Ticket #15285: VBoxHardening.log

File VBoxHardening.log, 266.3 KB (added by MattVB, 9 years ago)

Line
1	14f4.22f4: Log file opened: 5.0.16r105871 g_hStartupLog=00000000000001c4 g_uNtVerCombined=0x611db110
2	14f4.22f4: \SystemRoot\System32\ntdll.dll:
3	14f4.22f4: CreationTime: 2016-01-16T13:40:29.643768300Z
4	14f4.22f4: LastWriteTime: 2016-01-16T13:40:29.643768300Z
5	14f4.22f4: ChangeTime: 2016-02-26T07:25:44.265625000Z
6	14f4.22f4: FileAttributes: 0x20
7	14f4.22f4: Size: 0x1a67c0
8	14f4.22f4: NT Headers: 0xe0
9	14f4.22f4: Timestamp: 0x568429e5
10	14f4.22f4: Machine: 0x8664 - amd64
11	14f4.22f4: Timestamp: 0x568429e5
12	14f4.22f4: Image Version: 6.1
13	14f4.22f4: SizeOfImage: 0x1a9000 (1740800)
14	14f4.22f4: Resource Dir: 0x14d000 LB 0x5a028
15	14f4.22f4: ProductName: Microsoft® Windows® Operating System
16	14f4.22f4: ProductVersion: 6.1.7601.19110
17	14f4.22f4: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
18	14f4.22f4: FileDescription: NT Layer DLL
19	14f4.22f4: \SystemRoot\System32\kernel32.dll:
20	14f4.22f4: CreationTime: 2016-01-16T13:40:29.659368300Z
21	14f4.22f4: LastWriteTime: 2016-01-16T13:40:29.659368300Z
22	14f4.22f4: ChangeTime: 2016-02-26T07:25:41.578125000Z
23	14f4.22f4: FileAttributes: 0x20
24	14f4.22f4: Size: 0x11c000
25	14f4.22f4: NT Headers: 0xe8
26	14f4.22f4: Timestamp: 0x568429dc
27	14f4.22f4: Machine: 0x8664 - amd64
28	14f4.22f4: Timestamp: 0x568429dc
29	14f4.22f4: Image Version: 6.1
30	14f4.22f4: SizeOfImage: 0x11f000 (1175552)
31	14f4.22f4: Resource Dir: 0x116000 LB 0x528
32	14f4.22f4: ProductName: Microsoft® Windows® Operating System
33	14f4.22f4: ProductVersion: 6.1.7601.19110
34	14f4.22f4: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
35	14f4.22f4: FileDescription: Windows NT BASE API Client DLL
36	14f4.22f4: \SystemRoot\System32\KernelBase.dll:
37	14f4.22f4: CreationTime: 2016-01-16T13:40:29.674968400Z
38	14f4.22f4: LastWriteTime: 2016-01-16T13:40:29.674968400Z
39	14f4.22f4: ChangeTime: 2016-02-26T07:25:41.484375000Z
40	14f4.22f4: FileAttributes: 0x20
41	14f4.22f4: Size: 0x67a00
42	14f4.22f4: NT Headers: 0xe8
43	14f4.22f4: Timestamp: 0x568429dd
44	14f4.22f4: Machine: 0x8664 - amd64
45	14f4.22f4: Timestamp: 0x568429dd
46	14f4.22f4: Image Version: 6.1
47	14f4.22f4: SizeOfImage: 0x6c000 (442368)
48	14f4.22f4: Resource Dir: 0x6a000 LB 0x530
49	14f4.22f4: ProductName: Microsoft® Windows® Operating System
50	14f4.22f4: ProductVersion: 6.1.7601.19110
51	14f4.22f4: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
52	14f4.22f4: FileDescription: Windows NT BASE API Client DLL
53	14f4.22f4: \SystemRoot\System32\apisetschema.dll:
54	14f4.22f4: CreationTime: 2016-01-16T13:40:29.643768300Z
55	14f4.22f4: LastWriteTime: 2016-01-16T13:40:29.643768300Z
56	14f4.22f4: ChangeTime: 2016-02-26T07:25:38.265625000Z
57	14f4.22f4: FileAttributes: 0x20
58	14f4.22f4: Size: 0x1a00
59	14f4.22f4: NT Headers: 0xc0
60	14f4.22f4: Timestamp: 0x568428c9
61	14f4.22f4: Machine: 0x8664 - amd64
62	14f4.22f4: Timestamp: 0x568428c9
63	14f4.22f4: Image Version: 6.1
64	14f4.22f4: SizeOfImage: 0x50000 (327680)
65	14f4.22f4: Resource Dir: 0x30000 LB 0x3f8
66	14f4.22f4: ProductName: Microsoft® Windows® Operating System
67	14f4.22f4: ProductVersion: 6.1.7601.19110
68	14f4.22f4: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
69	14f4.22f4: FileDescription: ApiSet Schema DLL
70	14f4.22f4: Found driver inspect (0x800)
71	14f4.22f4: Found driver cmdHlp (0x800)
72	14f4.22f4: supR3HardenedWinFindAdversaries: 0x800
73	14f4.22f4: \SystemRoot\System32\drivers\cmdguard.sys:
74	14f4.22f4: CreationTime: 2015-11-18T16:14:30.000000000Z
75	14f4.22f4: LastWriteTime: 2016-03-21T19:19:25.655000000Z
76	14f4.22f4: ChangeTime: 2016-03-28T15:01:39.195312500Z
77	14f4.22f4: FileAttributes: 0x2020
78	14f4.22f4: Size: 0xc9030
79	14f4.22f4: NT Headers: 0xf0
80	14f4.22f4: Timestamp: 0x56f03e6a
81	14f4.22f4: Machine: 0x8664 - amd64
82	14f4.22f4: Timestamp: 0x56f03e6a
83	14f4.22f4: Image Version: 6.1
84	14f4.22f4: SizeOfImage: 0xd2000 (860160)
85	14f4.22f4: Resource Dir: 0xcf000 LB 0x3e8
86	14f4.22f4: ProductName: COMODO Internet Security Sandbox Driver
87	14f4.22f4: ProductVersion: 8, 2, 0, 4978
88	14f4.22f4: FileVersion: 8, 2, 0, 4978 built by: WinDDK
89	14f4.22f4: FileDescription: COMODO Internet Security Sandbox Driver
90	14f4.22f4: \SystemRoot\System32\drivers\cmderd.sys:
91	14f4.22f4: CreationTime: 2015-11-18T16:14:26.000000000Z
92	14f4.22f4: LastWriteTime: 2016-03-21T19:19:19.644000000Z
93	14f4.22f4: ChangeTime: 2016-03-28T15:01:39.195312500Z
94	14f4.22f4: FileAttributes: 0x2020
95	14f4.22f4: Size: 0x7ba0
96	14f4.22f4: NT Headers: 0xe0
97	14f4.22f4: Timestamp: 0x56f03e38
98	14f4.22f4: Machine: 0x8664 - amd64
99	14f4.22f4: Timestamp: 0x56f03e38
100	14f4.22f4: Image Version: 6.1
101	14f4.22f4: SizeOfImage: 0x9000 (36864)
102	14f4.22f4: Resource Dir: 0x7000 LB 0x3f0
103	14f4.22f4: ProductName: COMODO Internet Security Eradication Driver
104	14f4.22f4: ProductVersion: 8, 2, 0, 4978
105	14f4.22f4: FileVersion: 8, 2, 0, 4978 built by: WinDDK
106	14f4.22f4: FileDescription: COMODO Internet Security Eradication Driver
107	14f4.22f4: \SystemRoot\System32\drivers\inspect.sys:
108	14f4.22f4: CreationTime: 2015-08-04T23:31:28.000000000Z
109	14f4.22f4: LastWriteTime: 2016-03-21T19:19:37.672000000Z
110	14f4.22f4: ChangeTime: 2016-03-28T15:01:39.234375000Z
111	14f4.22f4: FileAttributes: 0x2020
112	14f4.22f4: Size: 0x1c618
113	14f4.22f4: NT Headers: 0xe0
114	14f4.22f4: Timestamp: 0x56f03e40
115	14f4.22f4: Machine: 0x8664 - amd64
116	14f4.22f4: Timestamp: 0x56f03e40
117	14f4.22f4: Image Version: 6.1
118	14f4.22f4: SizeOfImage: 0x1d000 (118784)
119	14f4.22f4: Resource Dir: 0x1b000 LB 0x3e8
120	14f4.22f4: ProductName: COMODO Internet Security Firewall Driver
121	14f4.22f4: ProductVersion: 8, 2, 0, 4978
122	14f4.22f4: FileVersion: 8, 2, 0, 4978 built by: WinDDK
123	14f4.22f4: FileDescription: COMODO Internet Security Firewall Driver
124	14f4.22f4: \SystemRoot\System32\drivers\cmdhlp.sys:
125	14f4.22f4: CreationTime: 2015-08-04T23:31:26.000000000Z
126	14f4.22f4: LastWriteTime: 2016-03-21T19:19:31.664000000Z
127	14f4.22f4: ChangeTime: 2016-03-28T15:01:39.196289000Z
128	14f4.22f4: FileAttributes: 0x2020
129	14f4.22f4: Size: 0xdc90
130	14f4.22f4: NT Headers: 0xe8
131	14f4.22f4: Timestamp: 0x56f03e4b
132	14f4.22f4: Machine: 0x8664 - amd64
133	14f4.22f4: Timestamp: 0x56f03e4b
134	14f4.22f4: Image Version: 6.1
135	14f4.22f4: SizeOfImage: 0xd000 (53248)
136	14f4.22f4: Resource Dir: 0xc000 LB 0x3e0
137	14f4.22f4: ProductName: COMODO Internet Security Helper Driver
138	14f4.22f4: ProductVersion: 8, 2, 0, 4978
139	14f4.22f4: FileVersion: 8, 2, 0, 4978 built by: WinDDK
140	14f4.22f4: FileDescription: COMODO Internet Security Helper Driver
141	14f4.22f4: \SystemRoot\System32\guard64.dll:
142	14f4.22f4: CreationTime: 2015-09-03T10:52:02.000000000Z
143	14f4.22f4: LastWriteTime: 2016-03-21T19:17:19.458000000Z
144	14f4.22f4: ChangeTime: 2016-03-28T15:01:33.421875000Z
145	14f4.22f4: FileAttributes: 0x2020
146	14f4.22f4: Size: 0x91908
147	14f4.22f4: NT Headers: 0x118
148	14f4.22f4: Timestamp: 0x56f03e9b
149	14f4.22f4: Machine: 0x8664 - amd64
150	14f4.22f4: Timestamp: 0x56f03e9b
151	14f4.22f4: Image Version: 0.0
152	14f4.22f4: SizeOfImage: 0x96000 (614400)
153	14f4.22f4: Resource Dir: 0x93000 LB 0xd80
154	14f4.22f4: ProductName: COMODO Internet Security
155	14f4.22f4: ProductVersion: 8, 2, 0, 4978
156	14f4.22f4: FileVersion: 8, 2, 0, 4978
157	14f4.22f4: FileDescription: COMODO Internet Security
158	14f4.22f4: \SystemRoot\System32\cmdvrt64.dll:
159	14f4.22f4: CreationTime: 2015-08-04T23:28:52.000000000Z
160	14f4.22f4: LastWriteTime: 2016-03-21T19:15:25.273000000Z
161	14f4.22f4: ChangeTime: 2016-03-28T15:01:33.190429600Z
162	14f4.22f4: FileAttributes: 0x2020
163	14f4.22f4: Size: 0x592b8
164	14f4.22f4: NT Headers: 0x100
165	14f4.22f4: Timestamp: 0x56f03e9d
166	14f4.22f4: Machine: 0x8664 - amd64
167	14f4.22f4: Timestamp: 0x56f03e9d
168	14f4.22f4: Image Version: 0.0
169	14f4.22f4: SizeOfImage: 0x5d000 (380928)
170	14f4.22f4: Resource Dir: 0x5b000 LB 0x5ac
171	14f4.22f4: ProductName: COMODO Internet Security
172	14f4.22f4: ProductVersion: 8, 2, 0, 4978
173	14f4.22f4: FileVersion: 8, 2, 0, 4978
174	14f4.22f4: FileDescription: COMODO Internet Security
175	14f4.22f4: \SystemRoot\System32\cmdkbd64.dll:
176	14f4.22f4: CreationTime: 2015-08-04T23:28:22.000000000Z
177	14f4.22f4: LastWriteTime: 2016-03-21T19:14:31.191000000Z
178	14f4.22f4: ChangeTime: 2016-03-28T15:01:33.189453100Z
179	14f4.22f4: FileAttributes: 0x2020
180	14f4.22f4: Size: 0xcab8
181	14f4.22f4: NT Headers: 0xe8
182	14f4.22f4: Timestamp: 0x56f03e93
183	14f4.22f4: Machine: 0x8664 - amd64
184	14f4.22f4: Timestamp: 0x56f03e93
185	14f4.22f4: Image Version: 0.0
186	14f4.22f4: SizeOfImage: 0xf000 (61440)
187	14f4.22f4: Resource Dir: 0xd000 LB 0x5ac
188	14f4.22f4: ProductName: COMODO Internet Security
189	14f4.22f4: ProductVersion: 8, 2, 0, 4978
190	14f4.22f4: FileVersion: 8, 2, 0, 4978
191	14f4.22f4: FileDescription: COMODO Internet Security
192	14f4.22f4: \SystemRoot\System32\cmdcsr.dll:
193	14f4.22f4: CreationTime: 2015-08-04T23:29:58.000000000Z
194	14f4.22f4: LastWriteTime: 2016-03-21T19:17:37.482000000Z
195	14f4.22f4: ChangeTime: 2016-03-28T15:01:33.188476500Z
196	14f4.22f4: FileAttributes: 0x2020
197	14f4.22f4: Size: 0xca58
198	14f4.22f4: NT Headers: 0xd8
199	14f4.22f4: Timestamp: 0x56f03e90
200	14f4.22f4: Machine: 0x8664 - amd64
201	14f4.22f4: Timestamp: 0x56f03e90
202	14f4.22f4: Image Version: 0.0
203	14f4.22f4: SizeOfImage: 0xc000 (49152)
204	14f4.22f4: Resource Dir: 0xa000 LB 0x4a8
205	14f4.22f4: ProductName: COMODO Internet Security
206	14f4.22f4: ProductVersion: 8, 2, 0, 4978
207	14f4.22f4: FileVersion: 8, 2, 0, 4978
208	14f4.22f4: FileDescription: COMODO Internet Security
209	14f4.22f4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
210	14f4.22f4: Calling main()
211	14f4.22f4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
212	14f4.22f4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
213	14f4.22f4: SUPR3HardenedMain: Respawn #1
214	14f4.22f4: System32: \Device\HarddiskVolume1\Windows\System32
215	14f4.22f4: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
216	14f4.22f4: KnownDllPath: C:\Windows\system32
217	14f4.22f4: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
218	14f4.22f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
219	14f4.22f4: supR3HardNtEnableThreadCreation:
220	14f4.22f4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076d8b630 pvNtTerminateThread=0000000076dadee0
221	14f4.22f4: supR3HardenedWinDoReSpawn(1): New child 1e2c.1c48 [kernel32].
222	14f4.22f4: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd9000 cbPeb=0x380
223	14f4.22f4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000076d60000 uNtDllChildAddr=0000000076d60000
224	14f4.22f4: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000076d8b630
225	14f4.22f4: supR3HardenedWinSetupChildInit: Start child.
226	14f4.22f4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
227	14f4.22f4: supR3HardNtChildPurify: Startup delay kludge #1/0: 518 ms, 59 sleeps
228	14f4.22f4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
229	14f4.22f4: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
230	14f4.22f4: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
231	14f4.22f4: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
232	14f4.22f4: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
233	14f4.22f4: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
234	14f4.22f4: 0000000000041000-fffffffffff21fff 0x0001/0x0000 0x0000000
235	14f4.22f4: *0000000000160000-0000000000063fff 0x0000/0x0004 0x0020000
236	14f4.22f4: 000000000025c000-0000000000258fff 0x0104/0x0004 0x0020000
237	14f4.22f4: 000000000025f000-000000000025dfff 0x0004/0x0004 0x0020000
238	14f4.22f4: 0000000000260000-ffffffff8975ffff 0x0001/0x0000 0x0000000
239	14f4.22f4: *0000000076d60000-0000000076d60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
240	14f4.22f4: 0000000076d61000-0000000076e5efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
241	14f4.22f4: 0000000076e5f000-0000000076e8dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
242	14f4.22f4: 0000000076e8e000-0000000076e95fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
243	14f4.22f4: 0000000076e96000-0000000076e96fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
244	14f4.22f4: 0000000076e97000-0000000076e99fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
245	14f4.22f4: 0000000076e9a000-0000000076f08fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
246	14f4.22f4: 0000000076f09000-000000006ee41fff 0x0001/0x0000 0x0000000
247	14f4.22f4: *000000007efd0000-000000007efbffff 0x0040/0x0040 0x0020000 !!
248	14f4.22f4: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 000000007efd0000 (LB 0x10000, 000000007efd0000 LB 0x10000)
249	14f4.22f4: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [000000007efd0000/000000007efd0000 LB 0/0x10000]
250	14f4.22f4: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/000000007efd0000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
251	14f4.22f4: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
252	14f4.22f4: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
253	14f4.22f4: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
254	14f4.22f4: 000000007fff0000-ffffffffc0d1ffff 0x0001/0x0000 0x0000000
255	14f4.22f4: *000000013f2c0000-000000013f2c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
256	14f4.22f4: 000000013f2c1000-000000013f347fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
257	14f4.22f4: 000000013f348000-000000013f348fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
258	14f4.22f4: 000000013f349000-000000013f393fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
259	14f4.22f4: 000000013f394000-000000013f394fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
260	14f4.22f4: 000000013f395000-000000013f395fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
261	14f4.22f4: 000000013f396000-000000013f39afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
262	14f4.22f4: 000000013f39b000-000000013f39bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
263	14f4.22f4: 000000013f39c000-000000013f39cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
264	14f4.22f4: 000000013f39d000-000000013f3a0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
265	14f4.22f4: 000000013f3a1000-000000013f3ebfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
266	14f4.22f4: 000000013f3ec000-fffff8037f757fff 0x0001/0x0000 0x0000000
267	14f4.22f4: *000007feff080000-000007feff080fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
268	14f4.22f4: 000007feff081000-000007fdfe151fff 0x0001/0x0000 0x0000000
269	14f4.22f4: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
270	14f4.22f4: 000007fffffd3000-000007fffffccfff 0x0001/0x0000 0x0000000
271	14f4.22f4: *000007fffffd9000-000007fffffd7fff 0x0004/0x0004 0x0020000
272	14f4.22f4: 000007fffffda000-000007fffffd5fff 0x0001/0x0000 0x0000000
273	14f4.22f4: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
274	14f4.22f4: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
275	14f4.22f4: apisetschema.dll: timestamp 0x568428c9 (rc=VINF_SUCCESS)
276	14f4.22f4: VirtualBox.exe: timestamp 0x56d9b7eb (rc=VINF_SUCCESS)
277	14f4.22f4: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
278	14f4.22f4: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports
279	14f4.22f4: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
280	14f4.22f4: ntdll.dll: Differences in section #1 (.text) between file and memory:
281	14f4.22f4: 0000000076daf1c0 / 0x004f1c0: 4c != e9
282	14f4.22f4: 0000000076daf1c1 / 0x004f1c1: 8b != 3b
283	14f4.22f4: 0000000076daf1c2 / 0x004f1c2: d1 != 0e
284	14f4.22f4: 0000000076daf1c3 / 0x004f1c3: b8 != 22
285	14f4.22f4: 0000000076daf1c4 / 0x004f1c4: 7e != 08
286	14f4.22f4: Restored 0x2000 bytes of original file content at 0000000076dad63e
287	14f4.22f4: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x800 cPatchCount=0
288	14f4.22f4: supR3HardNtChildPurify: Startup delay kludge #1/1: 518 ms, 59 sleeps
289	14f4.22f4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
290	14f4.22f4: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
291	14f4.22f4: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
292	14f4.22f4: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
293	14f4.22f4: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
294	14f4.22f4: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
295	14f4.22f4: 0000000000041000-fffffffffff21fff 0x0001/0x0000 0x0000000
296	14f4.22f4: *0000000000160000-0000000000063fff 0x0000/0x0004 0x0020000
297	14f4.22f4: 000000000025c000-0000000000258fff 0x0104/0x0004 0x0020000
298	14f4.22f4: 000000000025f000-000000000025dfff 0x0004/0x0004 0x0020000
299	14f4.22f4: 0000000000260000-ffffffff8975ffff 0x0001/0x0000 0x0000000
300	14f4.22f4: *0000000076d60000-0000000076d60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
301	14f4.22f4: 0000000076d61000-0000000076e5efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
302	14f4.22f4: 0000000076e5f000-0000000076e8dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
303	14f4.22f4: 0000000076e8e000-0000000076e95fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
304	14f4.22f4: 0000000076e96000-0000000076e96fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
305	14f4.22f4: 0000000076e97000-0000000076e97fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
306	14f4.22f4: 0000000076e98000-0000000076e99fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
307	14f4.22f4: 0000000076e9a000-0000000076f08fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
308	14f4.22f4: 0000000076f09000-000000006ee31fff 0x0001/0x0000 0x0000000
309	14f4.22f4: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
310	14f4.22f4: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
311	14f4.22f4: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
312	14f4.22f4: 000000007fff0000-ffffffffc0d1ffff 0x0001/0x0000 0x0000000
313	14f4.22f4: *000000013f2c0000-000000013f2c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
314	14f4.22f4: 000000013f2c1000-000000013f347fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
315	14f4.22f4: 000000013f348000-000000013f348fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
316	14f4.22f4: 000000013f349000-000000013f393fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
317	14f4.22f4: 000000013f394000-000000013f3a0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
318	14f4.22f4: 000000013f3a1000-000000013f3ebfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
319	14f4.22f4: 000000013f3ec000-fffff8037f757fff 0x0001/0x0000 0x0000000
320	14f4.22f4: *000007feff080000-000007feff080fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
321	14f4.22f4: 000007feff081000-000007fdfe151fff 0x0001/0x0000 0x0000000
322	14f4.22f4: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
323	14f4.22f4: 000007fffffd3000-000007fffffccfff 0x0001/0x0000 0x0000000
324	14f4.22f4: *000007fffffd9000-000007fffffd7fff 0x0004/0x0004 0x0020000
325	14f4.22f4: 000007fffffda000-000007fffffd5fff 0x0001/0x0000 0x0000000
326	14f4.22f4: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
327	14f4.22f4: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
328	14f4.22f4: supR3HardNtChildPurify: Done after 1927 ms and 2 fixes (loop #1).
329	1e2c.1c48: Log file opened: 5.0.16r105871 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
330	1e2c.1c48: supR3HardenedVmProcessInit: uNtDllAddr=0000000076d60000 g_uNtVerCombined=0x611db100
331	1e2c.1c48: ntdll.dll: timestamp 0x568429e5 (rc=VINF_SUCCESS)
332	1e2c.1c48: New simple heap: #1 0000000000260000 LB 0x400000 (for 1740800 allocation)
333	14f4.22f4: supR3HardNtEnableThreadCreation:
334	1e2c.1c48: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
335	1e2c.1c48: System32: \Device\HarddiskVolume1\Windows\System32
336	1e2c.1c48: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
337	1e2c.1c48: KnownDllPath: C:\Windows\system32
338	1e2c.1c48: supR3HardenedVmProcessInit: Opening vboxdrv stub...
339	1e2c.1c48: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
340	1e2c.1c48: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
341	1e2c.1c48: Registered Dll notification callback with NTDLL.
342	1e2c.1c48: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
343	1e2c.1c48: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
344	1e2c.1c48: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
345	1e2c.1c48: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
346	1e2c.1c48: supR3HardenedDllNotificationCallback: load 0000000076b40000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
347	1e2c.1c48: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
348	1e2c.1c48: supR3HardenedDllNotificationCallback: load 000007fefcbd0000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
349	1e2c.1c48: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
350	1e2c.1c48: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
351	1e2c.1c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076b40000 'C:\Windows\system32\kernel32.dll'
352	1e2c.1c48: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076d8b630 pvNtTerminateThread=0000000076dadee0
353	14f4.22f4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 20 ms.
354	1e2c.1c48: \SystemRoot\System32\ntdll.dll:
355	1e2c.1c48: CreationTime: 2016-01-16T13:40:29.643768300Z
356	1e2c.1c48: LastWriteTime: 2016-01-16T13:40:29.643768300Z
357	1e2c.1c48: ChangeTime: 2016-02-26T07:25:44.265625000Z
358	1e2c.1c48: FileAttributes: 0x20
359	1e2c.1c48: Size: 0x1a67c0
360	1e2c.1c48: NT Headers: 0xe0
361	1e2c.1c48: Timestamp: 0x568429e5
362	1e2c.1c48: Machine: 0x8664 - amd64
363	1e2c.1c48: Timestamp: 0x568429e5
364	1e2c.1c48: Image Version: 6.1
365	1e2c.1c48: SizeOfImage: 0x1a9000 (1740800)
366	1e2c.1c48: Resource Dir: 0x14d000 LB 0x5a028
367	1e2c.1c48: ProductName: Microsoft® Windows® Operating System
368	1e2c.1c48: ProductVersion: 6.1.7601.19110
369	1e2c.1c48: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
370	1e2c.1c48: FileDescription: NT Layer DLL
371	1e2c.1c48: \SystemRoot\System32\kernel32.dll:
372	1e2c.1c48: CreationTime: 2016-01-16T13:40:29.659368300Z
373	1e2c.1c48: LastWriteTime: 2016-01-16T13:40:29.659368300Z
374	1e2c.1c48: ChangeTime: 2016-02-26T07:25:41.578125000Z
375	1e2c.1c48: FileAttributes: 0x20
376	1e2c.1c48: Size: 0x11c000
377	1e2c.1c48: NT Headers: 0xe8
378	1e2c.1c48: Timestamp: 0x568429dc
379	1e2c.1c48: Machine: 0x8664 - amd64
380	1e2c.1c48: Timestamp: 0x568429dc
381	1e2c.1c48: Image Version: 6.1
382	1e2c.1c48: SizeOfImage: 0x11f000 (1175552)
383	1e2c.1c48: Resource Dir: 0x116000 LB 0x528
384	1e2c.1c48: ProductName: Microsoft® Windows® Operating System
385	1e2c.1c48: ProductVersion: 6.1.7601.19110
386	1e2c.1c48: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
387	1e2c.1c48: FileDescription: Windows NT BASE API Client DLL
388	1e2c.1c48: \SystemRoot\System32\KernelBase.dll:
389	1e2c.1c48: CreationTime: 2016-01-16T13:40:29.674968400Z
390	1e2c.1c48: LastWriteTime: 2016-01-16T13:40:29.674968400Z
391	1e2c.1c48: ChangeTime: 2016-02-26T07:25:41.484375000Z
392	1e2c.1c48: FileAttributes: 0x20
393	1e2c.1c48: Size: 0x67a00
394	1e2c.1c48: NT Headers: 0xe8
395	1e2c.1c48: Timestamp: 0x568429dd
396	1e2c.1c48: Machine: 0x8664 - amd64
397	1e2c.1c48: Timestamp: 0x568429dd
398	1e2c.1c48: Image Version: 6.1
399	1e2c.1c48: SizeOfImage: 0x6c000 (442368)
400	1e2c.1c48: Resource Dir: 0x6a000 LB 0x530
401	1e2c.1c48: ProductName: Microsoft® Windows® Operating System
402	1e2c.1c48: ProductVersion: 6.1.7601.19110
403	1e2c.1c48: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
404	1e2c.1c48: FileDescription: Windows NT BASE API Client DLL
405	1e2c.1c48: \SystemRoot\System32\apisetschema.dll:
406	1e2c.1c48: CreationTime: 2016-01-16T13:40:29.643768300Z
407	1e2c.1c48: LastWriteTime: 2016-01-16T13:40:29.643768300Z
408	1e2c.1c48: ChangeTime: 2016-02-26T07:25:38.265625000Z
409	1e2c.1c48: FileAttributes: 0x20
410	1e2c.1c48: Size: 0x1a00
411	1e2c.1c48: NT Headers: 0xc0
412	1e2c.1c48: Timestamp: 0x568428c9
413	1e2c.1c48: Machine: 0x8664 - amd64
414	1e2c.1c48: Timestamp: 0x568428c9
415	1e2c.1c48: Image Version: 6.1
416	1e2c.1c48: SizeOfImage: 0x50000 (327680)
417	1e2c.1c48: Resource Dir: 0x30000 LB 0x3f8
418	1e2c.1c48: ProductName: Microsoft® Windows® Operating System
419	1e2c.1c48: ProductVersion: 6.1.7601.19110
420	1e2c.1c48: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
421	1e2c.1c48: FileDescription: ApiSet Schema DLL
422	1e2c.1c48: Found driver inspect (0x800)
423	1e2c.1c48: Found driver cmdHlp (0x800)
424	1e2c.1c48: supR3HardenedWinFindAdversaries: 0x800
425	1e2c.1c48: \SystemRoot\System32\drivers\cmdguard.sys:
426	1e2c.1c48: CreationTime: 2015-11-18T16:14:30.000000000Z
427	1e2c.1c48: LastWriteTime: 2016-03-21T19:19:25.655000000Z
428	1e2c.1c48: ChangeTime: 2016-03-28T15:01:39.195312500Z
429	1e2c.1c48: FileAttributes: 0x2020
430	1e2c.1c48: Size: 0xc9030
431	1e2c.1c48: NT Headers: 0xf0
432	1e2c.1c48: Timestamp: 0x56f03e6a
433	1e2c.1c48: Machine: 0x8664 - amd64
434	1e2c.1c48: Timestamp: 0x56f03e6a
435	1e2c.1c48: Image Version: 6.1
436	1e2c.1c48: SizeOfImage: 0xd2000 (860160)
437	1e2c.1c48: Resource Dir: 0xcf000 LB 0x3e8
438	1e2c.1c48: ProductName: COMODO Internet Security Sandbox Driver
439	1e2c.1c48: ProductVersion: 8, 2, 0, 4978
440	1e2c.1c48: FileVersion: 8, 2, 0, 4978 built by: WinDDK
441	1e2c.1c48: FileDescription: COMODO Internet Security Sandbox Driver
442	1e2c.1c48: \SystemRoot\System32\drivers\cmderd.sys:
443	1e2c.1c48: CreationTime: 2015-11-18T16:14:26.000000000Z
444	1e2c.1c48: LastWriteTime: 2016-03-21T19:19:19.644000000Z
445	1e2c.1c48: ChangeTime: 2016-03-28T15:01:39.195312500Z
446	1e2c.1c48: FileAttributes: 0x2020
447	1e2c.1c48: Size: 0x7ba0
448	1e2c.1c48: NT Headers: 0xe0
449	1e2c.1c48: Timestamp: 0x56f03e38
450	1e2c.1c48: Machine: 0x8664 - amd64
451	1e2c.1c48: Timestamp: 0x56f03e38
452	1e2c.1c48: Image Version: 6.1
453	1e2c.1c48: SizeOfImage: 0x9000 (36864)
454	1e2c.1c48: Resource Dir: 0x7000 LB 0x3f0
455	1e2c.1c48: ProductName: COMODO Internet Security Eradication Driver
456	1e2c.1c48: ProductVersion: 8, 2, 0, 4978
457	1e2c.1c48: FileVersion: 8, 2, 0, 4978 built by: WinDDK
458	1e2c.1c48: FileDescription: COMODO Internet Security Eradication Driver
459	1e2c.1c48: \SystemRoot\System32\drivers\inspect.sys:
460	1e2c.1c48: CreationTime: 2015-08-04T23:31:28.000000000Z
461	1e2c.1c48: LastWriteTime: 2016-03-21T19:19:37.672000000Z
462	1e2c.1c48: ChangeTime: 2016-03-28T15:01:39.234375000Z
463	1e2c.1c48: FileAttributes: 0x2020
464	1e2c.1c48: Size: 0x1c618
465	1e2c.1c48: NT Headers: 0xe0
466	1e2c.1c48: Timestamp: 0x56f03e40
467	1e2c.1c48: Machine: 0x8664 - amd64
468	1e2c.1c48: Timestamp: 0x56f03e40
469	1e2c.1c48: Image Version: 6.1
470	1e2c.1c48: SizeOfImage: 0x1d000 (118784)
471	1e2c.1c48: Resource Dir: 0x1b000 LB 0x3e8
472	1e2c.1c48: ProductName: COMODO Internet Security Firewall Driver
473	1e2c.1c48: ProductVersion: 8, 2, 0, 4978
474	1e2c.1c48: FileVersion: 8, 2, 0, 4978 built by: WinDDK
475	1e2c.1c48: FileDescription: COMODO Internet Security Firewall Driver
476	1e2c.1c48: \SystemRoot\System32\drivers\cmdhlp.sys:
477	1e2c.1c48: CreationTime: 2015-08-04T23:31:26.000000000Z
478	1e2c.1c48: LastWriteTime: 2016-03-21T19:19:31.664000000Z
479	1e2c.1c48: ChangeTime: 2016-03-28T15:01:39.196289000Z
480	1e2c.1c48: FileAttributes: 0x2020
481	1e2c.1c48: Size: 0xdc90
482	1e2c.1c48: NT Headers: 0xe8
483	1e2c.1c48: Timestamp: 0x56f03e4b
484	1e2c.1c48: Machine: 0x8664 - amd64
485	1e2c.1c48: Timestamp: 0x56f03e4b
486	1e2c.1c48: Image Version: 6.1
487	1e2c.1c48: SizeOfImage: 0xd000 (53248)
488	1e2c.1c48: Resource Dir: 0xc000 LB 0x3e0
489	1e2c.1c48: ProductName: COMODO Internet Security Helper Driver
490	1e2c.1c48: ProductVersion: 8, 2, 0, 4978
491	1e2c.1c48: FileVersion: 8, 2, 0, 4978 built by: WinDDK
492	1e2c.1c48: FileDescription: COMODO Internet Security Helper Driver
493	1e2c.1c48: \SystemRoot\System32\guard64.dll:
494	1e2c.1c48: CreationTime: 2015-09-03T10:52:02.000000000Z
495	1e2c.1c48: LastWriteTime: 2016-03-21T19:17:19.458000000Z
496	1e2c.1c48: ChangeTime: 2016-03-28T15:01:33.421875000Z
497	1e2c.1c48: FileAttributes: 0x2020
498	1e2c.1c48: Size: 0x91908
499	1e2c.1c48: NT Headers: 0x118
500	1e2c.1c48: Timestamp: 0x56f03e9b
501	1e2c.1c48: Machine: 0x8664 - amd64
502	1e2c.1c48: Timestamp: 0x56f03e9b
503	1e2c.1c48: Image Version: 0.0
504	1e2c.1c48: SizeOfImage: 0x96000 (614400)
505	1e2c.1c48: Resource Dir: 0x93000 LB 0xd80
506	1e2c.1c48: ProductName: COMODO Internet Security
507	1e2c.1c48: ProductVersion: 8, 2, 0, 4978
508	1e2c.1c48: FileVersion: 8, 2, 0, 4978
509	1e2c.1c48: FileDescription: COMODO Internet Security
510	1e2c.1c48: \SystemRoot\System32\cmdvrt64.dll:
511	1e2c.1c48: CreationTime: 2015-08-04T23:28:52.000000000Z
512	1e2c.1c48: LastWriteTime: 2016-03-21T19:15:25.273000000Z
513	1e2c.1c48: ChangeTime: 2016-03-28T15:01:33.190429600Z
514	1e2c.1c48: FileAttributes: 0x2020
515	1e2c.1c48: Size: 0x592b8
516	1e2c.1c48: NT Headers: 0x100
517	1e2c.1c48: Timestamp: 0x56f03e9d
518	1e2c.1c48: Machine: 0x8664 - amd64
519	1e2c.1c48: Timestamp: 0x56f03e9d
520	1e2c.1c48: Image Version: 0.0
521	1e2c.1c48: SizeOfImage: 0x5d000 (380928)
522	1e2c.1c48: Resource Dir: 0x5b000 LB 0x5ac
523	1e2c.1c48: ProductName: COMODO Internet Security
524	1e2c.1c48: ProductVersion: 8, 2, 0, 4978
525	1e2c.1c48: FileVersion: 8, 2, 0, 4978
526	1e2c.1c48: FileDescription: COMODO Internet Security
527	1e2c.1c48: \SystemRoot\System32\cmdkbd64.dll:
528	1e2c.1c48: CreationTime: 2015-08-04T23:28:22.000000000Z
529	1e2c.1c48: LastWriteTime: 2016-03-21T19:14:31.191000000Z
530	1e2c.1c48: ChangeTime: 2016-03-28T15:01:33.189453100Z
531	1e2c.1c48: FileAttributes: 0x2020
532	1e2c.1c48: Size: 0xcab8
533	1e2c.1c48: NT Headers: 0xe8
534	1e2c.1c48: Timestamp: 0x56f03e93
535	1e2c.1c48: Machine: 0x8664 - amd64
536	1e2c.1c48: Timestamp: 0x56f03e93
537	1e2c.1c48: Image Version: 0.0
538	1e2c.1c48: SizeOfImage: 0xf000 (61440)
539	1e2c.1c48: Resource Dir: 0xd000 LB 0x5ac
540	1e2c.1c48: ProductName: COMODO Internet Security
541	1e2c.1c48: ProductVersion: 8, 2, 0, 4978
542	1e2c.1c48: FileVersion: 8, 2, 0, 4978
543	1e2c.1c48: FileDescription: COMODO Internet Security
544	1e2c.1c48: \SystemRoot\System32\cmdcsr.dll:
545	1e2c.1c48: CreationTime: 2015-08-04T23:29:58.000000000Z
546	1e2c.1c48: LastWriteTime: 2016-03-21T19:17:37.482000000Z
547	1e2c.1c48: ChangeTime: 2016-03-28T15:01:33.188476500Z
548	1e2c.1c48: FileAttributes: 0x2020
549	1e2c.1c48: Size: 0xca58
550	1e2c.1c48: NT Headers: 0xd8
551	1e2c.1c48: Timestamp: 0x56f03e90
552	1e2c.1c48: Machine: 0x8664 - amd64
553	1e2c.1c48: Timestamp: 0x56f03e90
554	1e2c.1c48: Image Version: 0.0
555	1e2c.1c48: SizeOfImage: 0xc000 (49152)
556	1e2c.1c48: Resource Dir: 0xa000 LB 0x4a8
557	1e2c.1c48: ProductName: COMODO Internet Security
558	1e2c.1c48: ProductVersion: 8, 2, 0, 4978
559	1e2c.1c48: FileVersion: 8, 2, 0, 4978
560	1e2c.1c48: FileDescription: COMODO Internet Security
561	1e2c.1c48: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
562	1e2c.1c48: Calling main()
563	1e2c.1c48: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
564	1e2c.1c48: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
565	1e2c.1c48: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
566	1e2c.1c48: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
567	1e2c.1c48: SUPR3HardenedMain: Respawn #2
568	1e2c.1c48: supR3HardNtEnableThreadCreation:
569	1e2c.1c48: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\apphelp.dll)
570	1e2c.1c48: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\apphelp.dll
571	1e2c.1c48: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
572	1e2c.1c48: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
573	1e2c.1c48: supR3HardenedDllNotificationCallback: load 000007fefc910000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
574	1e2c.1c48: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
575	1e2c.1c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc910000 'C:\Windows\system32\apphelp.dll'
576	1e2c.1c48: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076d8b630 pvNtTerminateThread=0000000076dadee0
577	1e2c.1c48: supR3HardenedWinDoReSpawn(2): New child 2140.19c8 [kernel32].
578	1e2c.1c48: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
579	1e2c.1c48: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000076d60000 uNtDllChildAddr=0000000076d60000
580	1e2c.1c48: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000076d8b630
581	1e2c.1c48: supR3HardenedWinSetupChildInit: Start child.
582	1e2c.1c48: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
583	1e2c.1c48: supR3HardNtChildPurify: Startup delay kludge #1/0: 518 ms, 59 sleeps
584	1e2c.1c48: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
585	1e2c.1c48: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
586	1e2c.1c48: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
587	1e2c.1c48: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
588	1e2c.1c48: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
589	1e2c.1c48: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
590	1e2c.1c48: 0000000000041000-fffffffffff71fff 0x0001/0x0000 0x0000000
591	1e2c.1c48: *0000000000110000-0000000000013fff 0x0000/0x0004 0x0020000
592	1e2c.1c48: 000000000020c000-0000000000208fff 0x0104/0x0004 0x0020000
593	1e2c.1c48: 000000000020f000-000000000020dfff 0x0004/0x0004 0x0020000
594	1e2c.1c48: 0000000000210000-ffffffff896bffff 0x0001/0x0000 0x0000000
595	1e2c.1c48: *0000000076d60000-0000000076d60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
596	1e2c.1c48: 0000000076d61000-0000000076e5efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
597	1e2c.1c48: 0000000076e5f000-0000000076e8dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
598	1e2c.1c48: 0000000076e8e000-0000000076e95fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
599	1e2c.1c48: 0000000076e96000-0000000076e96fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
600	1e2c.1c48: 0000000076e97000-0000000076e99fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
601	1e2c.1c48: 0000000076e9a000-0000000076f08fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
602	1e2c.1c48: 0000000076f09000-000000006ee41fff 0x0001/0x0000 0x0000000
603	1e2c.1c48: *000000007efd0000-000000007efbffff 0x0040/0x0040 0x0020000 !!
604	1e2c.1c48: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 000000007efd0000 (LB 0x10000, 000000007efd0000 LB 0x10000)
605	1e2c.1c48: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [000000007efd0000/000000007efd0000 LB 0/0x10000]
606	1e2c.1c48: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/000000007efd0000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
607	1e2c.1c48: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
608	1e2c.1c48: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
609	1e2c.1c48: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
610	1e2c.1c48: 000000007fff0000-ffffffffc0d1ffff 0x0001/0x0000 0x0000000
611	1e2c.1c48: *000000013f2c0000-000000013f2c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
612	1e2c.1c48: 000000013f2c1000-000000013f347fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
613	1e2c.1c48: 000000013f348000-000000013f348fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
614	1e2c.1c48: 000000013f349000-000000013f393fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
615	1e2c.1c48: 000000013f394000-000000013f394fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
616	1e2c.1c48: 000000013f395000-000000013f395fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
617	1e2c.1c48: 000000013f396000-000000013f39afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
618	1e2c.1c48: 000000013f39b000-000000013f39bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
619	1e2c.1c48: 000000013f39c000-000000013f39cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
620	1e2c.1c48: 000000013f39d000-000000013f3a0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
621	1e2c.1c48: 000000013f3a1000-000000013f3ebfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
622	1e2c.1c48: 000000013f3ec000-fffff8037f757fff 0x0001/0x0000 0x0000000
623	1e2c.1c48: *000007feff080000-000007feff080fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
624	1e2c.1c48: 000007feff081000-000007fdfe151fff 0x0001/0x0000 0x0000000
625	1e2c.1c48: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
626	1e2c.1c48: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000
627	1e2c.1c48: *000007fffffdd000-000007fffffdafff 0x0004/0x0004 0x0020000
628	1e2c.1c48: *000007fffffdf000-000007fffffddfff 0x0004/0x0004 0x0020000
629	1e2c.1c48: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
630	1e2c.1c48: apisetschema.dll: timestamp 0x568428c9 (rc=VINF_SUCCESS)
631	1e2c.1c48: VirtualBox.exe: timestamp 0x56d9b7eb (rc=VINF_SUCCESS)
632	1e2c.1c48: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
633	1e2c.1c48: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports
634	1e2c.1c48: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
635	1e2c.1c48: ntdll.dll: Differences in section #1 (.text) between file and memory:
636	1e2c.1c48: 0000000076daf1c0 / 0x004f1c0: 4c != e9
637	1e2c.1c48: 0000000076daf1c1 / 0x004f1c1: 8b != 3b
638	1e2c.1c48: 0000000076daf1c2 / 0x004f1c2: d1 != 0e
639	1e2c.1c48: 0000000076daf1c3 / 0x004f1c3: b8 != 22
640	1e2c.1c48: 0000000076daf1c4 / 0x004f1c4: 7e != 08
641	1e2c.1c48: Restored 0x2000 bytes of original file content at 0000000076dad63e
642	1e2c.1c48: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x800 cPatchCount=0
643	1e2c.1c48: supR3HardNtChildPurify: Startup delay kludge #1/1: 518 ms, 59 sleeps
644	1e2c.1c48: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
645	1e2c.1c48: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
646	1e2c.1c48: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
647	1e2c.1c48: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
648	1e2c.1c48: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
649	1e2c.1c48: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
650	1e2c.1c48: 0000000000041000-fffffffffff71fff 0x0001/0x0000 0x0000000
651	1e2c.1c48: *0000000000110000-0000000000013fff 0x0000/0x0004 0x0020000
652	1e2c.1c48: 000000000020c000-0000000000208fff 0x0104/0x0004 0x0020000
653	1e2c.1c48: 000000000020f000-000000000020dfff 0x0004/0x0004 0x0020000
654	1e2c.1c48: 0000000000210000-ffffffff896bffff 0x0001/0x0000 0x0000000
655	1e2c.1c48: *0000000076d60000-0000000076d60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
656	1e2c.1c48: 0000000076d61000-0000000076e5efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
657	1e2c.1c48: 0000000076e5f000-0000000076e8dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
658	1e2c.1c48: 0000000076e8e000-0000000076e95fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
659	1e2c.1c48: 0000000076e96000-0000000076e96fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
660	1e2c.1c48: 0000000076e97000-0000000076e97fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
661	1e2c.1c48: 0000000076e98000-0000000076e99fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
662	1e2c.1c48: 0000000076e9a000-0000000076f08fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
663	1e2c.1c48: 0000000076f09000-000000006ee31fff 0x0001/0x0000 0x0000000
664	1e2c.1c48: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
665	1e2c.1c48: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
666	1e2c.1c48: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
667	1e2c.1c48: 000000007fff0000-ffffffffc0d1ffff 0x0001/0x0000 0x0000000
668	1e2c.1c48: *000000013f2c0000-000000013f2c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
669	1e2c.1c48: 000000013f2c1000-000000013f347fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
670	1e2c.1c48: 000000013f348000-000000013f348fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
671	1e2c.1c48: 000000013f349000-000000013f393fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
672	1e2c.1c48: 000000013f394000-000000013f3a0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
673	1e2c.1c48: 000000013f3a1000-000000013f3ebfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
674	1e2c.1c48: 000000013f3ec000-fffff8037f757fff 0x0001/0x0000 0x0000000
675	1e2c.1c48: *000007feff080000-000007feff080fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
676	1e2c.1c48: 000007feff081000-000007fdfe151fff 0x0001/0x0000 0x0000000
677	1e2c.1c48: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
678	1e2c.1c48: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000
679	1e2c.1c48: *000007fffffdd000-000007fffffdafff 0x0004/0x0004 0x0020000
680	1e2c.1c48: *000007fffffdf000-000007fffffddfff 0x0004/0x0004 0x0020000
681	1e2c.1c48: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
682	1e2c.1c48: supR3HardNtChildPurify: Done after 1341 ms and 2 fixes (loop #1).
683	2140.19c8: Log file opened: 5.0.16r105871 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
684	2140.19c8: supR3HardenedVmProcessInit: uNtDllAddr=0000000076d60000 g_uNtVerCombined=0x611db100
685	2140.19c8: ntdll.dll: timestamp 0x568429e5 (rc=VINF_SUCCESS)
686	2140.19c8: New simple heap: #1 0000000000310000 LB 0x400000 (for 1740800 allocation)
687	1e2c.1c48: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000260000 LB 0x400000)
688	1e2c.1c48: supR3HardNtEnableThreadCreation:
689	2140.19c8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
690	2140.19c8: System32: \Device\HarddiskVolume1\Windows\System32
691	2140.19c8: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
692	2140.19c8: KnownDllPath: C:\Windows\system32
693	2140.19c8: supR3HardenedVmProcessInit: Opening vboxdrv...
694	2140.19c8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
695	2140.19c8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
696	2140.19c8: Registered Dll notification callback with NTDLL.
697	2140.19c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
698	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
699	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
700	2140.19c8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
701	2140.19c8: supR3HardenedDllNotificationCallback: load 0000000076b40000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
702	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
703	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefcbd0000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
704	2140.19c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
705	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
706	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076b40000 'C:\Windows\system32\kernel32.dll'
707	2140.19c8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076d8b630 pvNtTerminateThread=0000000076dadee0
708	1e2c.1c48: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 26 ms.
709	2140.19c8: \SystemRoot\System32\ntdll.dll:
710	2140.19c8: CreationTime: 2016-01-16T13:40:29.643768300Z
711	2140.19c8: LastWriteTime: 2016-01-16T13:40:29.643768300Z
712	2140.19c8: ChangeTime: 2016-02-26T07:25:44.265625000Z
713	2140.19c8: FileAttributes: 0x20
714	2140.19c8: Size: 0x1a67c0
715	2140.19c8: NT Headers: 0xe0
716	2140.19c8: Timestamp: 0x568429e5
717	2140.19c8: Machine: 0x8664 - amd64
718	2140.19c8: Timestamp: 0x568429e5
719	2140.19c8: Image Version: 6.1
720	2140.19c8: SizeOfImage: 0x1a9000 (1740800)
721	2140.19c8: Resource Dir: 0x14d000 LB 0x5a028
722	2140.19c8: ProductName: Microsoft® Windows® Operating System
723	2140.19c8: ProductVersion: 6.1.7601.19110
724	2140.19c8: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
725	2140.19c8: FileDescription: NT Layer DLL
726	2140.19c8: \SystemRoot\System32\kernel32.dll:
727	2140.19c8: CreationTime: 2016-01-16T13:40:29.659368300Z
728	2140.19c8: LastWriteTime: 2016-01-16T13:40:29.659368300Z
729	2140.19c8: ChangeTime: 2016-02-26T07:25:41.578125000Z
730	2140.19c8: FileAttributes: 0x20
731	2140.19c8: Size: 0x11c000
732	2140.19c8: NT Headers: 0xe8
733	2140.19c8: Timestamp: 0x568429dc
734	2140.19c8: Machine: 0x8664 - amd64
735	2140.19c8: Timestamp: 0x568429dc
736	2140.19c8: Image Version: 6.1
737	2140.19c8: SizeOfImage: 0x11f000 (1175552)
738	2140.19c8: Resource Dir: 0x116000 LB 0x528
739	2140.19c8: ProductName: Microsoft® Windows® Operating System
740	2140.19c8: ProductVersion: 6.1.7601.19110
741	2140.19c8: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
742	2140.19c8: FileDescription: Windows NT BASE API Client DLL
743	2140.19c8: \SystemRoot\System32\KernelBase.dll:
744	2140.19c8: CreationTime: 2016-01-16T13:40:29.674968400Z
745	2140.19c8: LastWriteTime: 2016-01-16T13:40:29.674968400Z
746	2140.19c8: ChangeTime: 2016-02-26T07:25:41.484375000Z
747	2140.19c8: FileAttributes: 0x20
748	2140.19c8: Size: 0x67a00
749	2140.19c8: NT Headers: 0xe8
750	2140.19c8: Timestamp: 0x568429dd
751	2140.19c8: Machine: 0x8664 - amd64
752	2140.19c8: Timestamp: 0x568429dd
753	2140.19c8: Image Version: 6.1
754	2140.19c8: SizeOfImage: 0x6c000 (442368)
755	2140.19c8: Resource Dir: 0x6a000 LB 0x530
756	2140.19c8: ProductName: Microsoft® Windows® Operating System
757	2140.19c8: ProductVersion: 6.1.7601.19110
758	2140.19c8: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
759	2140.19c8: FileDescription: Windows NT BASE API Client DLL
760	2140.19c8: \SystemRoot\System32\apisetschema.dll:
761	2140.19c8: CreationTime: 2016-01-16T13:40:29.643768300Z
762	2140.19c8: LastWriteTime: 2016-01-16T13:40:29.643768300Z
763	2140.19c8: ChangeTime: 2016-02-26T07:25:38.265625000Z
764	2140.19c8: FileAttributes: 0x20
765	2140.19c8: Size: 0x1a00
766	2140.19c8: NT Headers: 0xc0
767	2140.19c8: Timestamp: 0x568428c9
768	2140.19c8: Machine: 0x8664 - amd64
769	2140.19c8: Timestamp: 0x568428c9
770	2140.19c8: Image Version: 6.1
771	2140.19c8: SizeOfImage: 0x50000 (327680)
772	2140.19c8: Resource Dir: 0x30000 LB 0x3f8
773	2140.19c8: ProductName: Microsoft® Windows® Operating System
774	2140.19c8: ProductVersion: 6.1.7601.19110
775	2140.19c8: FileVersion: 6.1.7601.19110 (win7sp1_gdr.151230-0600)
776	2140.19c8: FileDescription: ApiSet Schema DLL
777	2140.19c8: Found driver inspect (0x800)
778	2140.19c8: Found driver cmdHlp (0x800)
779	2140.19c8: supR3HardenedWinFindAdversaries: 0x800
780	2140.19c8: \SystemRoot\System32\drivers\cmdguard.sys:
781	2140.19c8: CreationTime: 2015-11-18T16:14:30.000000000Z
782	2140.19c8: LastWriteTime: 2016-03-21T19:19:25.655000000Z
783	2140.19c8: ChangeTime: 2016-03-28T15:01:39.195312500Z
784	2140.19c8: FileAttributes: 0x2020
785	2140.19c8: Size: 0xc9030
786	2140.19c8: NT Headers: 0xf0
787	2140.19c8: Timestamp: 0x56f03e6a
788	2140.19c8: Machine: 0x8664 - amd64
789	2140.19c8: Timestamp: 0x56f03e6a
790	2140.19c8: Image Version: 6.1
791	2140.19c8: SizeOfImage: 0xd2000 (860160)
792	2140.19c8: Resource Dir: 0xcf000 LB 0x3e8
793	2140.19c8: ProductName: COMODO Internet Security Sandbox Driver
794	2140.19c8: ProductVersion: 8, 2, 0, 4978
795	2140.19c8: FileVersion: 8, 2, 0, 4978 built by: WinDDK
796	2140.19c8: FileDescription: COMODO Internet Security Sandbox Driver
797	2140.19c8: \SystemRoot\System32\drivers\cmderd.sys:
798	2140.19c8: CreationTime: 2015-11-18T16:14:26.000000000Z
799	2140.19c8: LastWriteTime: 2016-03-21T19:19:19.644000000Z
800	2140.19c8: ChangeTime: 2016-03-28T15:01:39.195312500Z
801	2140.19c8: FileAttributes: 0x2020
802	2140.19c8: Size: 0x7ba0
803	2140.19c8: NT Headers: 0xe0
804	2140.19c8: Timestamp: 0x56f03e38
805	2140.19c8: Machine: 0x8664 - amd64
806	2140.19c8: Timestamp: 0x56f03e38
807	2140.19c8: Image Version: 6.1
808	2140.19c8: SizeOfImage: 0x9000 (36864)
809	2140.19c8: Resource Dir: 0x7000 LB 0x3f0
810	2140.19c8: ProductName: COMODO Internet Security Eradication Driver
811	2140.19c8: ProductVersion: 8, 2, 0, 4978
812	2140.19c8: FileVersion: 8, 2, 0, 4978 built by: WinDDK
813	2140.19c8: FileDescription: COMODO Internet Security Eradication Driver
814	2140.19c8: \SystemRoot\System32\drivers\inspect.sys:
815	2140.19c8: CreationTime: 2015-08-04T23:31:28.000000000Z
816	2140.19c8: LastWriteTime: 2016-03-21T19:19:37.672000000Z
817	2140.19c8: ChangeTime: 2016-03-28T15:01:39.234375000Z
818	2140.19c8: FileAttributes: 0x2020
819	2140.19c8: Size: 0x1c618
820	2140.19c8: NT Headers: 0xe0
821	2140.19c8: Timestamp: 0x56f03e40
822	2140.19c8: Machine: 0x8664 - amd64
823	2140.19c8: Timestamp: 0x56f03e40
824	2140.19c8: Image Version: 6.1
825	2140.19c8: SizeOfImage: 0x1d000 (118784)
826	2140.19c8: Resource Dir: 0x1b000 LB 0x3e8
827	2140.19c8: ProductName: COMODO Internet Security Firewall Driver
828	2140.19c8: ProductVersion: 8, 2, 0, 4978
829	2140.19c8: FileVersion: 8, 2, 0, 4978 built by: WinDDK
830	2140.19c8: FileDescription: COMODO Internet Security Firewall Driver
831	2140.19c8: \SystemRoot\System32\drivers\cmdhlp.sys:
832	2140.19c8: CreationTime: 2015-08-04T23:31:26.000000000Z
833	2140.19c8: LastWriteTime: 2016-03-21T19:19:31.664000000Z
834	2140.19c8: ChangeTime: 2016-03-28T15:01:39.196289000Z
835	2140.19c8: FileAttributes: 0x2020
836	2140.19c8: Size: 0xdc90
837	2140.19c8: NT Headers: 0xe8
838	2140.19c8: Timestamp: 0x56f03e4b
839	2140.19c8: Machine: 0x8664 - amd64
840	2140.19c8: Timestamp: 0x56f03e4b
841	2140.19c8: Image Version: 6.1
842	2140.19c8: SizeOfImage: 0xd000 (53248)
843	2140.19c8: Resource Dir: 0xc000 LB 0x3e0
844	2140.19c8: ProductName: COMODO Internet Security Helper Driver
845	2140.19c8: ProductVersion: 8, 2, 0, 4978
846	2140.19c8: FileVersion: 8, 2, 0, 4978 built by: WinDDK
847	2140.19c8: FileDescription: COMODO Internet Security Helper Driver
848	2140.19c8: \SystemRoot\System32\guard64.dll:
849	2140.19c8: CreationTime: 2015-09-03T10:52:02.000000000Z
850	2140.19c8: LastWriteTime: 2016-03-21T19:17:19.458000000Z
851	2140.19c8: ChangeTime: 2016-03-28T15:01:33.421875000Z
852	2140.19c8: FileAttributes: 0x2020
853	2140.19c8: Size: 0x91908
854	2140.19c8: NT Headers: 0x118
855	2140.19c8: Timestamp: 0x56f03e9b
856	2140.19c8: Machine: 0x8664 - amd64
857	2140.19c8: Timestamp: 0x56f03e9b
858	2140.19c8: Image Version: 0.0
859	2140.19c8: SizeOfImage: 0x96000 (614400)
860	2140.19c8: Resource Dir: 0x93000 LB 0xd80
861	2140.19c8: ProductName: COMODO Internet Security
862	2140.19c8: ProductVersion: 8, 2, 0, 4978
863	2140.19c8: FileVersion: 8, 2, 0, 4978
864	2140.19c8: FileDescription: COMODO Internet Security
865	2140.19c8: \SystemRoot\System32\cmdvrt64.dll:
866	2140.19c8: CreationTime: 2015-08-04T23:28:52.000000000Z
867	2140.19c8: LastWriteTime: 2016-03-21T19:15:25.273000000Z
868	2140.19c8: ChangeTime: 2016-03-28T15:01:33.190429600Z
869	2140.19c8: FileAttributes: 0x2020
870	2140.19c8: Size: 0x592b8
871	2140.19c8: NT Headers: 0x100
872	2140.19c8: Timestamp: 0x56f03e9d
873	2140.19c8: Machine: 0x8664 - amd64
874	2140.19c8: Timestamp: 0x56f03e9d
875	2140.19c8: Image Version: 0.0
876	2140.19c8: SizeOfImage: 0x5d000 (380928)
877	2140.19c8: Resource Dir: 0x5b000 LB 0x5ac
878	2140.19c8: ProductName: COMODO Internet Security
879	2140.19c8: ProductVersion: 8, 2, 0, 4978
880	2140.19c8: FileVersion: 8, 2, 0, 4978
881	2140.19c8: FileDescription: COMODO Internet Security
882	2140.19c8: \SystemRoot\System32\cmdkbd64.dll:
883	2140.19c8: CreationTime: 2015-08-04T23:28:22.000000000Z
884	2140.19c8: LastWriteTime: 2016-03-21T19:14:31.191000000Z
885	2140.19c8: ChangeTime: 2016-03-28T15:01:33.189453100Z
886	2140.19c8: FileAttributes: 0x2020
887	2140.19c8: Size: 0xcab8
888	2140.19c8: NT Headers: 0xe8
889	2140.19c8: Timestamp: 0x56f03e93
890	2140.19c8: Machine: 0x8664 - amd64
891	2140.19c8: Timestamp: 0x56f03e93
892	2140.19c8: Image Version: 0.0
893	2140.19c8: SizeOfImage: 0xf000 (61440)
894	2140.19c8: Resource Dir: 0xd000 LB 0x5ac
895	2140.19c8: ProductName: COMODO Internet Security
896	2140.19c8: ProductVersion: 8, 2, 0, 4978
897	2140.19c8: FileVersion: 8, 2, 0, 4978
898	2140.19c8: FileDescription: COMODO Internet Security
899	2140.19c8: \SystemRoot\System32\cmdcsr.dll:
900	2140.19c8: CreationTime: 2015-08-04T23:29:58.000000000Z
901	2140.19c8: LastWriteTime: 2016-03-21T19:17:37.482000000Z
902	2140.19c8: ChangeTime: 2016-03-28T15:01:33.188476500Z
903	2140.19c8: FileAttributes: 0x2020
904	2140.19c8: Size: 0xca58
905	2140.19c8: NT Headers: 0xd8
906	2140.19c8: Timestamp: 0x56f03e90
907	2140.19c8: Machine: 0x8664 - amd64
908	2140.19c8: Timestamp: 0x56f03e90
909	2140.19c8: Image Version: 0.0
910	2140.19c8: SizeOfImage: 0xc000 (49152)
911	2140.19c8: Resource Dir: 0xa000 LB 0x4a8
912	2140.19c8: ProductName: COMODO Internet Security
913	2140.19c8: ProductVersion: 8, 2, 0, 4978
914	2140.19c8: FileVersion: 8, 2, 0, 4978
915	2140.19c8: FileDescription: COMODO Internet Security
916	2140.19c8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
917	2140.19c8: Calling main()
918	2140.19c8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
919	2140.19c8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
920	2140.19c8: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
921	2140.19c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
922	2140.19c8: SUPR3HardenedMain: Final process, opening VBoxDrv...
923	2140.19c8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000310000 LB 0x400000)
924	2140.19c8: supR3HardNtEnableThreadCreation:
925	2140.19c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
926	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
927	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3df0:C:\Windows\system32 [calling]
928	2140.19c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
929	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fef6e20000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
930	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
931	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
932	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
933	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6e20000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
934	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
935	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
936	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6e20000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
937	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6e20000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
938	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
939	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
940	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
941	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
942	2140.19c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\wintrust.dll)
943	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wintrust.dll
944	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
945	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
946	2140.19c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll)
947	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
948	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
949	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
950	2140.19c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msasn1.dll)
951	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msasn1.dll
952	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
953	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
954	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
955	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
956	2140.19c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\crypt32.dll)
957	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\crypt32.dll
958	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
959	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
960	2140.19c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msvcrt.dll)
961	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
962	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
963	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
964	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
965	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
966	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
967	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
968	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3df0:C:\Windows\system32 [calling]
969	2140.19c8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
970	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefcb70000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
971	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
972	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefd360000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
973	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
974	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefcc40000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
975	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
976	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefcb00000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
977	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
978	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefcfa0000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
979	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
980	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb70000 'C:\Windows\system32\Wintrust.dll'
981	2140.19c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\bcrypt.dll)
982	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcrypt.dll
983	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008290a0:C:\Windows\system32 [calling]
984	2140.19c8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
985	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefc3a0000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
986	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
987	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc3a0000 'C:\Windows\system32\bcrypt.dll'
988	2140.19c8: bcrypt.dll loaded at 000007fefc3a0000, BCryptOpenAlgorithmProvider at 000007fefc3a2640, preloading providers:
989	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
990	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
991	2140.19c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll)
992	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll
993	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
994	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
995	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
996	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
997	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
998	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
999	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
1000	2140.19c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\advapi32.dll)
1001	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\advapi32.dll
1002	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1003	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1004	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1005	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1006	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1007	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1008	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1009	2140.19c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
1010	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefbe70000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
1011	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
1012	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefdad0000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
1013	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1014	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
1015	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
1016	2140.19c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\sechost.dll)
1017	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sechost.dll
1018	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefee40000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
1019	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\sechost.dll [lacks WinVerifyTrust]
1020	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe70000 'C:\Windows\system32\bcryptprimitives.dll'
1021	2140.19c8: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000082a6a0)
1022	2140.19c8: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000082d6c0)
1023	2140.19c8: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000082d7e0)
1024	2140.19c8: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000082d9f0)
1025	2140.19c8: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000082db10)
1026	2140.19c8: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000082dc30)
1027	2140.19c8: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=000000000082de70)
1028	2140.19c8: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=000000000082df90)
1029	2140.19c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptsp.dll)
1030	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptsp.dll
1031	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1032	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1033	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1034	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1035	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1036	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1037	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1038	2140.19c8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
1039	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefc230000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
1040	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
1041	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc230000 'C:\Windows\system32\CRYPTSP.dll'
1042	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1043	2140.19c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rsaenh.dll)
1044	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rsaenh.dll
1045	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1046	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1047	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1048	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1049	2140.19c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1050	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefbf30000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
1051	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1052	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbf30000 'C:\Windows\system32\rsaenh.dll'
1053	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1054	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1055	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdad0000 'C:\Windows\system32\ADVAPI32.dll'
1056	2140.19c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptbase.dll)
1057	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptbase.dll
1058	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1059	2140.19c8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
1060	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefc970000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
1061	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
1062	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc970000 'C:\Windows\system32\CRYPTBASE.dll'
1063	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1064	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1065	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076b40000 'C:\Windows\system32\kernel32.dll'
1066	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1067	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1068	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb70000 'C:\Windows\system32\WINTRUST.DLL'
1069	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1070	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1071	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc40000 'C:\Windows\system32\CRYPT32.dll'
1072	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1073	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
1074	2140.19c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\imagehlp.dll)
1075	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\imagehlp.dll
1076	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1077	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1078	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1079	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1080	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1081	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1082	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1083	2140.19c8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
1084	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefef70000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
1085	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
1086	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef70000 'C:\Windows\system32\imagehlp.dll'
1087	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
1088	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1089	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc230000 'C:\Windows\system32\CRYPTSP.dll'
1090	2140.19c8: \Device\HarddiskVolume1\Windows\System32\user32.dll: Owner is administrators group.
1091	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1092	2140.19c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\user32.dll)
1093	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\user32.dll
1094	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1095	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1096	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1097	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
1098	2140.19c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\gdi32.dll)
1099	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gdi32.dll
1100	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
1101	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume1\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
1102	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1103	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
1104	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
1105	2140.19c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\lpk.dll)
1106	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\lpk.dll
1107	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1108	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1109	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
1110	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
1111	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume1\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
1112	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1113	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1114	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1115	2140.19c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\usp10.dll)
1116	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\usp10.dll
1117	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1118	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1119	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
1120	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1121	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1122	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1123	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1124	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1125	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1126	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1127	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1128	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
1129	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1130	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1131	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1132	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1133	2140.19c8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
1134	2140.19c8: supR3HardenedDllNotificationCallback: load 0000000076c60000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
1135	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
1136	2140.19c8: supR3HardenedDllNotificationCallback: load 000007feff000000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
1137	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1138	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefeff0000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
1139	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\lpk.dll [lacks WinVerifyTrust]
1140	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefd520000 LB 0x000ca000 C:\Windows\system32\USP10.dll [fFlags=0x0]
1141	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\usp10.dll [lacks WinVerifyTrust]
1142	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1143	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1144	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff000000 'C:\Windows\system32\gdi32.dll'
1145	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
1146	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1147	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
1148	2140.19c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\imm32.dll)
1149	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\imm32.dll
1150	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
1151	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume1\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
1152	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1153	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1154	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
1155	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
1156	2140.19c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msctf.dll)
1157	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msctf.dll
1158	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1159	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1160	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1161	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1162	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1163	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
1164	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1165	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1166	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust]
1167	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1168	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1169	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1170	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1171	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1172	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
1173	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1174	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1175	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1176	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1177	2140.19c8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust]
1178	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefd400000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
1179	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust]
1180	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefee60000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
1181	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msctf.dll [lacks WinVerifyTrust]
1182	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd400000 'C:\Windows\system32\IMM32.DLL'
1183	2140.19c8: \Device\HarddiskVolume1\Program Files (x86)\KeyCryptSDK: Owner is administrators group.
1184	2140.19c8: supHardenedWinVerifyImageByHandle: -> -23021 (\Device\HarddiskVolume1\Program Files (x86)\KeyCryptSDK潎敮漠⁦桴⁥‱慰桴猨
1185	慨敶愠琠畲瑳愠据潨⹲›䑜癥捩履慈摲楤歳潖畬敭就牐杯慲⁭楆敬⁳砨㘸尩敋䍹祲瑰䑓躽闦ꂼ臢뒡臢놀藦뒡賧ꦀ藦뚕蓦ꂐ闧뎑蓦꺍뷦늹胢º)
1186	2140.19c8: Error (rc=0):
1187	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume1\Program Files (x86)\KeyCryptSDK潎敮漠⁦桴⁥‱慰桴猨
1188	慨敶愠琠畲瑳愠据潨⹲›䑜癥捩履慈摲楤歳潖畬敭就牐杯慲⁭楆敬⁳砨㘸尩敋䍹祲瑰䑓躽闦ꂼ臢뒡臢놀藦뒡賧ꦀ藦뚕蓦ꂐ闧뎑蓦꺍뷦늹胢º: None of the 1 path(s) have a trust anchor.: \Device\HarddiskVolume1\Program Files (x86)\KeyCryptSDK潎敮漠⁦桴⁥‱慰桴猨
1189	慨敶愠琠畲瑳愠据潨⹲›
1190	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files (x86)\KeyCryptSDK潎敮漠⁦桴⁥‱慰桴猨
1191	慨敶愠琠畲瑳愠据潨⹲›䑜癥捩履慈摲楤歳潖畬敭就牐杯慲⁭楆敬⁳砨㘸尩敋䍹祲瑰䑓躽闦ꂼ臢뒡臢놀藦뒡賧ꦀ藦뚕蓦ꂐ闧뎑蓦꺍뷦늹胢º
1192	2140.19c8: Error (rc=0):
1193	2140.19c8: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL' (C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL): rcNt=0xc0000190
1194	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL'
1195	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076c60000 'C:\Windows\system32\USER32.dll'
1196	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
1197	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1198	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
1199	2140.19c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\ncrypt.dll)
1200	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ncrypt.dll
1201	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
1202	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
1203	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
1204	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1205	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1206	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1207	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
1208	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
1209	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1210	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1211	2140.19c8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
1212	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefc3d0000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
1213	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
1214	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc3d0000 'C:\Windows\system32\ncrypt.dll'
1215	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1216	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1217	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc3a0000 'C:\Windows\system32\bcrypt.dll'
1218	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1219	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
1220	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
1221	2140.19c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\userenv.dll)
1222	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\userenv.dll
1223	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
1224	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
1225	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1226	2140.19c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\profapi.dll)
1227	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\profapi.dll
1228	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1229	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1230	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1231	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1232	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1233	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1234	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1235	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1236	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1237	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1238	2140.19c8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\userenv.dll [lacks WinVerifyTrust]
1239	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefcb40000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
1240	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\userenv.dll [lacks WinVerifyTrust]
1241	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefcb10000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
1242	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\profapi.dll [lacks WinVerifyTrust]
1243	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb40000 'C:\Windows\system32\USERENV.dll'
1244	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1245	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee40000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1246	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1247	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee40000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1248	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1249	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1250	2140.19c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\gpapi.dll)
1251	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gpapi.dll
1252	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1253	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1254	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1255	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1256	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1257	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1258	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1259	2140.19c8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
1260	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefbcc0000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
1261	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
1262	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbcc0000 'C:\Windows\system32\GPAPI.dll'
1263	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1264	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee40000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1265	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1266	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1267	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfa0000 'C:\Windows\system32\rpcrt4.dll'
1268	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1269	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee40000 'API-MS-WIN-Service-Management-L2-1-0.dll'
1270	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1271	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee40000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1272	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1273	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
1274	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
1275	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
1276	2140.19c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptnet.dll)
1277	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptnet.dll
1278	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
1279	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume1\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
1280	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1281	2140.19c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\Wldap32.dll)
1282	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\Wldap32.dll
1283	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
1284	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
1285	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1286	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1287	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1288	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1289	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1290	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1291	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1292	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1293	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1294	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1295	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1296	2140.19c8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1297	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefaab0000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
1298	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1299	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefef90000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
1300	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
1301	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1302	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1303	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaab0000 'C:\Windows\system32\cryptnet.dll'
1304	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1305	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1306	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaab0000 'C:\Windows\system32\cryptnet.dll'
1307	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1308	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1309	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaab0000 'C:\Windows\system32\cryptnet.dll'
1310	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1311	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1312	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaab0000 'C:\Windows\system32\cryptnet.dll'
1313	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1314	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1315	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaab0000 'C:\Windows\system32\cryptnet.dll'
1316	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1317	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1318	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaab0000 'C:\Windows\system32\cryptnet.dll'
1319	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1320	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaab0000 'C:\Windows\system32\cryptnet.dll'
1321	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1322	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaab0000 'C:\Windows\system32\cryptnet.dll'
1323	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1324	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaab0000 'C:\Windows\system32\cryptnet.dll'
1325	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1326	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaab0000 'C:\Windows\system32\cryptnet.dll'
1327	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1328	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaab0000 'C:\Windows\system32\cryptnet.dll'
1329	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaab0000 'C:\Windows\system32\cryptnet.dll'
1330	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1331	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaab0000 'C:\Windows\system32\cryptnet.dll'
1332	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1333	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee40000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1334	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\profapi.dll [lacks WinVerifyTrust]
1335	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1336	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb10000 'C:\Windows\system32\profapi.dll'
1337	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1338	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1339	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
1340	2140.19c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\shlwapi.dll)
1341	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
1342	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1343	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1344	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1345	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1346	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1347	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
1348	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1349	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1350	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1351	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1352	2140.19c8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1353	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefd2e0000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
1354	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1355	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2e0000 'C:\Windows\system32\SHLWAPI.dll'
1356	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
1357	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000008b58e0
1358	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1359	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=99113493CCEA6CE03AD58304FCE46D35B665BC85
1360	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1361	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee40000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1362	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1363	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee40000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1364	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1365	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee40000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
1366	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1367	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1368	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdad0000 'C:\Windows\system32\ADVAPI32.dll'
1369	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1370	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee40000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1371	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1372	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee40000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1373	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3121212~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\SystemRoot\System32\ntdll.dll'
1374	2140.19c8: g_pfnWinVerifyTrust=000007fefcb71010
1375	2140.19c8: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
1376	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume1\Windows\System32\crypt32.dll
1377	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1378	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1379	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BFD41401EDEBD4D914977D62B588ECABEE60CFD3
1380	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_112_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\crypt32.dll'
1381	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1382	2140.19c8: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\crypt32.dll'
1383	2140.19c8: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
1384	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume1\Windows\System32\wintrust.dll
1385	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1386	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1387	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E1BBE4EB6D114F50142F24E2E2749EFD81021486
1388	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\wintrust.dll'
1389	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1390	2140.19c8: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\wintrust.dll'
1391	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000394 pwszName=\Device\HarddiskVolume1\Windows\System32\shlwapi.dll
1392	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1393	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1394	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
1395	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\shlwapi.dll'
1396	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1397	2140.19c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll'
1398	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000388 pwszName=\Device\HarddiskVolume1\Windows\System32\Wldap32.dll
1399	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1400	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1401	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
1402	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\Wldap32.dll'
1403	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1404	2140.19c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\Wldap32.dll'
1405	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000384 pwszName=\Device\HarddiskVolume1\Windows\System32\cryptnet.dll
1406	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1407	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1408	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=756DC088EE40CF9369C990D71B200F3CB59FC35D
1409	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\cryptnet.dll'
1410	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1411	2140.19c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptnet.dll'
1412	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000264 pwszName=\Device\HarddiskVolume1\Windows\System32\gpapi.dll
1413	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1414	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1415	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
1416	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\gpapi.dll'
1417	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1418	2140.19c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\gpapi.dll'
1419	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d0 pwszName=\Device\HarddiskVolume1\Windows\System32\profapi.dll
1420	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1421	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1422	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
1423	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\profapi.dll'
1424	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1425	2140.19c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\profapi.dll'
1426	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001cc pwszName=\Device\HarddiskVolume1\Windows\System32\userenv.dll
1427	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1428	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1429	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
1430	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\userenv.dll'
1431	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1432	2140.19c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\userenv.dll'
1433	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001ac pwszName=\Device\HarddiskVolume1\Windows\System32\ncrypt.dll
1434	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1435	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1436	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AF6214D5B4EE4D004FA11B4426B0E781D4E918A9
1437	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3121212~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume1\Windows\System32\ncrypt.dll'
1438	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1439	2140.19c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\ncrypt.dll'
1440	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume1\Windows\System32\msctf.dll
1441	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1442	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1443	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03916BC73EE5A0E312E3D3100D0ACE1B78E93BB1
1444	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3033889~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\msctf.dll'
1445	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1446	2140.19c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msctf.dll'
1447	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume1\Windows\System32\imm32.dll
1448	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1449	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1450	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
1451	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\imm32.dll'
1452	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1453	2140.19c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\imm32.dll'
1454	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume1\Windows\System32\usp10.dll
1455	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1456	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1457	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=31498ABFB06219E83141E0AA8B2A55C4CECFD033
1458	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3108670~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\usp10.dll'
1459	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1460	2140.19c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\usp10.dll'
1461	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume1\Windows\System32\lpk.dll
1462	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1463	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1464	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FDBA63132AE4F561C5CFC5478222E40A2DAA2ACC
1465	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3087039~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume1\Windows\System32\lpk.dll'
1466	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1467	2140.19c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\lpk.dll'
1468	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume1\Windows\System32\gdi32.dll
1469	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1470	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1471	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E200CE23C0ADD95195EBA5616D50363CEA00DB25
1472	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3124001~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
1473	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1474	2140.19c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
1475	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume1\Windows\System32\user32.dll
1476	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1477	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1478	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FB05A6DD4AF9AC247D37C4B7BAFCCBD178A41E64
1479	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
1480	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000008b58e0
1481	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1482	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FB05A6DD4AF9AC247D37C4B7BAFCCBD178A41E64
1483	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
1484	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000008b5ee0
1485	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5ee0
1486	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=7458187B83265348D287AC7AB34C0A5AD0EFDAA5040E43F37D2AC3DBEB747E20
1487	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
1488	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1489	2140.19c8: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\user32.dll'
1490	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume1\Windows\System32\imagehlp.dll
1491	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1492	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1493	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
1494	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\imagehlp.dll'
1495	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1496	2140.19c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\imagehlp.dll'
1497	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume1\Windows\System32\cryptbase.dll
1498	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1499	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1500	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C369CA0A282E9201E8C3399DEF1010F6DC0676FA
1501	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3121212~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume1\Windows\System32\cryptbase.dll'
1502	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1503	2140.19c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptbase.dll'
1504	2140.19c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\rsaenh.dll'
1505	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000012c pwszName=\Device\HarddiskVolume1\Windows\System32\cryptsp.dll
1506	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1507	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1508	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BA7AC4A7E8ADDFEA90AC951ECB6D6546E4873613
1509	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\cryptsp.dll'
1510	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1511	2140.19c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptsp.dll'
1512	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume1\Windows\System32\sechost.dll
1513	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1514	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1515	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323
1516	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\sechost.dll'
1517	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1518	2140.19c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\sechost.dll'
1519	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume1\Windows\System32\advapi32.dll
1520	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1521	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1522	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6964F437558F504725B2BE66A35240231044644F
1523	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3121918~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\advapi32.dll'
1524	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1525	2140.19c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\advapi32.dll'
1526	2140.19c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll'
1527	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume1\Windows\System32\bcrypt.dll
1528	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1529	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1530	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
1531	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\bcrypt.dll'
1532	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1533	2140.19c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll'
1534	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume1\Windows\System32\msvcrt.dll
1535	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1536	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1537	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
1538	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
1539	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1540	2140.19c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
1541	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume1\Windows\System32\msasn1.dll
1542	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1543	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1544	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
1545	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\msasn1.dll'
1546	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1547	2140.19c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msasn1.dll'
1548	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
1549	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1550	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1551	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DA2C80E31A4EEBFA49ACC284D4C1B701145978CB
1552	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3121212~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll'
1553	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1554	2140.19c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll'
1555	2140.19c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1556	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume1\Windows\System32\KernelBase.dll
1557	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1558	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1559	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=345936918DE59E26BE1BF613500ED5E48C26873F
1560	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3121212~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume1\Windows\System32\KernelBase.dll'
1561	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1562	2140.19c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\KernelBase.dll'
1563	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume1\Windows\System32\kernel32.dll
1564	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1565	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1566	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C5B3709F99BA1F5F78D42BD62B72E557388B5AE0
1567	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3121212~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume1\Windows\System32\kernel32.dll'
1568	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1569	2140.19c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\kernel32.dll'
1570	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
1571	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008d4d40:C:\Windows\system32 [calling]
1572	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc40000 'C:\Windows\system32\crypt32.dll'
1573	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1574	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1575	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1576	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1577	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1578	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1579	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0x89aff3418b3ce200 C=US, L=Silicon Valley, O=Authenticode, CN=Google
1580	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1581	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1582	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
1583	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1584	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
1585	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1586	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
1587	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
1588	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1589	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1590	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0x1591b8ac8dcabd00 C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign
1591	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1592	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
1593	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1594	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1595	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1596	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1597	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1598	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1599	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
1600	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1601	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, [email protected]
1602	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
1603	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1604	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
1605	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
1606	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1607	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1608	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1609	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1610	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
1611	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1612	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
1613	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1614	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
1615	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
1616	2140.19c8: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1617	2140.19c8: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=44
1618	2140.19c8: SUPR3HardenedMain: Load Runtime...
1619	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1620	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1621	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1622	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1623	2140.19c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1624	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1625	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1626	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1627	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
1628	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1629	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1630	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b8 pwszName=\Device\HarddiskVolume1\Windows\System32\ws2_32.dll
1631	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1632	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1633	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
1634	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\ws2_32.dll'
1635	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1636	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1637	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1638	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
1639	2140.19c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ws2_32.dll) WinVerifyTrust
1640	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
1641	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1642	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1643	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1644	2140.19c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1645	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
1646	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1647	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1648	2140.19c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1649	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
1650	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1651	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1652	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
1653	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1654	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1655	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000418 pwszName=\Device\HarddiskVolume1\Windows\System32\nsi.dll
1656	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1657	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1658	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
1659	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\nsi.dll'
1660	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1661	2140.19c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\nsi.dll) WinVerifyTrust
1662	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\nsi.dll
1663	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1664	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1665	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
1666	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1667	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1668	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
1669	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000085d220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1670	2140.19c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1671	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fee4790000 LB 0x0055a000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1672	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1673	2140.19c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
1674	2140.19c8: supR3HardenedDllNotificationCallback: load 0000000073c70000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1675	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
1676	2140.19c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
1677	2140.19c8: supR3HardenedDllNotificationCallback: load 0000000073bd0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1678	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
1679	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefd4d0000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
1680	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
1681	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefdd90000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
1682	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll
1683	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1684	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1685	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4790000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1686	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1687	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1688	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4790000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1689	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1690	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1691	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4790000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1692	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1693	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1694	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4790000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1695	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1696	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1697	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4790000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1698	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1699	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1700	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4790000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1701	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4790000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1702	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4790000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1703	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4790000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1704	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4790000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1705	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4790000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1706	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4790000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1707	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4790000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1708	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1709	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1710	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4790000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1711	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4790000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1712	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4790000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1713	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4790000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1714	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4790000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1715	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4790000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1716	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4790000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1717	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4790000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1718	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4790000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1719	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4790000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1720	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4790000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1721	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4790000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1722	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4790000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1723	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4790000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1724	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4790000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1725	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4790000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1726	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1727	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e4220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\OpenVPN\bin [calling]
1728	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4790000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1729	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4790000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1730	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4790000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1731	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4790000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1732	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll
1733	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000755960:C:\Windows\system32 [calling]
1734	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb70000 'C:\Windows\system32\Wintrust.dll'
1735	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
1736	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000755960:C:\Windows\system32 [calling]
1737	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc40000 'C:\Windows\system32\crypt32.dll'
1738	2140.19c8: SUPR3HardenedMain: Load TrustedMain...
1739	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1740	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1741	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1742	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1743	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1744	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
1745	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtopenglvbox4.dll'.
1746	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1747	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1748	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'advapi32.dll'.
1749	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'shell32.dll'.
1750	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ole32.dll'.
1751	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'oleaut32.dll'.
1752	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'comdlg32.dll'.
1753	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
1754	2140.19c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
1755	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.dll
1756	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1757	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1758	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000458 pwszName=\Device\HarddiskVolume1\Windows\System32\winmm.dll
1759	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1760	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1761	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
1762	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\winmm.dll'
1763	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1764	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1765	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1766	2140.19c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winmm.dll) WinVerifyTrust
1767	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winmm.dll
1768	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1769	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume1\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1770	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000438 pwszName=\Device\HarddiskVolume1\Windows\System32\comdlg32.dll
1771	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1772	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1773	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
1774	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\comdlg32.dll'
1775	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1776	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1777	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1778	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1779	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1780	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1781	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1782	2140.19c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\comdlg32.dll) WinVerifyTrust
1783	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\comdlg32.dll
1784	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1785	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1786	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000044c pwszName=\Device\HarddiskVolume1\Windows\System32\oleaut32.dll
1787	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1788	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1789	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8A837B0D823EB506C6A4C447C1962174D27ED954
1790	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3020338~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\oleaut32.dll'
1791	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1792	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1793	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1794	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1795	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1796	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1797	2140.19c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\oleaut32.dll) WinVerifyTrust
1798	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
1799	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1800	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1801	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000464 pwszName=\Device\HarddiskVolume1\Windows\System32\ole32.dll
1802	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1803	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1804	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E93C1851E5754D607F55581B4DE2A30B711C830
1805	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3072633~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\ole32.dll'
1806	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1807	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1808	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1809	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
1810	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1811	2140.19c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ole32.dll) WinVerifyTrust
1812	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ole32.dll
1813	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1814	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1815	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000460 pwszName=\Device\HarddiskVolume1\Windows\System32\shell32.dll
1816	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1817	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1818	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FB4A0D952E568C1E85DCE662F9A066FFB2E6CE84
1819	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3080446~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume1\Windows\System32\shell32.dll'
1820	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1821	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1822	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
1823	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1824	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1825	2140.19c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\shell32.dll) WinVerifyTrust
1826	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shell32.dll
1827	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1828	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1829	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
1830	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1831	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1832	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll
1833	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1834	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1835	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
1836	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
1837	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1838	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1839	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1840	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
1841	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1842	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1843	2140.19c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust
1844	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1845	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1846	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1847	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1848	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
1849	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
1850	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1851	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1852	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1853	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1854	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1855	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
1856	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
1857	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
1858	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
1859	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
1860	2140.19c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll) WinVerifyTrust
1861	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1862	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1863	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1864	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1865	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1866	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1867	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
1868	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1869	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1870	2140.19c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll) WinVerifyTrust
1871	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1872	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1873	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1874	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
1875	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1876	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1877	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
1878	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1879	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1880	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1881	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1882	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a0 pwszName=\Device\HarddiskVolume1\Windows\System32\opengl32.dll
1883	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1884	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1885	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
1886	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\opengl32.dll'
1887	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1888	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1889	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1890	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1891	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1892	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1893	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1894	2140.19c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\opengl32.dll) WinVerifyTrust
1895	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\opengl32.dll
1896	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1897	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1898	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1899	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume1\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1900	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a8 pwszName=\Device\HarddiskVolume1\Windows\System32\ddraw.dll
1901	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1902	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1903	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
1904	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\ddraw.dll'
1905	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1906	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1907	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1908	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1909	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1910	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1911	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1912	2140.19c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ddraw.dll) WinVerifyTrust
1913	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ddraw.dll
1914	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1915	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume1\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1916	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000494 pwszName=\Device\HarddiskVolume1\Windows\System32\glu32.dll
1917	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1918	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1919	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
1920	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\glu32.dll'
1921	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1922	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1923	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1924	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1925	2140.19c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\glu32.dll) WinVerifyTrust
1926	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\glu32.dll
1927	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1928	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1929	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1930	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1931	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
1932	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1933	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1934	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1935	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1936	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
1937	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1938	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1939	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
1940	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1941	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1942	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
1943	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1944	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1945	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
1946	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1947	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1948	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
1949	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1950	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1951	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1952	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1953	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
1954	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1955	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1956	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
1957	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1958	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1959	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1960	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1961	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1962	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
1963	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1964	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1965	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1966	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1967	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1968	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1969	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
1970	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1971	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume1\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1972	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a4 pwszName=\Device\HarddiskVolume1\Windows\System32\winspool.drv
1973	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
1974	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
1975	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
1976	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\winspool.drv'
1977	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1978	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1979	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1980	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1981	2140.19c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winspool.drv) WinVerifyTrust
1982	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winspool.drv
1983	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1984	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1985	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
1986	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1987	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1988	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\imm32.dll
1989	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1990	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1991	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
1992	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1993	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume1\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1994	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\comdlg32.dll
1995	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1996	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1997	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1998	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1999	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
2000	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
2001	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
2002	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
2003	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
2004	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
2005	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
2006	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2007	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2008	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2009	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2010	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
2011	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
2012	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
2013	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2014	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2015	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2016	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2017	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2018	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2019	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
2020	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2021	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2022	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2023	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2024	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2025	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2026	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2027	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2028	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2029	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2030	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2031	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2032	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2033	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2034	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume1\Windows\System32\user32.dll
2035	2140.19c8: Error (rc=0):
2036	2140.19c8: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=16 \Device\HarddiskVolume1\Windows\System32\user32.dll
2037	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2038	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2039	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2040	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2041	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2042	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2043	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
2044	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2045	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2046	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
2047	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
2048	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
2049	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b4 pwszName=\Device\HarddiskVolume1\Windows\System32\comctl32.dll
2050	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
2051	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
2052	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
2053	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\comctl32.dll'
2054	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2055	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
2056	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
2057	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2058	2140.19c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\comctl32.dll) WinVerifyTrust
2059	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\comctl32.dll
2060	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2061	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2062	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2063	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2064	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2065	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2066	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
2067	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2068	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2069	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2070	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2071	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2072	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2073	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2074	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2075	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2076	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2077	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll
2078	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2079	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2080	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2081	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2082	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2083	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2084	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2085	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2086	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2087	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2088	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
2089	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
2090	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
2091	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2092	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2093	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
2094	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
2095	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000047c pwszName=\Device\HarddiskVolume1\Windows\System32\dwmapi.dll
2096	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
2097	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
2098	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3F3D4867E9140896E0742D7EE8AE1D01FE85ECE
2099	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3078667~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\dwmapi.dll'
2100	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2101	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2102	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
2103	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2104	2140.19c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dwmapi.dll) WinVerifyTrust
2105	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dwmapi.dll
2106	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2107	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2108	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000490 pwszName=\Device\HarddiskVolume1\Windows\System32\setupapi.dll
2109	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
2110	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
2111	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
2112	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\setupapi.dll'
2113	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2114	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
2115	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
2116	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
2117	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
2118	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
2119	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
2120	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
2121	2140.19c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\setupapi.dll) WinVerifyTrust
2122	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\setupapi.dll
2123	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2124	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2125	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
2126	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume1\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
2127	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c4 pwszName=\Device\HarddiskVolume1\Windows\System32\dciman32.dll
2128	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
2129	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
2130	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=779E327CA47BE9830D08A18EEDE8A70C3A978A3B
2131	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3087039~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume1\Windows\System32\dciman32.dll'
2132	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2133	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2134	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
2135	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2136	2140.19c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dciman32.dll) WinVerifyTrust
2137	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dciman32.dll
2138	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2139	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2140	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2141	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2142	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2143	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2144	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2145	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2146	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2147	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2148	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
2149	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume1\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
2150	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000498 pwszName=\Device\HarddiskVolume1\Windows\System32\devobj.dll
2151	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
2152	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
2153	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
2154	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\devobj.dll'
2155	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2156	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2157	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
2158	2140.19c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\devobj.dll) WinVerifyTrust
2159	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\devobj.dll
2160	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2161	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2162	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
2163	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2164	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2165	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2166	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2167	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2168	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2169	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2170	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2171	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2172	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2173	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c8 pwszName=\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
2174	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
2175	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
2176	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
2177	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll'
2178	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2179	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2180	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2181	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2182	2140.19c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll) WinVerifyTrust
2183	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
2184	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2185	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2186	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2187	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2188	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2189	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2190	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2191	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2192	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2193	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2194	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2195	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2196	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2197	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2198	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
2199	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2200	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2201	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000085d220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2202	2140.19c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.dll
2203	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fee3cd0000 LB 0x00abf000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
2204	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.dll
2205	2140.19c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
2206	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fef1840000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
2207	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
2208	2140.19c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\glu32.dll
2209	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fef1810000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
2210	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\glu32.dll
2211	2140.19c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ddraw.dll
2212	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fef1710000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
2213	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ddraw.dll
2214	2140.19c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dciman32.dll
2215	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fef3620000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
2216	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dciman32.dll
2217	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefdbb0000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
2218	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
2219	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefcdb0000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
2220	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
2221	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefcec0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
2222	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
2223	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefd0d0000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
2224	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
2225	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefcea0000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
2226	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\devobj.dll
2227	2140.19c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dwmapi.dll
2228	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefa810000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
2229	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dwmapi.dll
2230	2140.19c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
2231	2140.19c8: supR3HardenedDllNotificationCallback: load 00000000702e0000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
2232	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
2233	2140.19c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
2234	2140.19c8: supR3HardenedDllNotificationCallback: load 000000006efd0000 LB 0x0096c000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
2235	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
2236	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefd430000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
2237	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\comdlg32.dll
2238	2140.19c8: \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll: Owner is administrators group.
2239	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
2240	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
2241	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2242	2140.19c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
2243	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
2244	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fef91d0000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
2245	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
2246	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefe010000 LB 0x00d89000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
2247	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
2248	2140.19c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
2249	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefb960000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
2250	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
2251	2140.19c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winspool.drv
2252	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fef88a0000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
2253	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winspool.drv
2254	2140.19c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
2255	2140.19c8: supR3HardenedDllNotificationCallback: load 00000000735f0000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
2256	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
2257	2140.19c8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
2258	2140.19c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
2259	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\imm32.dll
2260	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2261	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2262	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2263	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2264	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2265	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2266	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000085d460:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2267	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd400000 'C:\Windows\system32\imm32.dll'
2268	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3cd0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
2269	2140.19c8: SUPR3HardenedMain: Calling TrustedMain (000007fee3cd10f0)...
2270	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
2271	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000085d220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2272	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb960000 'C:\Windows\system32\winmm.dll'
2273	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000056c pwszName=\Device\HarddiskVolume1\Windows\System32\uxtheme.dll
2274	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
2275	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
2276	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
2277	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\uxtheme.dll'
2278	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2279	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2280	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2281	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
2282	2140.19c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\uxtheme.dll) WinVerifyTrust
2283	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
2284	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2285	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2286	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2287	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2288	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2289	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2290	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008dbfd0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2291	2140.19c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
2292	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefae40000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
2293	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
2294	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae40000 'C:\Windows\system32\uxtheme.dll'
2295	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
2296	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008dbfd0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2297	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae40000 'C:\Windows\system32\uxtheme.dll'
2298	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
2299	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008dcad0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2300	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae40000 'C:\Windows\system32\uxtheme.dll'
2301	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
2302	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008dcad0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2303	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae40000 'C:\Windows\system32\uxtheme.dll'
2304	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dwmapi.dll
2305	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000085d220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2306	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa810000 'C:\Windows\system32\dwmapi.dll'
2307	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll
2308	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000085d220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2309	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc970000 'C:\Windows\system32\CRYPTBASE.dll'
2310	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
2311	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000085d220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2312	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe010000 'C:\Windows\system32\shell32.dll'
2313	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll
2314	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000085d220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2315	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076b40000 'C:\Windows\system32\kernel32.dll'
2316	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
2317	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000085d220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2318	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae40000 'C:\Windows\system32\uxtheme.dll'
2319	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
2320	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000085d220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2321	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae40000 'C:\Windows\system32\uxtheme.dll'
2322	2140.19c8: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
2323	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000085d220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2324	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
2325	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
2326	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000085d220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2327	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae40000 'C:\Windows\system32\uxtheme.dll'
2328	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdad0000 'C:\Windows\system32\advapi32.dll'
2329	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\userenv.dll
2330	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000085d220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2331	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb40000 'C:\Windows\system32\userenv.dll'
2332	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll
2333	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000085d220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2334	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076b40000 'C:\Windows\system32\kernel32.dll'
2335	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005cc pwszName=\Device\HarddiskVolume1\Windows\System32\clbcatq.dll
2336	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
2337	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
2338	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
2339	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\clbcatq.dll'
2340	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2341	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2342	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2343	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2344	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2345	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2346	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2347	2140.19c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\clbcatq.dll) WinVerifyTrust
2348	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\clbcatq.dll
2349	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2350	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2351	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2352	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2353	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
2354	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2355	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2356	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2357	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2358	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2359	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2360	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
2361	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2362	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2363	2140.19c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
2364	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000085d220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2365	2140.19c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\clbcatq.dll
2366	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefeda0000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
2367	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\clbcatq.dll
2368	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeda0000 'C:\Windows\system32\CLBCatQ.DLL'
2369	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdad0000 'C:\Windows\system32\ADVAPI32.dll'
2370	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll
2371	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000085d6a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2372	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc230000 'C:\Windows\system32\CRYPTSP.dll'
2373	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005ec pwszName=\Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll
2374	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
2375	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
2376	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
2377	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll'
2378	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2379	2140.19c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
2380	2140.19c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
2381	2140.19c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll
2382	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2383	2140.19c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2384	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000085d6a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2385	2140.19c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll
2386	2140.19c8: supR3HardenedDllNotificationCallback: load 000007fefca20000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
2387	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll
2388	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca20000 'C:\Windows\system32\RpcRtRemote.dll'
2389	2140.18a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2390	2140.18a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2391	2140.18a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2392	2140.18a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2393	2140.18a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
2394	2140.18a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
2395	2140.18a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
2396	2140.18a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
2397	2140.18a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll
2398	2140.18a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2399	2140.18a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2400	2140.18a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
2401	2140.18a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2402	2140.18a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2403	2140.18a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
2404	2140.18a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2405	2140.18a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2406	2140.18a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
2407	2140.18a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2408	2140.18a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2409	2140.18a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
2410	2140.18a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2411	2140.18a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2412	2140.18a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2413	2140.18a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2414	2140.18a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
2415	2140.18a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2416	2140.18a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2417	2140.18a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
2418	2140.18a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000890ed0:C:\Program Files\Oracle\VirtualBox;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2419	2140.18a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll
2420	2140.18a4: supR3HardenedDllNotificationCallback: load 000007fee0600000 LB 0x005d8000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
2421	2140.18a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll
2422	2140.18a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0600000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
2423	2140.18a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000650 pwszName=\Device\HarddiskVolume1\Windows\System32\msiltcfg.dll
2424	2140.18a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
2425	2140.18a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
2426	2140.18a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66DB5F28C5BA0EDD9CAD2DDAB24F1A6AD9F2B6A3
2427	2140.18a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume1\Windows\System32\msiltcfg.dll'
2428	2140.18a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2429	2140.18a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2430	2140.18a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
2431	2140.18a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'version.dll'.
2432	2140.18a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msiltcfg.dll) WinVerifyTrust
2433	2140.18a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msiltcfg.dll
2434	2140.18a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
2435	2140.18a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume1\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
2436	2140.18a4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000063c pwszName=\Device\HarddiskVolume1\Windows\System32\version.dll
2437	2140.18a4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
2438	2140.18a4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
2439	2140.18a4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A3AB94A028D0330A3DBCAE54C04C648532198DB9
2440	2140.18a4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\version.dll'
2441	2140.18a4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2442	2140.18a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
2443	2140.18a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\version.dll) WinVerifyTrust
2444	2140.18a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\version.dll
2445	2140.18a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2446	2140.18a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2447	2140.18a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2448	2140.18a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2449	2140.18a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2450	2140.18a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2451	2140.18a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msiltcfg.dll (Input=msiltcfg.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000085dd60:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2452	2140.18a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msiltcfg.dll
2453	2140.18a4: supR3HardenedDllNotificationCallback: load 000007fef3b40000 LB 0x00009000 C:\Windows\system32\msiltcfg.dll [fFlags=0x0]
2454	2140.18a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msiltcfg.dll
2455	2140.18a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\version.dll
2456	2140.18a4: supR3HardenedDllNotificationCallback: load 000007fefc800000 LB 0x0000c000 C:\Windows\system32\VERSION.dll [fFlags=0x0]
2457	2140.18a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\version.dll
2458	2140.18a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3b40000 'C:\Windows\system32\msiltcfg.dll'
2459	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff000000 'C:\Windows\system32\gdi32.dll'
2460	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
2461	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000085ddf0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2462	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe010000 'C:\Windows\system32\shell32.dll'
2463	2140.19c8: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
2464	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000085ddf0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2465	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
2466	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
2467	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000085ddf0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2468	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe010000 'C:\Windows\system32\shell32.dll'
2469	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
2470	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000085ddf0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2471	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe010000 'C:\Windows\system32\shell32.dll'
2472	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
2473	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000085ddf0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2474	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe010000 'C:\Windows\system32\shell32.dll'
2475	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe010000 'C:\Windows\system32\shell32.dll'
2476	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe010000 'C:\Windows\system32\shell32.dll'
2477	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume1\Windows\System32\user32.dll
2478	2140.19c8: Error (rc=0):
2479	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=32 \Device\HarddiskVolume1\Windows\System32\user32.dll
2480	2140.19c8: Error (rc=0):
2481	2140.19c8: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\user32.dll' (C:\Windows\system32\user32.dll): rcNt=0xc0000190
2482	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\user32.dll'
2483	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdad0000 'C:\Windows\system32\ADVAPI32.dll'
2484	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
2485	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000085ddf0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2486	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0d0000 'C:\Windows\system32\ole32.dll'
2487	2140.19c8: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [redir]
2488	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [redoing WinVerifyTrust]
2489	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e0 pwszName=\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
2490	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b58e0
2491	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b58e0
2492	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
2493	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
2494	2140.19c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2495	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
2496	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000085e030:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2497	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef91d0000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
2498	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msctf.dll
2499	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008dcce0:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2500	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee60000 'C:\Windows\system32\MSCTF.dll'
2501	2140.19c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
2502	2140.19c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.DLL (Input=OLEAUT32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000085e030:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2503	2140.19c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcec0000 'C:\Windows\system32\OLEAUT32.DLL'
2504	2140.19c8: Terminating the normal way: rcExit=1
2505	1e2c.1c48: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 11327 ms, the end);
2506	14f4.22f4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 12710 ms, the end);

Download in other formats:

Original Format