Ticket #14774: VBoxHardening.log

File VBoxHardening.log, 334.0 KB (added by GoodGodd, 9 years ago)

Line
1	7e8.b30: Log file opened: 5.0.9r103713 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
2	7e8.b30: \SystemRoot\System32\ntdll.dll:
3	7e8.b30: CreationTime: 2015-06-30T18:24:53.606504900Z
4	7e8.b30: LastWriteTime: 2015-05-25T18:21:21.289963400Z
5	7e8.b30: ChangeTime: 2015-06-30T22:16:12.090281900Z
6	7e8.b30: FileAttributes: 0x20
7	7e8.b30: Size: 0x1a61c0
8	7e8.b30: NT Headers: 0xe0
9	7e8.b30: Timestamp: 0x556366f2
10	7e8.b30: Machine: 0x8664 - amd64
11	7e8.b30: Timestamp: 0x556366f2
12	7e8.b30: Image Version: 6.1
13	7e8.b30: SizeOfImage: 0x1a9000 (1740800)
14	7e8.b30: Resource Dir: 0x14d000 LB 0x5a028
15	7e8.b30: ProductName: Microsoft® Windows® Operating System
16	7e8.b30: ProductVersion: 6.1.7601.18869
17	7e8.b30: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
18	7e8.b30: FileDescription: NT Layer DLL
19	7e8.b30: \SystemRoot\System32\kernel32.dll:
20	7e8.b30: CreationTime: 2015-06-30T18:24:53.107304100Z
21	7e8.b30: LastWriteTime: 2015-05-25T18:19:02.585000000Z
22	7e8.b30: ChangeTime: 2015-06-30T22:16:12.324282300Z
23	7e8.b30: FileAttributes: 0x20
24	7e8.b30: Size: 0x11be00
25	7e8.b30: NT Headers: 0xe8
26	7e8.b30: Timestamp: 0x556366fc
27	7e8.b30: Machine: 0x8664 - amd64
28	7e8.b30: Timestamp: 0x556366fc
29	7e8.b30: Image Version: 6.1
30	7e8.b30: SizeOfImage: 0x11f000 (1175552)
31	7e8.b30: Resource Dir: 0x116000 LB 0x528
32	7e8.b30: ProductName: Microsoft® Windows® Operating System
33	7e8.b30: ProductVersion: 6.1.7601.18869
34	7e8.b30: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
35	7e8.b30: FileDescription: Windows NT BASE API Client DLL
36	7e8.b30: \SystemRoot\System32\KernelBase.dll:
37	7e8.b30: CreationTime: 2015-06-30T18:24:53.060504000Z
38	7e8.b30: LastWriteTime: 2015-05-25T18:19:02.585000000Z
39	7e8.b30: ChangeTime: 2015-06-30T22:16:12.324282300Z
40	7e8.b30: FileAttributes: 0x20
41	7e8.b30: Size: 0x67c00
42	7e8.b30: NT Headers: 0xe8
43	7e8.b30: Timestamp: 0x556366fd
44	7e8.b30: Machine: 0x8664 - amd64
45	7e8.b30: Timestamp: 0x556366fd
46	7e8.b30: Image Version: 6.1
47	7e8.b30: SizeOfImage: 0x6c000 (442368)
48	7e8.b30: Resource Dir: 0x6a000 LB 0x530
49	7e8.b30: ProductName: Microsoft® Windows® Operating System
50	7e8.b30: ProductVersion: 6.1.7601.18869
51	7e8.b30: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
52	7e8.b30: FileDescription: Windows NT BASE API Client DLL
53	7e8.b30: \SystemRoot\System32\apisetschema.dll:
54	7e8.b30: CreationTime: 2015-06-30T18:24:52.124502300Z
55	7e8.b30: LastWriteTime: 2015-05-25T18:11:40.254000000Z
56	7e8.b30: ChangeTime: 2015-06-30T22:16:12.074681900Z
57	7e8.b30: FileAttributes: 0x20
58	7e8.b30: Size: 0x1a00
59	7e8.b30: NT Headers: 0xc0
60	7e8.b30: Timestamp: 0x55636622
61	7e8.b30: Machine: 0x8664 - amd64
62	7e8.b30: Timestamp: 0x55636622
63	7e8.b30: Image Version: 6.1
64	7e8.b30: SizeOfImage: 0x50000 (327680)
65	7e8.b30: Resource Dir: 0x30000 LB 0x3f8
66	7e8.b30: ProductName: Microsoft® Windows® Operating System
67	7e8.b30: ProductVersion: 6.1.7601.18869
68	7e8.b30: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
69	7e8.b30: FileDescription: ApiSet Schema DLL
70	7e8.b30: supR3HardenedWinFindAdversaries: 0x80
71	7e8.b30: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
72	7e8.b30: CreationTime: 2015-07-18T23:42:46.446818300Z
73	7e8.b30: LastWriteTime: 2015-07-27T17:41:10.541992700Z
74	7e8.b30: ChangeTime: 2015-07-27T17:41:10.541992700Z
75	7e8.b30: FileAttributes: 0x20
76	7e8.b30: Size: 0x1bcd8
77	7e8.b30: NT Headers: 0xe8
78	7e8.b30: Timestamp: 0x552c190f
79	7e8.b30: Machine: 0x8664 - amd64
80	7e8.b30: Timestamp: 0x552c190f
81	7e8.b30: Image Version: 6.1
82	7e8.b30: SizeOfImage: 0x21000 (135168)
83	7e8.b30: Resource Dir: 0x1f000 LB 0x3f0
84	7e8.b30: ProductName: Malwarebytes Anti-Malware
85	7e8.b30: ProductVersion: 0.2.22.0
86	7e8.b30: FileVersion: 0.2.22.0
87	7e8.b30: FileDescription: Malwarebytes Anti-Malware
88	7e8.b30: \SystemRoot\System32\drivers\mwac.sys:
89	7e8.b30: CreationTime: 2015-07-18T23:42:36.308030900Z
90	7e8.b30: LastWriteTime: 2015-06-18T08:48:04.000000000Z
91	7e8.b30: ChangeTime: 2015-07-18T23:43:21.166227100Z
92	7e8.b30: FileAttributes: 0x20
93	7e8.b30: Size: 0xf8d8
94	7e8.b30: NT Headers: 0xf8
95	7e8.b30: Timestamp: 0x53a0f42a
96	7e8.b30: Machine: 0x8664 - amd64
97	7e8.b30: Timestamp: 0x53a0f42a
98	7e8.b30: Image Version: 6.2
99	7e8.b30: SizeOfImage: 0x12000 (73728)
100	7e8.b30: Resource Dir: 0x10000 LB 0x3e0
101	7e8.b30: ProductName: Malwarebytes Web Access Control
102	7e8.b30: ProductVersion: 1.0.6.0
103	7e8.b30: FileVersion: 1.0.6.0
104	7e8.b30: FileDescription: Malwarebytes Web Access Control
105	7e8.b30: \SystemRoot\System32\drivers\mbamchameleon.sys:
106	7e8.b30: CreationTime: 2015-07-18T23:42:36.315031800Z
107	7e8.b30: LastWriteTime: 2015-06-18T08:47:54.000000000Z
108	7e8.b30: ChangeTime: 2015-07-18T23:43:21.178228700Z
109	7e8.b30: FileAttributes: 0x20
110	7e8.b30: Size: 0x1aad8
111	7e8.b30: NT Headers: 0xd8
112	7e8.b30: Timestamp: 0x554cf757
113	7e8.b30: Machine: 0x8664 - amd64
114	7e8.b30: Timestamp: 0x554cf757
115	7e8.b30: Image Version: 6.1
116	7e8.b30: SizeOfImage: 0x1e000 (122880)
117	7e8.b30: Resource Dir: 0x1c000 LB 0xbd8
118	7e8.b30: ProductName: Malwarebytes Chameleon
119	7e8.b30: ProductVersion: 1.1.20.0
120	7e8.b30: FileVersion: 1.1.20.0
121	7e8.b30: FileDescription: Malwarebytes Chameleon Protection Driver
122	7e8.b30: \SystemRoot\System32\drivers\mbam.sys:
123	7e8.b30: CreationTime: 2015-07-18T23:42:36.304030400Z
124	7e8.b30: LastWriteTime: 2015-06-18T08:47:50.000000000Z
125	7e8.b30: ChangeTime: 2015-07-18T23:43:21.159226300Z
126	7e8.b30: FileAttributes: 0x20
127	7e8.b30: Size: 0x64d8
128	7e8.b30: NT Headers: 0xd8
129	7e8.b30: Timestamp: 0x540754e1
130	7e8.b30: Machine: 0x8664 - amd64
131	7e8.b30: Timestamp: 0x540754e1
132	7e8.b30: Image Version: 6.1
133	7e8.b30: SizeOfImage: 0xa000 (40960)
134	7e8.b30: Resource Dir: 0x8000 LB 0x3d0
135	7e8.b30: ProductName: Malwarebytes Anti-Malware
136	7e8.b30: ProductVersion: 0.1.15.0
137	7e8.b30: FileVersion: 0.1.15.0
138	7e8.b30: FileDescription: Malwarebytes Anti-Malware
139	7e8.b30: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
140	7e8.b30: Calling main()
141	7e8.b30: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
142	7e8.b30: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
143	7e8.b30: SUPR3HardenedMain: Respawn #1
144	7e8.b30: System32: \Device\HarddiskVolume2\Windows\System32
145	7e8.b30: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
146	7e8.b30: KnownDllPath: C:\Windows\system32
147	7e8.b30: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
148	7e8.b30: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
149	7e8.b30: supR3HardNtEnableThreadCreation:
150	7e8.b30: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007732b780 pvNtTerminateThread=000000007734e0e0
151	7e8.b30: supR3HardenedWinDoReSpawn(1): New child ec8.e6c [kernel32].
152	7e8.b30: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
153	7e8.b30: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077300000 uNtDllChildAddr=0000000077300000
154	7e8.b30: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007732b780
155	7e8.b30: supR3HardenedWinSetupChildInit: Start child.
156	7e8.b30: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
157	7e8.b30: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 33 sleeps
158	7e8.b30: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
159	7e8.b30: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
160	7e8.b30: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
161	7e8.b30: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
162	7e8.b30: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
163	7e8.b30: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
164	7e8.b30: 0000000000041000-0000000000011fff 0x0001/0x0000 0x0000000
165	7e8.b30: *0000000000070000-fffffffffff73fff 0x0000/0x0004 0x0020000
166	7e8.b30: 000000000016c000-0000000000168fff 0x0104/0x0004 0x0020000
167	7e8.b30: 000000000016f000-000000000016dfff 0x0004/0x0004 0x0020000
168	7e8.b30: 0000000000170000-ffffffff88fdffff 0x0001/0x0000 0x0000000
169	7e8.b30: *0000000077300000-0000000077300fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
170	7e8.b30: 0000000077301000-00000000773fefff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
171	7e8.b30: 00000000773ff000-000000007742dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
172	7e8.b30: 000000007742e000-0000000077435fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
173	7e8.b30: 0000000077436000-0000000077436fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
174	7e8.b30: 0000000077437000-0000000077439fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
175	7e8.b30: 000000007743a000-00000000774a8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
176	7e8.b30: 00000000774a9000-000000006f971fff 0x0001/0x0000 0x0000000
177	7e8.b30: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
178	7e8.b30: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
179	7e8.b30: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
180	7e8.b30: 000000007fff0000-ffffffffc060ffff 0x0001/0x0000 0x0000000
181	7e8.b30: *000000013f9d0000-000000013f9d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
182	7e8.b30: 000000013f9d1000-000000013fa57fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
183	7e8.b30: 000000013fa58000-000000013fa58fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
184	7e8.b30: 000000013fa59000-000000013faa3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
185	7e8.b30: 000000013faa4000-000000013faa4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
186	7e8.b30: 000000013faa5000-000000013faa5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
187	7e8.b30: 000000013faa6000-000000013faaafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
188	7e8.b30: 000000013faab000-000000013faabfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
189	7e8.b30: 000000013faac000-000000013faacfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
190	7e8.b30: 000000013faad000-000000013fab0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
191	7e8.b30: 000000013fab1000-000000013fafbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
192	7e8.b30: 000000013fafc000-fffff8037ffd7fff 0x0001/0x0000 0x0000000
193	7e8.b30: *000007feff620000-000007feff620fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
194	7e8.b30: 000007feff621000-000007fdfec91fff 0x0001/0x0000 0x0000000
195	7e8.b30: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
196	7e8.b30: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000
197	7e8.b30: *000007fffffdd000-000007fffffdafff 0x0004/0x0004 0x0020000
198	7e8.b30: *000007fffffdf000-000007fffffddfff 0x0004/0x0004 0x0020000
199	7e8.b30: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
200	7e8.b30: apisetschema.dll: timestamp 0x55636622 (rc=VINF_SUCCESS)
201	7e8.b30: VirtualBox.exe: timestamp 0x5630b0b7 (rc=VINF_SUCCESS)
202	7e8.b30: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
203	7e8.b30: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
204	7e8.b30: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
205	7e8.b30: supR3HardNtChildPurify: Done after 546 ms and 0 fixes (loop #0).
206	ec8.e6c: Log file opened: 5.0.9r103713 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
207	ec8.e6c: supR3HardenedVmProcessInit: uNtDllAddr=0000000077300000
208	ec8.e6c: ntdll.dll: timestamp 0x556366f2 (rc=VINF_SUCCESS)
209	ec8.e6c: New simple heap: #1 0000000000270000 LB 0x400000 (for 1740800 allocation)
210	7e8.b30: supR3HardNtEnableThreadCreation:
211	ec8.e6c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
212	ec8.e6c: System32: \Device\HarddiskVolume2\Windows\System32
213	ec8.e6c: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
214	ec8.e6c: KnownDllPath: C:\Windows\system32
215	ec8.e6c: supR3HardenedVmProcessInit: Opening vboxdrv stub...
216	ec8.e6c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
217	ec8.e6c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
218	ec8.e6c: Registered Dll notification callback with NTDLL.
219	ec8.e6c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
220	ec8.e6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
221	ec8.e6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
222	ec8.e6c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
223	ec8.e6c: supR3HardenedDllNotificationCallback: load 00000000771e0000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
224	ec8.e6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
225	ec8.e6c: supR3HardenedDllNotificationCallback: load 000007fefd2c0000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
226	ec8.e6c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
227	ec8.e6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
228	ec8.e6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000771e0000 'C:\Windows\system32\kernel32.dll'
229	ec8.e6c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007732b780 pvNtTerminateThread=000000007734e0e0
230	7e8.b30: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 16 ms.
231	ec8.e6c: \SystemRoot\System32\ntdll.dll:
232	ec8.e6c: CreationTime: 2015-06-30T18:24:53.606504900Z
233	ec8.e6c: LastWriteTime: 2015-05-25T18:21:21.289963400Z
234	ec8.e6c: ChangeTime: 2015-06-30T22:16:12.090281900Z
235	ec8.e6c: FileAttributes: 0x20
236	ec8.e6c: Size: 0x1a61c0
237	ec8.e6c: NT Headers: 0xe0
238	ec8.e6c: Timestamp: 0x556366f2
239	ec8.e6c: Machine: 0x8664 - amd64
240	ec8.e6c: Timestamp: 0x556366f2
241	ec8.e6c: Image Version: 6.1
242	ec8.e6c: SizeOfImage: 0x1a9000 (1740800)
243	ec8.e6c: Resource Dir: 0x14d000 LB 0x5a028
244	ec8.e6c: ProductName: Microsoft® Windows® Operating System
245	ec8.e6c: ProductVersion: 6.1.7601.18869
246	ec8.e6c: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
247	ec8.e6c: FileDescription: NT Layer DLL
248	ec8.e6c: \SystemRoot\System32\kernel32.dll:
249	ec8.e6c: CreationTime: 2015-06-30T18:24:53.107304100Z
250	ec8.e6c: LastWriteTime: 2015-05-25T18:19:02.585000000Z
251	ec8.e6c: ChangeTime: 2015-06-30T22:16:12.324282300Z
252	ec8.e6c: FileAttributes: 0x20
253	ec8.e6c: Size: 0x11be00
254	ec8.e6c: NT Headers: 0xe8
255	ec8.e6c: Timestamp: 0x556366fc
256	ec8.e6c: Machine: 0x8664 - amd64
257	ec8.e6c: Timestamp: 0x556366fc
258	ec8.e6c: Image Version: 6.1
259	ec8.e6c: SizeOfImage: 0x11f000 (1175552)
260	ec8.e6c: Resource Dir: 0x116000 LB 0x528
261	ec8.e6c: ProductName: Microsoft® Windows® Operating System
262	ec8.e6c: ProductVersion: 6.1.7601.18869
263	ec8.e6c: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
264	ec8.e6c: FileDescription: Windows NT BASE API Client DLL
265	ec8.e6c: \SystemRoot\System32\KernelBase.dll:
266	ec8.e6c: CreationTime: 2015-06-30T18:24:53.060504000Z
267	ec8.e6c: LastWriteTime: 2015-05-25T18:19:02.585000000Z
268	ec8.e6c: ChangeTime: 2015-06-30T22:16:12.324282300Z
269	ec8.e6c: FileAttributes: 0x20
270	ec8.e6c: Size: 0x67c00
271	ec8.e6c: NT Headers: 0xe8
272	ec8.e6c: Timestamp: 0x556366fd
273	ec8.e6c: Machine: 0x8664 - amd64
274	ec8.e6c: Timestamp: 0x556366fd
275	ec8.e6c: Image Version: 6.1
276	ec8.e6c: SizeOfImage: 0x6c000 (442368)
277	ec8.e6c: Resource Dir: 0x6a000 LB 0x530
278	ec8.e6c: ProductName: Microsoft® Windows® Operating System
279	ec8.e6c: ProductVersion: 6.1.7601.18869
280	ec8.e6c: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
281	ec8.e6c: FileDescription: Windows NT BASE API Client DLL
282	ec8.e6c: \SystemRoot\System32\apisetschema.dll:
283	ec8.e6c: CreationTime: 2015-06-30T18:24:52.124502300Z
284	ec8.e6c: LastWriteTime: 2015-05-25T18:11:40.254000000Z
285	ec8.e6c: ChangeTime: 2015-06-30T22:16:12.074681900Z
286	ec8.e6c: FileAttributes: 0x20
287	ec8.e6c: Size: 0x1a00
288	ec8.e6c: NT Headers: 0xc0
289	ec8.e6c: Timestamp: 0x55636622
290	ec8.e6c: Machine: 0x8664 - amd64
291	ec8.e6c: Timestamp: 0x55636622
292	ec8.e6c: Image Version: 6.1
293	ec8.e6c: SizeOfImage: 0x50000 (327680)
294	ec8.e6c: Resource Dir: 0x30000 LB 0x3f8
295	ec8.e6c: ProductName: Microsoft® Windows® Operating System
296	ec8.e6c: ProductVersion: 6.1.7601.18869
297	ec8.e6c: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
298	ec8.e6c: FileDescription: ApiSet Schema DLL
299	ec8.e6c: supR3HardenedWinFindAdversaries: 0x80
300	ec8.e6c: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
301	ec8.e6c: CreationTime: 2015-07-18T23:42:46.446818300Z
302	ec8.e6c: LastWriteTime: 2015-07-27T17:41:10.541992700Z
303	ec8.e6c: ChangeTime: 2015-07-27T17:41:10.541992700Z
304	ec8.e6c: FileAttributes: 0x20
305	ec8.e6c: Size: 0x1bcd8
306	ec8.e6c: NT Headers: 0xe8
307	ec8.e6c: Timestamp: 0x552c190f
308	ec8.e6c: Machine: 0x8664 - amd64
309	ec8.e6c: Timestamp: 0x552c190f
310	ec8.e6c: Image Version: 6.1
311	ec8.e6c: SizeOfImage: 0x21000 (135168)
312	ec8.e6c: Resource Dir: 0x1f000 LB 0x3f0
313	ec8.e6c: ProductName: Malwarebytes Anti-Malware
314	ec8.e6c: ProductVersion: 0.2.22.0
315	ec8.e6c: FileVersion: 0.2.22.0
316	ec8.e6c: FileDescription: Malwarebytes Anti-Malware
317	ec8.e6c: \SystemRoot\System32\drivers\mwac.sys:
318	ec8.e6c: CreationTime: 2015-07-18T23:42:36.308030900Z
319	ec8.e6c: LastWriteTime: 2015-06-18T08:48:04.000000000Z
320	ec8.e6c: ChangeTime: 2015-07-18T23:43:21.166227100Z
321	ec8.e6c: FileAttributes: 0x20
322	ec8.e6c: Size: 0xf8d8
323	ec8.e6c: NT Headers: 0xf8
324	ec8.e6c: Timestamp: 0x53a0f42a
325	ec8.e6c: Machine: 0x8664 - amd64
326	ec8.e6c: Timestamp: 0x53a0f42a
327	ec8.e6c: Image Version: 6.2
328	ec8.e6c: SizeOfImage: 0x12000 (73728)
329	ec8.e6c: Resource Dir: 0x10000 LB 0x3e0
330	ec8.e6c: ProductName: Malwarebytes Web Access Control
331	ec8.e6c: ProductVersion: 1.0.6.0
332	ec8.e6c: FileVersion: 1.0.6.0
333	ec8.e6c: FileDescription: Malwarebytes Web Access Control
334	ec8.e6c: \SystemRoot\System32\drivers\mbamchameleon.sys:
335	ec8.e6c: CreationTime: 2015-07-18T23:42:36.315031800Z
336	ec8.e6c: LastWriteTime: 2015-06-18T08:47:54.000000000Z
337	ec8.e6c: ChangeTime: 2015-07-18T23:43:21.178228700Z
338	ec8.e6c: FileAttributes: 0x20
339	ec8.e6c: Size: 0x1aad8
340	ec8.e6c: NT Headers: 0xd8
341	ec8.e6c: Timestamp: 0x554cf757
342	ec8.e6c: Machine: 0x8664 - amd64
343	ec8.e6c: Timestamp: 0x554cf757
344	ec8.e6c: Image Version: 6.1
345	ec8.e6c: SizeOfImage: 0x1e000 (122880)
346	ec8.e6c: Resource Dir: 0x1c000 LB 0xbd8
347	ec8.e6c: ProductName: Malwarebytes Chameleon
348	ec8.e6c: ProductVersion: 1.1.20.0
349	ec8.e6c: FileVersion: 1.1.20.0
350	ec8.e6c: FileDescription: Malwarebytes Chameleon Protection Driver
351	ec8.e6c: \SystemRoot\System32\drivers\mbam.sys:
352	ec8.e6c: CreationTime: 2015-07-18T23:42:36.304030400Z
353	ec8.e6c: LastWriteTime: 2015-06-18T08:47:50.000000000Z
354	ec8.e6c: ChangeTime: 2015-07-18T23:43:21.159226300Z
355	ec8.e6c: FileAttributes: 0x20
356	ec8.e6c: Size: 0x64d8
357	ec8.e6c: NT Headers: 0xd8
358	ec8.e6c: Timestamp: 0x540754e1
359	ec8.e6c: Machine: 0x8664 - amd64
360	ec8.e6c: Timestamp: 0x540754e1
361	ec8.e6c: Image Version: 6.1
362	ec8.e6c: SizeOfImage: 0xa000 (40960)
363	ec8.e6c: Resource Dir: 0x8000 LB 0x3d0
364	ec8.e6c: ProductName: Malwarebytes Anti-Malware
365	ec8.e6c: ProductVersion: 0.1.15.0
366	ec8.e6c: FileVersion: 0.1.15.0
367	ec8.e6c: FileDescription: Malwarebytes Anti-Malware
368	ec8.e6c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
369	ec8.e6c: Calling main()
370	ec8.e6c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
371	ec8.e6c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
372	ec8.e6c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
373	ec8.e6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
374	ec8.e6c: SUPR3HardenedMain: Respawn #2
375	ec8.e6c: supR3HardNtEnableThreadCreation:
376	ec8.e6c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
377	ec8.e6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
378	ec8.e6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
379	ec8.e6c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
380	ec8.e6c: supR3HardenedDllNotificationCallback: load 000007fefcef0000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
381	ec8.e6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
382	ec8.e6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcef0000 'C:\Windows\system32\apphelp.dll'
383	ec8.e6c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007732b780 pvNtTerminateThread=000000007734e0e0
384	ec8.e6c: supR3HardenedWinDoReSpawn(2): New child e18.c94 [kernel32].
385	ec8.e6c: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd7000 cbPeb=0x380
386	ec8.e6c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077300000 uNtDllChildAddr=0000000077300000
387	ec8.e6c: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007732b780
388	ec8.e6c: supR3HardenedWinSetupChildInit: Start child.
389	ec8.e6c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 15 ms.
390	ec8.e6c: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 33 sleeps
391	ec8.e6c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
392	ec8.e6c: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
393	ec8.e6c: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
394	ec8.e6c: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
395	ec8.e6c: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
396	ec8.e6c: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
397	ec8.e6c: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
398	ec8.e6c: *0000000000050000-fffffffffff53fff 0x0000/0x0004 0x0020000
399	ec8.e6c: 000000000014c000-0000000000148fff 0x0104/0x0004 0x0020000
400	ec8.e6c: 000000000014f000-000000000014dfff 0x0004/0x0004 0x0020000
401	ec8.e6c: 0000000000150000-ffffffff88f9ffff 0x0001/0x0000 0x0000000
402	ec8.e6c: *0000000077300000-0000000077300fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
403	ec8.e6c: 0000000077301000-00000000773fefff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
404	ec8.e6c: 00000000773ff000-000000007742dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
405	ec8.e6c: 000000007742e000-0000000077435fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
406	ec8.e6c: 0000000077436000-0000000077436fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
407	ec8.e6c: 0000000077437000-0000000077439fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
408	ec8.e6c: 000000007743a000-00000000774a8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
409	ec8.e6c: 00000000774a9000-000000006f971fff 0x0001/0x0000 0x0000000
410	ec8.e6c: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
411	ec8.e6c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
412	ec8.e6c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
413	ec8.e6c: 000000007fff0000-ffffffffc060ffff 0x0001/0x0000 0x0000000
414	ec8.e6c: *000000013f9d0000-000000013f9d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
415	ec8.e6c: 000000013f9d1000-000000013fa57fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
416	ec8.e6c: 000000013fa58000-000000013fa58fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
417	ec8.e6c: 000000013fa59000-000000013faa3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
418	ec8.e6c: 000000013faa4000-000000013faa4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
419	ec8.e6c: 000000013faa5000-000000013faa5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
420	ec8.e6c: 000000013faa6000-000000013faaafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
421	ec8.e6c: 000000013faab000-000000013faabfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
422	ec8.e6c: 000000013faac000-000000013faacfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
423	ec8.e6c: 000000013faad000-000000013fab0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
424	ec8.e6c: 000000013fab1000-000000013fafbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
425	ec8.e6c: 000000013fafc000-fffff8037ffd7fff 0x0001/0x0000 0x0000000
426	ec8.e6c: *000007feff620000-000007feff620fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
427	ec8.e6c: 000007feff621000-000007fdfec91fff 0x0001/0x0000 0x0000000
428	ec8.e6c: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
429	ec8.e6c: 000007fffffd3000-000007fffffcefff 0x0001/0x0000 0x0000000
430	ec8.e6c: *000007fffffd7000-000007fffffd5fff 0x0004/0x0004 0x0020000
431	ec8.e6c: 000007fffffd8000-000007fffffd1fff 0x0001/0x0000 0x0000000
432	ec8.e6c: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
433	ec8.e6c: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
434	ec8.e6c: apisetschema.dll: timestamp 0x55636622 (rc=VINF_SUCCESS)
435	ec8.e6c: VirtualBox.exe: timestamp 0x5630b0b7 (rc=VINF_SUCCESS)
436	ec8.e6c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
437	ec8.e6c: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
438	ec8.e6c: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
439	ec8.e6c: supR3HardNtChildPurify: Done after 531 ms and 0 fixes (loop #0).
440	e18.c94: Log file opened: 5.0.9r103713 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110
441	e18.c94: supR3HardenedVmProcessInit: uNtDllAddr=0000000077300000
442	e18.c94: ntdll.dll: timestamp 0x556366f2 (rc=VINF_SUCCESS)
443	e18.c94: New simple heap: #1 0000000000250000 LB 0x400000 (for 1740800 allocation)
444	ec8.e6c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000270000 LB 0x400000)
445	ec8.e6c: supR3HardNtEnableThreadCreation:
446	e18.c94: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
447	e18.c94: System32: \Device\HarddiskVolume2\Windows\System32
448	e18.c94: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
449	e18.c94: KnownDllPath: C:\Windows\system32
450	e18.c94: supR3HardenedVmProcessInit: Opening vboxdrv...
451	e18.c94: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
452	e18.c94: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
453	e18.c94: Registered Dll notification callback with NTDLL.
454	e18.c94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
455	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
456	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
457	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
458	e18.c94: supR3HardenedDllNotificationCallback: load 00000000771e0000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
459	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
460	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefd2c0000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
461	e18.c94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
462	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
463	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000771e0000 'C:\Windows\system32\kernel32.dll'
464	e18.c94: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007732b780 pvNtTerminateThread=000000007734e0e0
465	ec8.e6c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 15 ms.
466	e18.c94: \SystemRoot\System32\ntdll.dll:
467	e18.c94: CreationTime: 2015-06-30T18:24:53.606504900Z
468	e18.c94: LastWriteTime: 2015-05-25T18:21:21.289963400Z
469	e18.c94: ChangeTime: 2015-06-30T22:16:12.090281900Z
470	e18.c94: FileAttributes: 0x20
471	e18.c94: Size: 0x1a61c0
472	e18.c94: NT Headers: 0xe0
473	e18.c94: Timestamp: 0x556366f2
474	e18.c94: Machine: 0x8664 - amd64
475	e18.c94: Timestamp: 0x556366f2
476	e18.c94: Image Version: 6.1
477	e18.c94: SizeOfImage: 0x1a9000 (1740800)
478	e18.c94: Resource Dir: 0x14d000 LB 0x5a028
479	e18.c94: ProductName: Microsoft® Windows® Operating System
480	e18.c94: ProductVersion: 6.1.7601.18869
481	e18.c94: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
482	e18.c94: FileDescription: NT Layer DLL
483	e18.c94: \SystemRoot\System32\kernel32.dll:
484	e18.c94: CreationTime: 2015-06-30T18:24:53.107304100Z
485	e18.c94: LastWriteTime: 2015-05-25T18:19:02.585000000Z
486	e18.c94: ChangeTime: 2015-06-30T22:16:12.324282300Z
487	e18.c94: FileAttributes: 0x20
488	e18.c94: Size: 0x11be00
489	e18.c94: NT Headers: 0xe8
490	e18.c94: Timestamp: 0x556366fc
491	e18.c94: Machine: 0x8664 - amd64
492	e18.c94: Timestamp: 0x556366fc
493	e18.c94: Image Version: 6.1
494	e18.c94: SizeOfImage: 0x11f000 (1175552)
495	e18.c94: Resource Dir: 0x116000 LB 0x528
496	e18.c94: ProductName: Microsoft® Windows® Operating System
497	e18.c94: ProductVersion: 6.1.7601.18869
498	e18.c94: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
499	e18.c94: FileDescription: Windows NT BASE API Client DLL
500	e18.c94: \SystemRoot\System32\KernelBase.dll:
501	e18.c94: CreationTime: 2015-06-30T18:24:53.060504000Z
502	e18.c94: LastWriteTime: 2015-05-25T18:19:02.585000000Z
503	e18.c94: ChangeTime: 2015-06-30T22:16:12.324282300Z
504	e18.c94: FileAttributes: 0x20
505	e18.c94: Size: 0x67c00
506	e18.c94: NT Headers: 0xe8
507	e18.c94: Timestamp: 0x556366fd
508	e18.c94: Machine: 0x8664 - amd64
509	e18.c94: Timestamp: 0x556366fd
510	e18.c94: Image Version: 6.1
511	e18.c94: SizeOfImage: 0x6c000 (442368)
512	e18.c94: Resource Dir: 0x6a000 LB 0x530
513	e18.c94: ProductName: Microsoft® Windows® Operating System
514	e18.c94: ProductVersion: 6.1.7601.18869
515	e18.c94: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
516	e18.c94: FileDescription: Windows NT BASE API Client DLL
517	e18.c94: \SystemRoot\System32\apisetschema.dll:
518	e18.c94: CreationTime: 2015-06-30T18:24:52.124502300Z
519	e18.c94: LastWriteTime: 2015-05-25T18:11:40.254000000Z
520	e18.c94: ChangeTime: 2015-06-30T22:16:12.074681900Z
521	e18.c94: FileAttributes: 0x20
522	e18.c94: Size: 0x1a00
523	e18.c94: NT Headers: 0xc0
524	e18.c94: Timestamp: 0x55636622
525	e18.c94: Machine: 0x8664 - amd64
526	e18.c94: Timestamp: 0x55636622
527	e18.c94: Image Version: 6.1
528	e18.c94: SizeOfImage: 0x50000 (327680)
529	e18.c94: Resource Dir: 0x30000 LB 0x3f8
530	e18.c94: ProductName: Microsoft® Windows® Operating System
531	e18.c94: ProductVersion: 6.1.7601.18869
532	e18.c94: FileVersion: 6.1.7601.18869 (win7sp1_gdr.150525-0603)
533	e18.c94: FileDescription: ApiSet Schema DLL
534	e18.c94: supR3HardenedWinFindAdversaries: 0x80
535	e18.c94: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
536	e18.c94: CreationTime: 2015-07-18T23:42:46.446818300Z
537	e18.c94: LastWriteTime: 2015-07-27T17:41:10.541992700Z
538	e18.c94: ChangeTime: 2015-07-27T17:41:10.541992700Z
539	e18.c94: FileAttributes: 0x20
540	e18.c94: Size: 0x1bcd8
541	e18.c94: NT Headers: 0xe8
542	e18.c94: Timestamp: 0x552c190f
543	e18.c94: Machine: 0x8664 - amd64
544	e18.c94: Timestamp: 0x552c190f
545	e18.c94: Image Version: 6.1
546	e18.c94: SizeOfImage: 0x21000 (135168)
547	e18.c94: Resource Dir: 0x1f000 LB 0x3f0
548	e18.c94: ProductName: Malwarebytes Anti-Malware
549	e18.c94: ProductVersion: 0.2.22.0
550	e18.c94: FileVersion: 0.2.22.0
551	e18.c94: FileDescription: Malwarebytes Anti-Malware
552	e18.c94: \SystemRoot\System32\drivers\mwac.sys:
553	e18.c94: CreationTime: 2015-07-18T23:42:36.308030900Z
554	e18.c94: LastWriteTime: 2015-06-18T08:48:04.000000000Z
555	e18.c94: ChangeTime: 2015-07-18T23:43:21.166227100Z
556	e18.c94: FileAttributes: 0x20
557	e18.c94: Size: 0xf8d8
558	e18.c94: NT Headers: 0xf8
559	e18.c94: Timestamp: 0x53a0f42a
560	e18.c94: Machine: 0x8664 - amd64
561	e18.c94: Timestamp: 0x53a0f42a
562	e18.c94: Image Version: 6.2
563	e18.c94: SizeOfImage: 0x12000 (73728)
564	e18.c94: Resource Dir: 0x10000 LB 0x3e0
565	e18.c94: ProductName: Malwarebytes Web Access Control
566	e18.c94: ProductVersion: 1.0.6.0
567	e18.c94: FileVersion: 1.0.6.0
568	e18.c94: FileDescription: Malwarebytes Web Access Control
569	e18.c94: \SystemRoot\System32\drivers\mbamchameleon.sys:
570	e18.c94: CreationTime: 2015-07-18T23:42:36.315031800Z
571	e18.c94: LastWriteTime: 2015-06-18T08:47:54.000000000Z
572	e18.c94: ChangeTime: 2015-07-18T23:43:21.178228700Z
573	e18.c94: FileAttributes: 0x20
574	e18.c94: Size: 0x1aad8
575	e18.c94: NT Headers: 0xd8
576	e18.c94: Timestamp: 0x554cf757
577	e18.c94: Machine: 0x8664 - amd64
578	e18.c94: Timestamp: 0x554cf757
579	e18.c94: Image Version: 6.1
580	e18.c94: SizeOfImage: 0x1e000 (122880)
581	e18.c94: Resource Dir: 0x1c000 LB 0xbd8
582	e18.c94: ProductName: Malwarebytes Chameleon
583	e18.c94: ProductVersion: 1.1.20.0
584	e18.c94: FileVersion: 1.1.20.0
585	e18.c94: FileDescription: Malwarebytes Chameleon Protection Driver
586	e18.c94: \SystemRoot\System32\drivers\mbam.sys:
587	e18.c94: CreationTime: 2015-07-18T23:42:36.304030400Z
588	e18.c94: LastWriteTime: 2015-06-18T08:47:50.000000000Z
589	e18.c94: ChangeTime: 2015-07-18T23:43:21.159226300Z
590	e18.c94: FileAttributes: 0x20
591	e18.c94: Size: 0x64d8
592	e18.c94: NT Headers: 0xd8
593	e18.c94: Timestamp: 0x540754e1
594	e18.c94: Machine: 0x8664 - amd64
595	e18.c94: Timestamp: 0x540754e1
596	e18.c94: Image Version: 6.1
597	e18.c94: SizeOfImage: 0xa000 (40960)
598	e18.c94: Resource Dir: 0x8000 LB 0x3d0
599	e18.c94: ProductName: Malwarebytes Anti-Malware
600	e18.c94: ProductVersion: 0.1.15.0
601	e18.c94: FileVersion: 0.1.15.0
602	e18.c94: FileDescription: Malwarebytes Anti-Malware
603	e18.c94: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
604	e18.c94: Calling main()
605	e18.c94: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
606	e18.c94: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
607	e18.c94: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
608	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
609	e18.c94: SUPR3HardenedMain: Final process, opening VBoxDrv...
610	e18.c94: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000250000 LB 0x400000)
611	e18.c94: supR3HardNtEnableThreadCreation:
612	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
613	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
614	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000783fc0:C:\Windows\system32 [calling]
615	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
616	e18.c94: supR3HardenedDllNotificationCallback: load 000007fef9330000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
617	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
618	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
619	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
620	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9330000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
621	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
622	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
623	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9330000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
624	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9330000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
625	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
626	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
627	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
628	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
629	e18.c94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
630	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
631	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
632	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
633	e18.c94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
634	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
635	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
636	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
637	e18.c94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
638	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
639	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
640	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
641	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
642	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
643	e18.c94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
644	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
645	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
646	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
647	e18.c94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
648	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
649	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
650	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
651	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
652	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
653	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
654	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
655	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000783fc0:C:\Windows\system32 [calling]
656	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
657	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefd350000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
658	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
659	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefdc40000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
660	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
661	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefd0e0000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
662	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
663	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefd0b0000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
664	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
665	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefeca0000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
666	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
667	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd350000 'C:\Windows\system32\Wintrust.dll'
668	e18.c94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
669	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
670	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c9240:C:\Windows\system32 [calling]
671	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
672	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefca40000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
673	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
674	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca40000 'C:\Windows\system32\bcrypt.dll'
675	e18.c94: bcrypt.dll loaded at 000007fefca40000, BCryptOpenAlgorithmProvider at 000007fefca42640, preloading providers:
676	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
677	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
678	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
679	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
680	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
681	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
682	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
683	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
684	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
685	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
686	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
687	e18.c94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
688	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
689	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
690	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
691	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
692	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
693	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
694	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
695	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
696	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
697	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefc530000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
698	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
699	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefdb60000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
700	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
701	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
702	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
703	e18.c94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
704	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
705	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefede0000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
706	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
707	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc530000 'C:\Windows\system32\bcryptprimitives.dll'
708	e18.c94: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000007ca920)
709	e18.c94: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000007cd7e0)
710	e18.c94: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000007cd900)
711	e18.c94: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000007cdb10)
712	e18.c94: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000007cdc30)
713	e18.c94: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000007cdd50)
714	e18.c94: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000007cdf90)
715	e18.c94: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000007ce0b0)
716	e18.c94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
717	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
718	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
719	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
720	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
721	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
722	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
723	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
724	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
725	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
726	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefc8f0000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
727	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
728	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc8f0000 'C:\Windows\system32\CRYPTSP.dll'
729	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
730	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
731	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
732	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
733	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
734	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
735	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
736	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
737	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefc5f0000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
738	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
739	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc5f0000 'C:\Windows\system32\rsaenh.dll'
740	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
741	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
742	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb60000 'C:\Windows\system32\ADVAPI32.dll'
743	e18.c94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
744	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
745	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
746	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
747	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefcf50000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
748	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
749	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf50000 'C:\Windows\system32\CRYPTBASE.dll'
750	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
751	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
752	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000771e0000 'C:\Windows\system32\kernel32.dll'
753	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
754	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
755	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd350000 'C:\Windows\system32\WINTRUST.DLL'
756	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
757	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
758	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0e0000 'C:\Windows\system32\CRYPT32.dll'
759	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
760	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
761	e18.c94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
762	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
763	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
764	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
765	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
766	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
767	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
768	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
769	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
770	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
771	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefea70000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
772	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
773	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea70000 'C:\Windows\system32\imagehlp.dll'
774	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
775	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
776	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc8f0000 'C:\Windows\system32\CRYPTSP.dll'
777	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
778	e18.c94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
779	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
780	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
781	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
782	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
783	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
784	e18.c94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
785	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
786	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
787	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
788	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
789	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
790	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
791	e18.c94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
792	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
793	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
794	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
795	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
796	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
797	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
798	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
799	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
800	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
801	e18.c94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
802	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
803	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
804	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
805	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
806	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
807	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
808	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
809	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
810	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
811	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
812	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
813	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
814	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
815	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
816	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
817	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
818	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
819	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
820	e18.c94: supR3HardenedDllNotificationCallback: load 00000000770e0000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
821	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
822	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefee30000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
823	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
824	e18.c94: supR3HardenedDllNotificationCallback: load 000007feff2d0000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
825	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
826	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefef80000 LB 0x000c9000 C:\Windows\system32\USP10.dll [fFlags=0x0]
827	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
828	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
829	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
830	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee30000 'C:\Windows\system32\gdi32.dll'
831	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
832	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
833	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
834	e18.c94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
835	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
836	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
837	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
838	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
839	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
840	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
841	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
842	e18.c94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
843	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
844	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
845	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
846	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
847	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
848	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
849	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
850	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
851	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
852	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
853	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
854	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
855	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
856	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
857	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
858	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
859	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
860	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
861	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
862	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
863	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
864	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefee00000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
865	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
866	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefd600000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
867	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
868	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee00000 'C:\Windows\system32\IMM32.DLL'
869	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000770e0000 'C:\Windows\system32\USER32.dll'
870	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
871	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
872	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
873	e18.c94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
874	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
875	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
876	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
877	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
878	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
879	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
880	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
881	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
882	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
883	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
884	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
885	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
886	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefca70000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
887	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
888	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca70000 'C:\Windows\system32\ncrypt.dll'
889	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
890	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
891	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca40000 'C:\Windows\system32\bcrypt.dll'
892	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
893	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
894	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
895	e18.c94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
896	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
897	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
898	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
899	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
900	e18.c94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
901	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
902	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
903	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
904	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
905	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
906	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
907	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
908	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
909	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
910	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
911	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
912	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
913	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefd290000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
914	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
915	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefd0c0000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
916	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
917	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd290000 'C:\Windows\system32\USERENV.dll'
918	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
919	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefede0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
920	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
921	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefede0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
922	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
923	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
924	e18.c94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
925	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
926	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
927	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
928	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
929	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
930	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
931	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
932	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
933	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
934	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefc360000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
935	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
936	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc360000 'C:\Windows\system32\GPAPI.dll'
937	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
938	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefede0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
939	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
940	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
941	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeca0000 'C:\Windows\system32\rpcrt4.dll'
942	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
943	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefede0000 'API-MS-WIN-Service-Management-L2-1-0.dll'
944	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
945	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefede0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
946	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
947	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
948	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
949	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
950	e18.c94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
951	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
952	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
953	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
954	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
955	e18.c94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
956	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
957	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
958	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
959	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
960	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
961	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
962	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
963	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
964	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
965	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
966	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
967	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
968	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
969	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
970	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
971	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefa220000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
972	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
973	e18.c94: supR3HardenedDllNotificationCallback: load 000007feff2e0000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
974	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
975	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
976	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
977	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa220000 'C:\Windows\system32\cryptnet.dll'
978	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
979	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
980	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa220000 'C:\Windows\system32\cryptnet.dll'
981	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
982	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
983	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa220000 'C:\Windows\system32\cryptnet.dll'
984	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
985	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
986	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa220000 'C:\Windows\system32\cryptnet.dll'
987	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
988	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
989	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa220000 'C:\Windows\system32\cryptnet.dll'
990	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
991	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
992	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa220000 'C:\Windows\system32\cryptnet.dll'
993	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
994	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa220000 'C:\Windows\system32\cryptnet.dll'
995	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
996	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa220000 'C:\Windows\system32\cryptnet.dll'
997	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
998	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa220000 'C:\Windows\system32\cryptnet.dll'
999	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1000	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa220000 'C:\Windows\system32\cryptnet.dll'
1001	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1002	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa220000 'C:\Windows\system32\cryptnet.dll'
1003	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa220000 'C:\Windows\system32\cryptnet.dll'
1004	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1005	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa220000 'C:\Windows\system32\cryptnet.dll'
1006	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1007	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefede0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1008	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
1009	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1010	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0c0000 'C:\Windows\system32\profapi.dll'
1011	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1012	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1013	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
1014	e18.c94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
1015	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1016	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1017	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1018	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1019	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1020	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1021	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1022	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1023	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1024	e18.c94: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1025	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1026	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1027	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefd710000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
1028	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1029	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd710000 'C:\Windows\system32\SHLWAPI.dll'
1030	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
1031	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007ca840
1032	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1033	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EDC3F71C5551972E1510D1BCC6D436D5B6B426E8
1034	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1035	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefede0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1036	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1037	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefede0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1038	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1039	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefede0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
1040	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1041	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1042	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb60000 'C:\Windows\system32\ADVAPI32.dll'
1043	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1044	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefede0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1045	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1046	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefede0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1047	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\SystemRoot\System32\ntdll.dll'
1048	e18.c94: g_pfnWinVerifyTrust=000007fefd351010
1049	e18.c94: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
1050	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
1051	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1052	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1053	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BFD41401EDEBD4D914977D62B588ECABEE60CFD3
1054	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_112_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1055	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1056	e18.c94: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1057	e18.c94: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
1058	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
1059	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1060	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1061	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E1BBE4EB6D114F50142F24E2E2749EFD81021486
1062	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1063	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1064	e18.c94: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1065	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000038c pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1066	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1067	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1068	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
1069	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1070	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1071	e18.c94: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1072	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000380 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
1073	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1074	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1075	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
1076	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1077	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1078	e18.c94: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1079	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000037c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1080	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1081	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1082	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=756DC088EE40CF9369C990D71B200F3CB59FC35D
1083	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1084	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1085	e18.c94: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1086	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000258 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
1087	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1088	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1089	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
1090	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1091	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1092	e18.c94: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1093	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c4 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
1094	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1095	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1096	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
1097	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1098	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1099	e18.c94: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1100	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c0 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
1101	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1102	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1103	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
1104	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1105	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1106	e18.c94: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1107	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001ac pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
1108	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1109	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1110	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B24A74F7868A1824679A2006F7E6D98D206BCD0A
1111	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1112	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1113	e18.c94: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1114	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
1115	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1116	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1117	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03916BC73EE5A0E312E3D3100D0ACE1B78E93BB1
1118	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3033889~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1119	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1120	e18.c94: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1121	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
1122	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1123	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1124	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
1125	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1126	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1127	e18.c94: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1128	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
1129	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1130	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1131	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F1AA8340DE02FC1B6341EE2706E55D56EDF63B8
1132	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2957509~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1133	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1134	e18.c94: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1135	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
1136	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1137	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1138	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A9BD2F77F6F16827206A18B4C9CB5FCFA62A60CF
1139	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3032323~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1140	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1141	e18.c94: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1142	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
1143	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1144	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1145	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1707E74860DCBF0241835EF4A1E7C39B40ED3ACA
1146	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3046306~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1147	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1148	e18.c94: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1149	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
1150	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1151	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1152	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B723D1B8AD72750B0CF5F6BEC66171B1254ED879
1153	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
1154	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1155	e18.c94: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
1156	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
1157	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1158	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1159	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
1160	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1161	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1162	e18.c94: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1163	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1164	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1165	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1166	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A965CC5DB13A5FB23BBB1B6B5FA6D400DC49462F
1167	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1168	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1169	e18.c94: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1170	e18.c94: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
1171	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000012c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
1172	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1173	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1174	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BA7AC4A7E8ADDFEA90AC951ECB6D6546E4873613
1175	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1176	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1177	e18.c94: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1178	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
1179	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1180	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1181	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB669FA8DB80F8E50A29D055BB8D558E10E5E6B4
1182	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1183	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1184	e18.c94: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1185	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
1186	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1187	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1188	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9BBB1FC4DED54F17702B287B63F8FE24EE5D7844
1189	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1190	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1191	e18.c94: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1192	e18.c94: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
1193	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
1194	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1195	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1196	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
1197	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1198	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1199	e18.c94: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1200	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1201	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1202	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1203	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
1204	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1205	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1206	e18.c94: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1207	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
1208	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1209	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1210	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
1211	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1212	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1213	e18.c94: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1214	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1215	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1216	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1217	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03E871CFC4A3E7194619AFC99CEEA1EC75982D12
1218	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2978668~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1219	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1220	e18.c94: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1221	e18.c94: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1222	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1223	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1224	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1225	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FD34F960ED54F1FB26E76A32FB91273E3093869E
1226	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1227	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1228	e18.c94: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1229	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
1230	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1231	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1232	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1C47BBB61CB0D4D781B3BEC602422D40A0784762
1233	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1234	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1235	e18.c94: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1236	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1237	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000838050:C:\Windows\system32 [calling]
1238	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0e0000 'C:\Windows\system32\crypt32.dll'
1239	e18.c94: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1240	e18.c94: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1241	e18.c94: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1242	e18.c94: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1243	e18.c94: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1244	e18.c94: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1245	e18.c94: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1246	e18.c94: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1247	e18.c94: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1248	e18.c94: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1249	e18.c94: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1250	e18.c94: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1251	e18.c94: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1252	e18.c94: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1253	e18.c94: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1254	e18.c94: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1255	e18.c94: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, [email protected]
1256	e18.c94: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1257	e18.c94: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1258	e18.c94: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1259	e18.c94: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=20
1260	e18.c94: SUPR3HardenedMain: Load Runtime...
1261	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1262	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1263	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1264	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1265	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1266	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1267	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1268	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1269	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1270	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1271	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1272	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000040c pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1273	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1274	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1275	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
1276	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
1277	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1278	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1279	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1280	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
1281	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
1282	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1283	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1284	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1285	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1286	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1287	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1288	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1289	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1290	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1291	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1292	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1293	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1294	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1295	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1296	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1297	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000438 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
1298	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1299	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1300	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
1301	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
1302	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1303	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
1304	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
1305	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1306	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1307	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1308	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1309	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1310	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1311	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007f3160:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1312	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1313	e18.c94: supR3HardenedDllNotificationCallback: load 000007fef0cf0000 LB 0x0055f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1314	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1315	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1316	e18.c94: supR3HardenedDllNotificationCallback: load 0000000074d40000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1317	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1318	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1319	e18.c94: supR3HardenedDllNotificationCallback: load 0000000074ca0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1320	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1321	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefd8b0000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
1322	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1323	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefedd0000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
1324	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
1325	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1326	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1327	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1328	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1329	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1330	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1331	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1332	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1333	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1334	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1335	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1336	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1337	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1338	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1339	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1340	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1341	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1342	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1343	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1344	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1345	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1346	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1347	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1348	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1349	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1350	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1351	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1352	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1353	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1354	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1355	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1356	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1357	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1358	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1359	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1360	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1361	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1362	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1363	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1364	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1365	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1366	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1367	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1368	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1369	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007843f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Mozilla Firefox;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1370	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1371	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1372	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1373	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0cf0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1374	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1375	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007eb160:C:\Windows\system32 [calling]
1376	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd350000 'C:\Windows\system32\Wintrust.dll'
1377	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1378	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007eb160:C:\Windows\system32 [calling]
1379	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0e0000 'C:\Windows\system32\crypt32.dll'
1380	e18.c94: SUPR3HardenedMain: Load TrustedMain...
1381	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1382	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1383	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1384	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1385	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1386	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
1387	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'.
1388	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
1389	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
1390	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
1391	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1392	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1393	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1394	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1395	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
1396	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
1397	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
1398	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1399	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1400	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1401	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000480 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
1402	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1403	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1404	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
1405	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
1406	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1407	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1408	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1409	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
1410	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1411	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1412	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1413	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000460 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1414	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1415	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1416	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
1417	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
1418	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1419	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1420	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1421	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1422	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1423	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1424	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1425	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
1426	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1427	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1428	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1429	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000474 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1430	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1431	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1432	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8A837B0D823EB506C6A4C447C1962174D27ED954
1433	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3020338~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
1434	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1435	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1436	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1437	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1438	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1439	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1440	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
1441	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1442	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1443	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1444	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000048c pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
1445	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1446	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1447	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E64AE329BD5124592BC8CB0B327AA3B95DC65B7
1448	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
1449	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1450	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1451	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1452	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
1453	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1454	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
1455	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
1456	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1457	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1458	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000484 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
1459	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1460	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1461	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0ED534A13973A0F8A98CD4EDC6CBC56E0448E994
1462	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3039066~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
1463	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1464	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1465	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
1466	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1467	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1468	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
1469	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1470	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1471	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1472	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1473	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1474	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1475	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1476	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1477	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1478	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
1479	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
1480	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1481	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1482	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1483	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
1484	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1485	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1486	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust
1487	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1488	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'...
1489	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008]
1490	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
1491	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
1492	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
1493	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll) WinVerifyTrust
1494	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1495	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1496	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1497	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1498	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
1499	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
1500	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1501	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1502	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1503	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1504	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1505	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
1506	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
1507	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
1508	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
1509	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
1510	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll) WinVerifyTrust
1511	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1512	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1513	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1514	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1515	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1516	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1517	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
1518	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1519	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1520	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll) WinVerifyTrust
1521	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1522	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1523	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1524	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1525	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1526	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1527	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1528	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1529	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1530	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1531	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1532	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c8 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1533	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1534	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1535	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
1536	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1537	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1538	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1539	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1540	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1541	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1542	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1543	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1544	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
1545	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1546	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1547	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1548	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1549	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1550	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004bc pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
1551	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1552	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1553	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
1554	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
1555	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1556	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1557	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1558	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1559	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1560	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1561	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1562	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
1563	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1564	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1565	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1566	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b8 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
1567	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1568	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1569	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
1570	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
1571	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1572	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1573	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1574	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1575	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
1576	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1577	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1578	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1579	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1580	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1581	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1582	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1583	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1584	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1585	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1586	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1587	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1588	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1589	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1590	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1591	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1592	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1593	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1594	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1595	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1596	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1597	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1598	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1599	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1600	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1601	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1602	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1603	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1604	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1605	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1606	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1607	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1608	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1609	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1610	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1611	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1612	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1613	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1614	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1615	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1616	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1617	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1618	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1619	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1620	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1621	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1622	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ac pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
1623	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1624	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1625	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
1626	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
1627	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1628	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1629	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1630	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1631	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust
1632	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
1633	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1634	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1635	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1636	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1637	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1638	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1639	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1640	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1641	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1642	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1643	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1644	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1645	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1646	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1647	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1648	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1649	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1650	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1651	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1652	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1653	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1654	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1655	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1656	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1657	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1658	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1659	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1660	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1661	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1662	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1663	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1664	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1665	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1666	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1667	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1668	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1669	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1670	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1671	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1672	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1673	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1674	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1675	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1676	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1677	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1678	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1679	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1680	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1681	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1682	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1683	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1684	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1685	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1686	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1687	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1688	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1689	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1690	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1691	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1692	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1693	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1694	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1695	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1696	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1697	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1698	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1699	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1700	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1701	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1702	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1703	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1704	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1705	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1706	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d8 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
1707	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1708	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1709	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
1710	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
1711	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1712	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1713	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1714	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1715	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
1716	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
1717	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1718	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1719	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1720	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1721	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1722	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1723	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1724	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1725	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1726	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1727	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1728	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1729	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1730	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1731	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1732	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1733	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1734	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1735	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1736	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1737	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1738	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1739	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1740	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1741	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1742	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1743	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1744	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1745	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1746	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1747	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1748	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1749	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1750	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
1751	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
1752	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000049c pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1753	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1754	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1755	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C408F88301F22BE596490B4A80BD2E09034763B4
1756	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3048761~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
1757	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1758	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1759	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1760	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1761	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
1762	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1763	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1764	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1765	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000498 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
1766	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1767	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1768	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
1769	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
1770	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1771	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
1772	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
1773	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
1774	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1775	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1776	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
1777	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
1778	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
1779	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1780	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1781	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1782	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1783	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1784	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e8 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
1785	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1786	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1787	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8C17410BD716DCF557221B982F7A015B5B6AC2B4
1788	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3032323~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
1789	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1790	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1791	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1792	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1793	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
1794	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1795	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1796	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1797	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1798	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1799	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1800	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1801	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1802	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1803	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1804	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1805	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
1806	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
1807	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f0 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
1808	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1809	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1810	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
1811	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
1812	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1813	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1814	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
1815	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
1816	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
1817	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1818	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1819	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1820	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1821	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1822	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1823	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1824	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1825	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1826	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1827	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1828	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1829	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1830	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e4 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1831	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1832	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1833	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
1834	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
1835	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1836	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1837	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
1838	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1839	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) WinVerifyTrust
1840	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1841	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1842	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1843	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1844	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1845	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1846	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1847	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1848	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1849	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1850	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1851	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1852	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1853	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1854	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1855	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1856	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1857	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1858	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007f3160:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1859	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1860	e18.c94: supR3HardenedDllNotificationCallback: load 000007feefc60000 LB 0x00ab9000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
1861	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1862	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1863	e18.c94: supR3HardenedDllNotificationCallback: load 000007fef3870000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
1864	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1865	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1866	e18.c94: supR3HardenedDllNotificationCallback: load 000007fef8590000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
1867	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1868	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1869	e18.c94: supR3HardenedDllNotificationCallback: load 000007fef19e0000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
1870	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1871	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1872	e18.c94: supR3HardenedDllNotificationCallback: load 000007fef87b0000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
1873	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1874	e18.c94: supR3HardenedDllNotificationCallback: load 000007feff0f0000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
1875	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1876	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefd430000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1877	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1878	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefeea0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1879	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1880	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefea90000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1881	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1882	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefd330000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1883	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
1884	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1885	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefadb0000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
1886	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1887	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1888	e18.c94: supR3HardenedDllNotificationCallback: load 00000000749c0000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
1889	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1890	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1891	e18.c94: supR3HardenedDllNotificationCallback: load 000000006bd00000 LB 0x0096c000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
1892	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1893	e18.c94: supR3HardenedDllNotificationCallback: load 000007feff050000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
1894	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1895	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1896	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1897	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1898	e18.c94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
1899	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
1900	e18.c94: supR3HardenedDllNotificationCallback: load 000007fef7dd0000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
1901	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
1902	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefdce0000 LB 0x00d89000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
1903	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1904	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1905	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefaea0000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
1906	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1907	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
1908	e18.c94: supR3HardenedDllNotificationCallback: load 000007fef8070000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
1909	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
1910	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1911	e18.c94: supR3HardenedDllNotificationCallback: load 00000000748b0000 LB 0x00105000 C:\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll [fFlags=0x0]
1912	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1913	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1914	e18.c94: supR3HardenedDllNotificationCallback: load 00000000747d0000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
1915	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1916	e18.c94: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
1917	e18.c94: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
1918	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1919	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1920	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1921	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1922	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1923	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1924	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1925	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007f3430:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1926	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee00000 'C:\Windows\system32\imm32.dll'
1927	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feefc60000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
1928	e18.c94: SUPR3HardenedMain: Calling TrustedMain (000007feefc610d0)...
1929	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1930	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007f3160:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1931	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaea0000 'C:\Windows\system32\winmm.dll'
1932	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000588 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1933	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1934	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1935	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
1936	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
1937	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1938	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1939	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1940	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
1941	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
1942	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1943	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1944	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1945	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1946	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1947	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1948	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1949	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000003da0e0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1950	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1951	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefb4b0000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
1952	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1953	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb4b0000 'C:\Windows\system32\uxtheme.dll'
1954	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1955	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000003da0e0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1956	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb4b0000 'C:\Windows\system32\uxtheme.dll'
1957	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1958	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000003dad40:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1959	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb4b0000 'C:\Windows\system32\uxtheme.dll'
1960	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1961	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000003dad40:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1962	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb4b0000 'C:\Windows\system32\uxtheme.dll'
1963	e18.c94: \Device\HarddiskVolume2\Program Files (x86)\TeamViewer\tv_x64.dll: Owner is administrators group.
1964	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'version.dll'.
1965	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comctl32.dll'.
1966	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1967	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1968	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'shell32.dll'.
1969	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1970	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files (x86)\TeamViewer\tv_x64.dll) WinVerifyTrust
1971	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files (x86)\TeamViewer\tv_x64.dll
1972	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1973	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1974	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1975	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1976	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1977	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1978	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1979	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1980	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1981	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1982	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1983	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1984	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comctl32.dll
1985	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
1986	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
1987	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005ac pwszName=\Device\HarddiskVolume2\Windows\System32\version.dll
1988	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
1989	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
1990	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A3AB94A028D0330A3DBCAE54C04C648532198DB9
1991	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\version.dll'
1992	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1993	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1994	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\version.dll) WinVerifyTrust
1995	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll
1996	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1997	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1998	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1999	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\TeamViewer\tv_x64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008155b0:C:\Program Files (x86)\TeamViewer;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2000	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\TeamViewer\tv_x64.dll
2001	e18.c94: supR3HardenedDllNotificationCallback: load 000007fef6bf0000 LB 0x00048000 C:\Program Files (x86)\TeamViewer\tv_x64.dll [fFlags=0x0]
2002	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\TeamViewer\tv_x64.dll
2003	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
2004	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefc1a0000 LB 0x0000c000 C:\Windows\system32\VERSION.dll [fFlags=0x0]
2005	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
2006	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6bf0000 'C:\Program Files (x86)\TeamViewer\tv_x64.dll'
2007	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb60000 'C:\Windows\system32\advapi32.dll'
2008	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2009	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007f35e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2010	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefadb0000 'C:\Windows\system32\dwmapi.dll'
2011	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
2012	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007f35e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2013	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf50000 'C:\Windows\system32\CRYPTBASE.dll'
2014	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2015	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007f35e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2016	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdce0000 'C:\Windows\system32\shell32.dll'
2017	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2018	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007f35e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2019	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000771e0000 'C:\Windows\system32\kernel32.dll'
2020	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2021	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007f35e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2022	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb4b0000 'C:\Windows\system32\uxtheme.dll'
2023	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2024	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007f35e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2025	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb4b0000 'C:\Windows\system32\uxtheme.dll'
2026	e18.c94: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
2027	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007f35e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2028	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
2029	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000770e0000 'C:\Windows\system32\user32.dll'
2030	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2031	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007f35e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2032	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb4b0000 'C:\Windows\system32\uxtheme.dll'
2033	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000770e0000 'C:\Windows\system32\user32.dll'
2034	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb60000 'C:\Windows\system32\advapi32.dll'
2035	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
2036	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007f35e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2037	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd290000 'C:\Windows\system32\userenv.dll'
2038	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2039	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007f35e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2040	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000771e0000 'C:\Windows\system32\kernel32.dll'
2041	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000624 pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2042	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
2043	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
2044	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
2045	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
2046	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2047	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2048	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2049	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2050	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2051	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2052	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2053	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) WinVerifyTrust
2054	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2055	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2056	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2057	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2058	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2059	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2060	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2061	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2062	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2063	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2064	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2065	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2066	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2067	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2068	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2069	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007f35e0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2070	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2071	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefd790000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
2072	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2073	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd790000 'C:\Windows\system32\CLBCatQ.DLL'
2074	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2075	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007f3820:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2076	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb60000 'C:\Windows\system32\ADVAPI32.dll'
2077	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
2078	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007f3550:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2079	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc8f0000 'C:\Windows\system32\CRYPTSP.dll'
2080	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000644 pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2081	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
2082	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
2083	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
2084	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
2085	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2086	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
2087	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
2088	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2089	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2090	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2091	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007f3550:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2092	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2093	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefd000000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
2094	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2095	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd000000 'C:\Windows\system32\RpcRtRemote.dll'
2096	e18.e5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2097	e18.e5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2098	e18.e5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'psapi.dll'.
2099	e18.e5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
2100	e18.e5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2101	e18.e5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'version.dll'.
2102	e18.e5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
2103	e18.e5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
2104	e18.e5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
2105	e18.e5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
2106	e18.e5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2107	e18.e5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2108	e18.e5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2109	e18.e5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2110	e18.e5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2111	e18.e5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2112	e18.e5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2113	e18.e5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2114	e18.e5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2115	e18.e5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2116	e18.e5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
2117	e18.e5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
2118	e18.e5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
2119	e18.e5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2120	e18.e5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2121	e18.e5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2122	e18.e5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2123	e18.e5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
2124	e18.e5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
2125	e18.e5c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000684 pwszName=\Device\HarddiskVolume2\Windows\System32\psapi.dll
2126	e18.e5c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
2127	e18.e5c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
2128	e18.e5c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=561BAAB249C395B66D294444DF251EDB701DB607
2129	e18.e5c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\psapi.dll'
2130	e18.e5c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2131	e18.e5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\psapi.dll) WinVerifyTrust
2132	e18.e5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\psapi.dll
2133	e18.e5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2134	e18.e5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2135	e18.e5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2136	e18.e5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2137	e18.e5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2138	e18.e5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008158f0:C:\Program Files\Oracle\VirtualBox;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2139	e18.e5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2140	e18.e5c: supR3HardenedDllNotificationCallback: load 000007feef680000 LB 0x005d7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
2141	e18.e5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2142	e18.e5c: supR3HardenedDllNotificationCallback: load 00000000774d0000 LB 0x00007000 C:\Windows\system32\PSAPI.DLL [fFlags=0x0]
2143	e18.e5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\psapi.dll
2144	e18.e5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef680000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
2145	e18.e5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2146	e18.e5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000003daea0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2147	e18.e5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeea0000 'C:\Windows\system32\oleaut32.dll'
2148	e18.e5c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006a8 pwszName=\Device\HarddiskVolume2\Windows\System32\sxs.dll
2149	e18.e5c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
2150	e18.e5c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
2151	e18.e5c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FCAC019C19F878C2B628662A84ECE75A01818BC9
2152	e18.e5c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\sxs.dll'
2153	e18.e5c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2154	e18.e5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sxs.dll) WinVerifyTrust
2155	e18.e5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sxs.dll
2156	e18.e5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SXS.DLL (Input=SXS.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007f3d30:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2157	e18.e5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
2158	e18.e5c: supR3HardenedDllNotificationCallback: load 000007fefcf60000 LB 0x00091000 C:\Windows\system32\SXS.DLL [fFlags=0x0]
2159	e18.e5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
2160	e18.e5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf60000 'C:\Windows\system32\SXS.DLL'
2161	e18.e5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb60000 'C:\Windows\system32\ADVAPI32.dll'
2162	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2163	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007f4000:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2164	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeea0000 'C:\Windows\system32\OLEAUT32.dll'
2165	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb60000 'C:\Windows\system32\ADVAPI32.dll'
2166	e18.c94: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
2167	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000032b3d20:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2168	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
2169	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee30000 'C:\Windows\system32\gdi32.dll'
2170	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
2171	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\user32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007f3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2172	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000770e0000 'C:\Windows\system32\user32.dll'
2173	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2174	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007f3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2175	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdce0000 'C:\Windows\system32\shell32.dll'
2176	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxoglhostcrutil.dll'.
2177	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2178	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
2179	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtcorevbox4.dll'.
2180	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtguivbox4.dll'.
2181	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtopenglvbox4.dll'.
2182	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'opengl32.dll'.
2183	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxTestOGL.exe)
2184	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxTestOGL.exe
2185	e18.c94: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxTestOGL.exe'
2186	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a98 pwszName=\Device\HarddiskVolume2\Windows\System32\apphelp.dll
2187	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
2188	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
2189	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8FFB8CDACDC5C9C6D9256E97FB0710E2753FFAA1
2190	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3045645~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\apphelp.dll'
2191	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2192	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll) WinVerifyTrust
2193	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
2194	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
2195	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
2196	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2197	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
2198	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
2199	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
2200	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
2201	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
2202	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
2203	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
2204	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
2205	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
2206	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2207	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2208	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2209	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2210	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
2211	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
2212	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2213	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2214	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
2215	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
2216	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll) WinVerifyTrust
2217	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
2218	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2219	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2220	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2221	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2222	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2223	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2224	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2225	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2226	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2227	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2228	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
2229	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll
2230	e18.c94: supR3HardenedDllNotificationCallback: load 000007fefcef0000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
2231	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll
2232	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcef0000 'C:\Windows\system32\apphelp.dll'
2233	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2234	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007f3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2235	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea90000 'C:\Windows\system32\ole32.dll'
2236	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2237	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007f3dc0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2238	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdce0000 'C:\Windows\system32\shell32.dll'
2239	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2240	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007f3dc0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2241	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdce0000 'C:\Windows\system32\shell32.dll'
2242	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea90000 'C:\Windows\system32\ole32.dll'
2243	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2244	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007f3dc0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2245	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeea0000 'C:\Windows\system32\OLEAUT32.dll'
2246	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000af0 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2247	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
2248	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
2249	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
2250	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
2251	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2252	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2253	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
2254	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2255	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2256	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
2257	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
2258	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
2259	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2260	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2261	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2262	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2263	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2264	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2265	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2266	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2267	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2268	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2269	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2270	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2271	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000af8 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2272	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
2273	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
2274	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
2275	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
2276	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2277	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2278	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
2279	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2280	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2281	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
2282	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
2283	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2284	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2285	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2286	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2287	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2288	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2289	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2290	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2291	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2292	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2293	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2294	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2295	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2296	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2297	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000032917f0:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2298	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2299	e18.c94: supR3HardenedDllNotificationCallback: load 000007fef8fd0000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
2300	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2301	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2302	e18.c94: supR3HardenedDllNotificationCallback: load 000007fef9400000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
2303	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2304	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8fd0000 'C:\Windows\system32\wbem\wbemprox.dll'
2305	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b28 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2306	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
2307	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
2308	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
2309	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
2310	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2311	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2312	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2313	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
2314	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2315	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2316	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2317	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2318	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2319	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000032917f0:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2320	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2321	e18.c94: supR3HardenedDllNotificationCallback: load 000007fef8c90000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
2322	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2323	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8c90000 'C:\Windows\system32\wbem\wbemsvc.dll'
2324	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b2c pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2325	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
2326	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
2327	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
2328	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
2329	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2330	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2331	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
2332	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
2333	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
2334	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2335	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
2336	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
2337	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2338	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
2339	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
2340	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b0c pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2341	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
2342	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
2343	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
2344	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll'
2345	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2346	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2347	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
2348	e18.c94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
2349	e18.c94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll) WinVerifyTrust
2350	e18.c94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2351	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2352	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2353	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2354	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2355	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2356	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2357	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2358	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2359	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2360	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2361	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2362	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2363	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2364	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2365	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2366	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2367	e18.c94: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2368	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2369	e18.c94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2370	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000032917f0:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2371	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2372	e18.c94: supR3HardenedDllNotificationCallback: load 000007fef9050000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
2373	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2374	e18.c94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2375	e18.c94: supR3HardenedDllNotificationCallback: load 000007fef9380000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
2376	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2377	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9050000 'C:\Windows\system32\wbem\fastprox.dll'
2378	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeea0000 'C:\Windows\system32\OLEAUT32.dll'
2379	e18.c94: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [redir]
2380	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [redoing WinVerifyTrust]
2381	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000500 pwszName=\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
2382	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
2383	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
2384	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
2385	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
2386	e18.c94: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2387	e18.c94: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
2388	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000004a17fc0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2389	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7dd0000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
2390	e18.5f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2391	e18.5f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
2392	e18.5f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2393	e18.5f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
2394	e18.5f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2395	e18.5f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2396	e18.5f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2397	e18.5f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
2398	e18.5f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
2399	e18.c94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2400	e18.c94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004a17b40:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2401	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaea0000 'C:\Windows\system32\WINMM.dll'
2402	e18.5f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
2403	e18.5f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2404	e18.5f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
2405	e18.5f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
2406	e18.5f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2407	e18.5f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2408	e18.5f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2409	e18.5f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2410	e18.5f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2411	e18.5f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2412	e18.5f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2413	e18.5f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2414	e18.5f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2415	e18.5f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2416	e18.5f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004a17ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2417	e18.5f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2418	e18.5f4: supR3HardenedDllNotificationCallback: load 000007feede80000 LB 0x00293000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
2419	e18.5f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2420	e18.5f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2421	e18.5f4: supR3HardenedDllNotificationCallback: load 0000000074410000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
2422	e18.5f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2423	e18.5f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede80000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2424	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2425	e18.ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys)
2426	e18.ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys
2427	e18.ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys [avoiding WinVerifyTrust]
2428	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2429	e18.ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys)
2430	e18.ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys
2431	e18.ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys [avoiding WinVerifyTrust]
2432	e18.ef4: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys: Owner is administrators group.
2433	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ndis.sys'.
2434	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ntoskrnl.exe'.
2435	e18.ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys)
2436	e18.ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys
2437	e18.ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys [avoiding WinVerifyTrust]
2438	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2439	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
2440	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
2441	e18.ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys)
2442	e18.ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys
2443	e18.ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys [avoiding WinVerifyTrust]
2444	e18.42c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys'
2445	e18.42c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys'
2446	e18.42c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys'
2447	e18.42c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys'
2448	e18.42c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2449	e18.42c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2450	e18.42c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2451	e18.42c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2452	e18.42c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
2453	e18.42c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2454	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2455	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2456	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2457	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2458	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2459	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2460	e18.42c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2461	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2462	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2463	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
2464	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
2465	e18.42c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2466	e18.42c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
2467	e18.42c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msrpc.sys'.
2468	e18.42c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys) WinVerifyTrust
2469	e18.42c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\netio.sys
2470	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
2471	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
2472	e18.42c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2473	e18.42c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2474	e18.42c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
2475	e18.42c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys) WinVerifyTrust
2476	e18.42c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys
2477	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2478	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2479	e18.42c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'pshed.dll'.
2480	e18.42c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2481	e18.42c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'kdcom.dll'.
2482	e18.42c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'clfs.sys'.
2483	e18.42c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ci.dll'.
2484	e18.42c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe) WinVerifyTrust
2485	e18.42c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2486	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2487	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2488	e18.42c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2489	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
2490	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
2491	e18.42c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys
2492	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2493	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2494	e18.42c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2495	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2496	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2497	e18.42c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2498	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ci.dll'...
2499	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ci.dll' -> '\Device\HarddiskVolume2\Windows\System32\ci.dll' [rcNtRedir=0xc0150008]
2500	e18.42c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2501	e18.42c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ci.dll) WinVerifyTrust
2502	e18.42c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ci.dll
2503	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'clfs.sys'...
2504	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: 'clfs.sys' -> '\Device\HarddiskVolume2\Windows\System32\clfs.sys' [rcNtRedir=0xc0150008]
2505	e18.42c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2506	e18.42c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clfs.sys) WinVerifyTrust
2507	e18.42c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clfs.sys
2508	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
2509	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume2\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
2510	e18.42c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2511	e18.42c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2512	e18.42c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kdcom.dll) WinVerifyTrust
2513	e18.42c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kdcom.dll
2514	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2515	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2516	e18.42c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2517	e18.42c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'kdcom.dll'.
2518	e18.42c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'pshed.dll'.
2519	e18.42c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\hal.dll) WinVerifyTrust
2520	e18.42c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\hal.dll
2521	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
2522	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume2\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
2523	e18.42c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2524	e18.42c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2525	e18.42c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\PSHED.DLL) WinVerifyTrust
2526	e18.42c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\PSHED.DLL
2527	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
2528	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
2529	e18.42c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\netio.sys
2530	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2531	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2532	e18.42c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll
2533	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2534	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2535	e18.42c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2536	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
2537	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msrpc.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys' [rcNtRedir=0xc0150008]
2538	e18.42c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2539	e18.42c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys) WinVerifyTrust
2540	e18.42c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys
2541	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
2542	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
2543	e18.42c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys
2544	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2545	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2546	e18.42c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2547	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2548	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2549	e18.42c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2550	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2551	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2552	e18.42c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll
2553	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2554	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2555	e18.42c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2556	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
2557	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume2\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
2558	e18.42c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\PSHED.DLL
2559	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
2560	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume2\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
2561	e18.42c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kdcom.dll
2562	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2563	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2564	e18.42c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe
2565	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2566	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2567	e18.42c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll
2568	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2569	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2570	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2571	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2572	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2573	e18.42c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2574	e18.42c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004a17ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2575	e18.42c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2576	e18.42c: supR3HardenedDllNotificationCallback: load 000007fef9640000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2577	e18.42c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2578	e18.42c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9640000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2579	e18.278: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2580	e18.278: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2581	e18.278: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2582	e18.278: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
2583	e18.278: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2584	e18.278: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2585	e18.278: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2586	e18.278: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2587	e18.278: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2588	e18.278: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2589	e18.278: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2590	e18.278: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2591	e18.278: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004a17ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2592	e18.278: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2593	e18.278: supR3HardenedDllNotificationCallback: load 000007fef9320000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2594	e18.278: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2595	e18.278: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9320000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2596	e18.ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxTestOGL.exe
2597	e18.5bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2598	e18.5bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
2599	e18.5bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2600	e18.5bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxvmm.dll'.
2601	e18.5bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxoglrenderspu.dll'.
2602	e18.5bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
2603	e18.5bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'.
2604	e18.5bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'oleaut32.dll'.
2605	e18.5bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll) WinVerifyTrust
2606	e18.5bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
2607	e18.5bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2608	e18.5bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2609	e18.5bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2610	e18.5bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2611	e18.5bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2612	e18.5bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2613	e18.5bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglrenderspu.dll'...
2614	e18.5bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglrenderspu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglrenderspu.dll' [rcNtRedir=0xc0150008]
2615	e18.5bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2616	e18.5bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
2617	e18.5bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2618	e18.5bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2619	e18.5bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
2620	e18.5bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
2621	e18.5bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll) WinVerifyTrust
2622	e18.5bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
2623	e18.5bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2624	e18.5bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2625	e18.5bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2626	e18.5bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2627	e18.5bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2628	e18.5bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
2629	e18.5bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
2630	e18.5bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
2631	e18.5bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2632	e18.5bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2633	e18.5bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2634	e18.5bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2635	e18.5bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2636	e18.5bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2637	e18.5bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2638	e18.5bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2639	e18.5bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2640	e18.5bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2641	e18.5bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
2642	e18.5bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
2643	e18.5bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
2644	e18.5bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2645	e18.5bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2646	e18.5bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
2647	e18.5bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004a17ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2648	e18.5bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
2649	e18.5bc: supR3HardenedDllNotificationCallback: load 000007fef0bc0000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL [fFlags=0x0]
2650	e18.5bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
2651	e18.5bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
2652	e18.5bc: supR3HardenedDllNotificationCallback: load 000007fef6b70000 LB 0x00034000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [fFlags=0x0]
2653	e18.5bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
2654	e18.5bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
2655	e18.5bc: supR3HardenedDllNotificationCallback: load 000007fef6bc0000 LB 0x00028000 C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll [fFlags=0x0]
2656	e18.5bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
2657	e18.5bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0bc0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL'
2658	e18.5bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
2659	e18.5bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004a17ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2660	e18.5bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6bc0000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll'
2661	e18.5bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2662	e18.5bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
2663	e18.5bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll) WinVerifyTrust
2664	e18.5bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
2665	e18.5bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
2666	e18.5bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
2667	e18.5bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
2668	e18.5bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2669	e18.5bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2670	e18.5bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004a17ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2671	e18.5bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
2672	e18.5bc: supR3HardenedDllNotificationCallback: load 000007fef8a60000 LB 0x0001a000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll [fFlags=0x0]
2673	e18.5bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
2674	e18.5bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8a60000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll'
2675	e18.5bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2676	e18.5bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/opengl32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004a17ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2677	e18.5bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2678	e18.5bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3870000 'C:\Windows\system32/opengl32.dll'
2679	e18.5bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2680	e18.5bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004a17ab0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2681	e18.5bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3870000 'C:\Windows\system32\OPENGL32.dll'
2682	e18.5bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee30000 'C:\Windows\system32\gdi32.dll'
2683	e18.5bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee30000 'C:\Windows\system32\gdi32.dll'
2684	e18.5bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3870000 'C:\Windows\system32\OPENGL32.dll'
2685	e18.5bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3870000 'C:\Windows\system32\OPENGL32.dll'
2686	e18.5bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3870000 'C:\Windows\system32\OPENGL32.dll'
2687	e18.5bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3870000 'C:\Windows\system32\OPENGL32.dll'
2688	e18.5bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3870000 'C:\Windows\system32\OPENGL32.dll'
2689	e18.5bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3870000 'C:\Windows\system32\OPENGL32.dll'
2690	e18.efc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2691	e18.efc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2692	e18.efc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2693	e18.efc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
2694	e18.efc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2695	e18.efc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2696	e18.efc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2697	e18.efc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2698	e18.efc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2699	e18.efc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2700	e18.efc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2701	e18.efc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2702	e18.efc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004a17fc0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2703	e18.efc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2704	e18.efc: supR3HardenedDllNotificationCallback: load 000007fef8a50000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
2705	e18.efc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2706	e18.efc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8a50000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
2707	e18.7e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2708	e18.7e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2709	e18.7e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2710	e18.7e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
2711	e18.7e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2712	e18.7e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2713	e18.7e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2714	e18.7e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2715	e18.7e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2716	e18.7e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2717	e18.7e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2718	e18.7e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004a17fc0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2719	e18.7e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2720	e18.7e4: supR3HardenedDllNotificationCallback: load 000007fef8500000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
2721	e18.7e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2722	e18.7e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8500000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
2723	e18.ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdce0000 'C:\Windows\system32/Shell32.dll'
2724	e18.ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea90000 'C:\Windows\system32\ole32.dll'
2725	e18.ef4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000004a17fc0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2726	e18.ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefede0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
2727	e18.ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
2728	e18.ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004a17fc0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2729	e18.ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0c0000 'C:\Windows\system32\profapi.dll'
2730	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2731	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2732	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2733	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2734	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2735	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2736	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2737	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2738	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2739	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2740	e18.ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
2741	e18.ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2742	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2743	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2744	e18.ef4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e20 pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2745	e18.ef4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
2746	e18.ef4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
2747	e18.ef4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
2748	e18.ef4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
2749	e18.ef4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2750	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2751	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
2752	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
2753	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
2754	e18.ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
2755	e18.ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2756	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2757	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2758	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2759	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2760	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2761	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2762	e18.ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2763	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2764	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2765	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2766	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2767	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2768	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2769	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2770	e18.ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
2771	e18.ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2772	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2773	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
2774	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2775	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2776	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2777	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2778	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
2779	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
2780	e18.ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
2781	e18.ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2782	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2783	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2784	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2785	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2786	e18.ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2787	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2788	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2789	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2790	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2791	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
2792	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume2\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
2793	e18.ef4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e30 pwszName=\Device\HarddiskVolume2\Windows\System32\newdev.dll
2794	e18.ef4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
2795	e18.ef4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
2796	e18.ef4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F4B2CF91DA6B4233E3BF5D2EC9677240BFF983C
2797	e18.ef4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume2\Windows\System32\newdev.dll'
2798	e18.ef4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2799	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2800	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2801	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2802	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
2803	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'uxtheme.dll'.
2804	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'cfgmgr32.dll'.
2805	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'setupapi.dll'.
2806	e18.ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\newdev.dll) WinVerifyTrust
2807	e18.ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\newdev.dll
2808	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2809	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2810	e18.ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2811	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2812	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2813	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2814	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2815	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2816	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2817	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2818	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2819	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2820	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2821	e18.ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2822	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2823	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2824	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2825	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2826	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
2827	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
2828	e18.ef4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e14 pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll
2829	e18.ef4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
2830	e18.ef4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
2831	e18.ef4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91
2832	e18.ef4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
2833	e18.ef4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2834	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2835	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2836	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
2837	e18.ef4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust
2838	e18.ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2839	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2840	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2841	e18.ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2842	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2843	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2844	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2845	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2846	e18.ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2847	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2848	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2849	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2850	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2851	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2852	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2853	e18.ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2854	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2855	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2856	e18.ef4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2857	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
2858	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
2859	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2860	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2861	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2862	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2863	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2864	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2865	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2866	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2867	e18.ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004a17fc0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2868	e18.ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2869	e18.ef4: supR3HardenedDllNotificationCallback: load 000007feed590000 LB 0x008e3000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
2870	e18.ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2871	e18.ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2872	e18.ef4: supR3HardenedDllNotificationCallback: load 000007fef1970000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
2873	e18.ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2874	e18.ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
2875	e18.ef4: supR3HardenedDllNotificationCallback: load 000007fef7040000 LB 0x00051000 C:\Windows\system32\newdev.dll [fFlags=0x0]
2876	e18.ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
2877	e18.ef4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2878	e18.ef4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
2879	e18.ef4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
2880	e18.ef4: supR3HardenedDllNotificationCallback: load 000007fefc380000 LB 0x00012000 C:\Windows\system32\devrtl.DLL [fFlags=0x0]
2881	e18.ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
2882	e18.ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2883	e18.ef4: supR3HardenedDllNotificationCallback: load 000007fef5a30000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
2884	e18.ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2885	e18.ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2886	e18.ef4: supR3HardenedDllNotificationCallback: load 000007fefab60000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0]
2887	e18.ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2888	e18.ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2889	e18.ef4: supR3HardenedDllNotificationCallback: load 000007fefab50000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0]
2890	e18.ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2891	e18.ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed590000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
2892	e18.ef4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e28 pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
2893	e18.ef4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ca840
2894	e18.ef4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ca840
2895	e18.ef4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=445E5B0E9F43B5D56A5B9C4BC3369E3D076ACA1A
2896	e18.ef4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
2897	e18.ef4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2898	e18.ef4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
2899	e18.ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2900	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2901	e18.ef4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2902	e18.ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004a17fc0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2903	e18.ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2904	e18.ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef680000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
2905	e18.ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2906	e18.ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004a17fc0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2907	e18.ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2908	e18.ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5a30000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
2909	e18.600: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2910	e18.600: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2911	e18.600: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2912	e18.600: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
2913	e18.600: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2914	e18.600: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2915	e18.600: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2916	e18.600: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2917	e18.600: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2918	e18.600: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2919	e18.600: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2920	e18.600: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2921	e18.600: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004a17fc0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2922	e18.600: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2923	e18.600: supR3HardenedDllNotificationCallback: load 000007fef84f0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
2924	e18.600: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2925	e18.600: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef84f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
2926	e18.ef4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2927	e18.ef4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004a17fc0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2928	e18.ef4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2929	e18.ef4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000771e0000 'C:\Windows\system32/kernel32.dll'
2930	e18.5f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeea0000 'C:\Windows\system32\OLEAUT32.dll'
2931	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdce0000 'C:\Windows\system32\shell32.dll'
2932	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdce0000 'C:\Windows\system32\shell32.dll'
2933	e18.c94: supR3HardenedDllNotificationCallback: Unload 000007fef6bf0000 LB 0x00048000 C:\Program Files (x86)\TeamViewer\tv_x64.dll [flags=0x0]
2934	e18.d00: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\TeamViewer\tv_x64.dll
2935	e18.d00: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\TeamViewer\tv_x64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003288420:C:\Program Files (x86)\TeamViewer;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2936	e18.d00: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\TeamViewer\tv_x64.dll
2937	e18.d00: supR3HardenedDllNotificationCallback: load 000007fef6bf0000 LB 0x00048000 C:\Program Files (x86)\TeamViewer\tv_x64.dll [fFlags=0x0]
2938	e18.d00: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\TeamViewer\tv_x64.dll
2939	e18.d00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6bf0000 'C:\Program Files (x86)\TeamViewer\tv_x64.dll'
2940	e18.d00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb60000 'C:\Windows\system32\advapi32.dll'
2941	e18.758: supR3HardenedDllNotificationCallback: Unload 000007fef6bf0000 LB 0x00048000 C:\Program Files (x86)\TeamViewer\tv_x64.dll [flags=0x0]
2942	e18.d00: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\TeamViewer\tv_x64.dll
2943	e18.d00: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\TeamViewer\tv_x64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004a0eaf0:C:\Program Files (x86)\TeamViewer;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2944	e18.d00: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\TeamViewer\tv_x64.dll
2945	e18.d00: supR3HardenedDllNotificationCallback: load 000007fef6bf0000 LB 0x00048000 C:\Program Files (x86)\TeamViewer\tv_x64.dll [fFlags=0x0]
2946	e18.d00: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\TeamViewer\tv_x64.dll
2947	e18.d00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6bf0000 'C:\Program Files (x86)\TeamViewer\tv_x64.dll'
2948	e18.d00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb60000 'C:\Windows\system32\advapi32.dll'
2949	e18.758: supR3HardenedDllNotificationCallback: Unload 000007fef6bf0000 LB 0x00048000 C:\Program Files (x86)\TeamViewer\tv_x64.dll [flags=0x0]
2950	e18.d00: supR3HardenedDllNotificationCallback: load 000007fef6bf0000 LB 0x00048000 C:\Program Files (x86)\TeamViewer\tv_x64.dll [fFlags=0x0]
2951	e18.d00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6bf0000 'C:\Program Files (x86)\TeamViewer\tv_x64.dll'
2952	e18.d00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb60000 'C:\Windows\system32\advapi32.dll'
2953	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000770e0000 'C:\Windows\system32\user32.dll'
2954	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000770e0000 'C:\Windows\system32\user32.dll'
2955	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000770e0000 'C:\Windows\system32\user32.dll'
2956	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000770e0000 'C:\Windows\system32\user32.dll'
2957	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000770e0000 'C:\Windows\system32\user32.dll'
2958	e18.c94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000770e0000 'C:\Windows\system32\user32.dll'
2959	e18.758: supR3HardenedDllNotificationCallback: Unload 000007fef6bf0000 LB 0x00048000 C:\Program Files (x86)\TeamViewer\tv_x64.dll [flags=0x0]
2960	e18.d00: supR3HardenedDllNotificationCallback: load 000007fef6bf0000 LB 0x00048000 C:\Program Files (x86)\TeamViewer\tv_x64.dll [fFlags=0x0]
2961	e18.d00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6bf0000 'C:\Program Files (x86)\TeamViewer\tv_x64.dll'
2962	e18.d00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb60000 'C:\Windows\system32\advapi32.dll'
2963	e18.c94: supR3HardenedDllNotificationCallback: Unload 000007fef6bf0000 LB 0x00048000 C:\Program Files (x86)\TeamViewer\tv_x64.dll [flags=0x0]
2964	e18.d00: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\TeamViewer\tv_x64.dll
2965	e18.d00: supR3HardenedDllNotificationCallback: load 000007fef6bf0000 LB 0x00048000 C:\Program Files (x86)\TeamViewer\tv_x64.dll [fFlags=0x0]
2966	e18.d00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6bf0000 'C:\Program Files (x86)\TeamViewer\tv_x64.dll'
2967	e18.d00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb60000 'C:\Windows\system32\advapi32.dll'
2968	e18.758: supR3HardenedDllNotificationCallback: Unload 000007fef6bf0000 LB 0x00048000 C:\Program Files (x86)\TeamViewer\tv_x64.dll [flags=0x0]
2969	e18.d00: supR3HardenedDllNotificationCallback: load 000007fef6bf0000 LB 0x00048000 C:\Program Files (x86)\TeamViewer\tv_x64.dll [fFlags=0x0]
2970	e18.d00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6bf0000 'C:\Program Files (x86)\TeamViewer\tv_x64.dll'
2971	e18.d00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb60000 'C:\Windows\system32\advapi32.dll'
2972	e18.758: supR3HardenedDllNotificationCallback: Unload 000007fef6bf0000 LB 0x00048000 C:\Program Files (x86)\TeamViewer\tv_x64.dll [flags=0x0]
2973	e18.d00: supR3HardenedDllNotificationCallback: load 000007fef6bf0000 LB 0x00048000 C:\Program Files (x86)\TeamViewer\tv_x64.dll [fFlags=0x0]
2974	e18.d00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6bf0000 'C:\Program Files (x86)\TeamViewer\tv_x64.dll'
2975	e18.d00: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2976	e18.d00: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004a41960:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2977	e18.d00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb60000 'C:\Windows\system32\advapi32.dll'
2978	e18.758: supR3HardenedDllNotificationCallback: Unload 000007fef6bf0000 LB 0x00048000 C:\Program Files (x86)\TeamViewer\tv_x64.dll [flags=0x0]
2979	e18.d00: supR3HardenedDllNotificationCallback: load 000007fef6bf0000 LB 0x00048000 C:\Program Files (x86)\TeamViewer\tv_x64.dll [fFlags=0x0]
2980	e18.d00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6bf0000 'C:\Program Files (x86)\TeamViewer\tv_x64.dll'
2981	e18.d00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb60000 'C:\Windows\system32\advapi32.dll'

Download in other formats:

Original Format