0000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL [flags=0x0]
2945	d98.efc: supR3HardenedDllNotificationCallback: Unload 000007fef8630000 LB 0x00028000 C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll [flags=0x0]
2946	d98.efc: supR3HardenedDllNotificationCallback: Unload 000007feeed70000 LB 0x00034000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [flags=0x0]
2947	d98.ed4: supR3HardenedDllNotificationCallback: Unload 000007fef86d0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
2948	d98.ecc: supR3HardenedDllNotificationCallback: Unload 000007fef86e0000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
2949	d98.ea8: supR3HardenedDllNotificationCallback: Unload 000007feee470000 LB 0x008e3000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
2950	d98.ea8: supR3HardenedDllNotificationCallback: Unload 000007fefb220000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [flags=0x0]
2951	d98.ea8: supR3HardenedDllNotificationCallback: Unload 000007fefb210000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [flags=0x0]
2952	d98.ea8: supR3HardenedDllNotificationCallback: Unload 000007feee430000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
2953	d98.ea8: supR3HardenedDllNotificationCallback: Unload 000007fef3a10000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
2954	d98.ea8: supR3HardenedDllNotificationCallback: Unload 000007fef6e40000 LB 0x00051000 C:\Windows\system32\newdev.dll [flags=0x0]
2955	d98.d9c: supR3HardenedDllNotificationCallback: Unload 000007fef9750000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [flags=0x0]
2956	d98.d9c: supR3HardenedDllNotificationCallback: Unload 000007fef9720000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [flags=0x0]
2957	d98.d9c: supR3HardenedDllNotificationCallback: Unload 000007fef9190000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [flags=0x0]
2958	d98.d9c: supR3HardenedDllNotificationCallback: Unload 000007fef9670000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [flags=0x0]
2959	d98.d9c: supR3HardenedDllNotificationCallback: Unload 000007fef9920000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [flags=0x0]
2960	d98.d9c: supR3HardenedDllNotificationCallback: Unload 000007fef1460000 LB 0x005d7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
2961	d98.d9c: supR3HardenedDllNotificationCallback: Unload 00000000779e0000 LB 0x00007000 C:\Windows\system32\PSAPI.DLL [flags=0x0]
2962	d98.d9c: Terminating the normal way: rcExit=0
2963	d90.d94: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 370297325 ms, the end);
2964	d88.d8c: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 370297918 ms, the end);

Download in other formats:

Original Format