1764.1530: Log file opened: 5.0.24r108355 g_hStartupLog=00000100 g_uNtVerCombined=0x611db110 1764.1530: \SystemRoot\System32\ntdll.dll: 1764.1530: CreationTime: 2016-07-28T22:47:09.374825800Z 1764.1530: LastWriteTime: 2016-05-16T23:16:18.034093900Z 1764.1530: ChangeTime: 2016-07-28T22:50:40.018460900Z 1764.1530: FileAttributes: 0x20 1764.1530: Size: 0x140158 1764.1530: NT Headers: 0xd0 1764.1530: Timestamp: 0x573a54ca 1764.1530: Machine: 0x14c - i386 1764.1530: Timestamp: 0x573a54ca 1764.1530: Image Version: 6.1 1764.1530: SizeOfImage: 0x143000 (1323008) 1764.1530: Resource Dir: 0xe3000 LB 0x5a028 1764.1530: ProductName: Microsoft® Windows® Operating System 1764.1530: ProductVersion: 6.1.7601.23455 1764.1530: FileVersion: 6.1.7601.23455 (win7sp1_ldr.160516-0600) 1764.1530: FileDescription: NT Layer DLL 1764.1530: \SystemRoot\System32\kernel32.dll: 1764.1530: CreationTime: 2016-04-12T20:34:29.250990700Z 1764.1530: LastWriteTime: 2016-03-17T22:26:26.905000000Z 1764.1530: ChangeTime: 2016-04-13T11:20:27.026042500Z 1764.1530: FileAttributes: 0x20 1764.1530: Size: 0xd5000 1764.1530: NT Headers: 0xf0 1764.1530: Timestamp: 0x56eb2fb8 1764.1530: Machine: 0x14c - i386 1764.1530: Timestamp: 0x56eb2fb8 1764.1530: Image Version: 6.1 1764.1530: SizeOfImage: 0xd5000 (872448) 1764.1530: Resource Dir: 0xc8000 LB 0x528 1764.1530: ProductName: Microsoft® Windows® Operating System 1764.1530: ProductVersion: 6.1.7601.23392 1764.1530: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600) 1764.1530: FileDescription: Windows NT BASE API Client DLL 1764.1530: \SystemRoot\System32\KernelBase.dll: 1764.1530: CreationTime: 2016-04-12T20:34:29.627028300Z 1764.1530: LastWriteTime: 2016-03-17T22:26:26.921000000Z 1764.1530: ChangeTime: 2016-04-13T11:20:27.041642700Z 1764.1530: FileAttributes: 0x20 1764.1530: Size: 0x47e00 1764.1530: NT Headers: 0xe0 1764.1530: Timestamp: 0x56eb2fb9 1764.1530: Machine: 0x14c - i386 1764.1530: Timestamp: 0x56eb2fb9 1764.1530: Image Version: 6.1 1764.1530: SizeOfImage: 0x4b000 (307200) 1764.1530: Resource Dir: 0x47000 LB 0x530 1764.1530: ProductName: Microsoft® Windows® Operating System 1764.1530: ProductVersion: 6.1.7601.23392 1764.1530: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600) 1764.1530: FileDescription: Windows NT BASE API Client DLL 1764.1530: \SystemRoot\System32\apisetschema.dll: 1764.1530: CreationTime: 2016-07-28T22:47:08.407644400Z 1764.1530: LastWriteTime: 2016-05-16T23:14:25.755000000Z 1764.1530: ChangeTime: 2016-07-28T22:50:39.846860900Z 1764.1530: FileAttributes: 0x20 1764.1530: Size: 0x1a00 1764.1530: NT Headers: 0xc0 1764.1530: Timestamp: 0x573a5491 1764.1530: Machine: 0x14c - i386 1764.1530: Timestamp: 0x573a5491 1764.1530: Image Version: 6.1 1764.1530: SizeOfImage: 0x50000 (327680) 1764.1530: Resource Dir: 0x30000 LB 0x3f8 1764.1530: ProductName: Microsoft® Windows® Operating System 1764.1530: ProductVersion: 6.1.7601.23455 1764.1530: FileVersion: 6.1.7601.23455 (win7sp1_ldr.160516-0600) 1764.1530: FileDescription: ApiSet Schema DLL 1764.1530: supR3HardenedWinFindAdversaries: 0x0 1764.1530: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 1764.1530: Calling main() 1764.1530: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 1764.1530: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 1764.1530: SUPR3HardenedMain: Respawn #1 1764.1530: System32: \Device\HarddiskVolume2\Windows\System32 1764.1530: WinSxS: \Device\HarddiskVolume2\Windows\winsxs 1764.1530: KnownDllPath: C:\Windows\system32 1764.1530: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1764.1530: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 1764.1530: supR3HardNtEnableThreadCreation: 1764.1530: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77a14466 pvNtTerminateThread=779f77b8 1764.1530: supR3HardenedWinDoReSpawn(1): New child 1724.1580 [kernel32]. 1764.1530: supR3HardNtChildGatherData: PebBaseAddress=7ffdf000 cbPeb=0x248 1764.1530: supR3HardNtPuChFindNtdll: uNtDllParentAddr=779c0000 uNtDllChildAddr=779c0000 1764.1530: supR3HardenedWinSetupChildInit: uLdrInitThunk=77a14466 1764.1530: supR3HardenedWinSetupChildInit: Start child. 1764.1530: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 1764.1530: supR3HardNtChildPurify: Startup delay kludge #1/0: 265 ms, 0 sleeps 1764.1530: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 1764.1530: *00000000-fffeffff 0x0001/0x0000 0x0000000 1764.1530: *00010000-fffeffff 0x0004/0x0004 0x0020000 1764.1530: *00030000-0002bfff 0x0002/0x0002 0x0040000 1764.1530: 00034000-00027fff 0x0001/0x0000 0x0000000 1764.1530: *00040000-0003efff 0x0004/0x0004 0x0020000 1764.1530: 00041000-00031fff 0x0001/0x0000 0x0000000 1764.1530: *00050000-0004efff 0x0004/0x0004 0x0020000 1764.1530: 00051000-00011fff 0x0001/0x0000 0x0000000 1764.1530: *00090000-fff92fff 0x0000/0x0004 0x0020000 1764.1530: 0018d000-0018bfff 0x0104/0x0004 0x0020000 1764.1530: 0018e000-0018bfff 0x0004/0x0004 0x0020000 1764.1530: 00190000-fef7ffff 0x0001/0x0000 0x0000000 1764.1530: *013a0000-013a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1764.1530: 013a1000-01406fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1764.1530: 01407000-01407fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1764.1530: 01408000-01441fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1764.1530: 01442000-01442fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1764.1530: 01443000-01443fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1764.1530: 01444000-01444fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1764.1530: 01445000-01445fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1764.1530: 01446000-0144afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1764.1530: 0144b000-0144dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1764.1530: 0144e000-01491fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1764.1530: 01492000-8af63fff 0x0001/0x0000 0x0000000 1764.1530: *779c0000-779c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1764.1530: 779c1000-77a88fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1764.1530: 77a89000-77a8ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1764.1530: 77a90000-77a90fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1764.1530: 77a91000-77a92fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1764.1530: 77a93000-77b02fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1764.1530: 77b03000-779e5fff 0x0001/0x0000 0x0000000 1764.1530: *77c20000-77c20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll 1764.1530: 77c21000-6f891fff 0x0001/0x0000 0x0000000 1764.1530: *7ffb0000-7ff8cfff 0x0002/0x0002 0x0040000 1764.1530: 7ffd3000-7ffc7fff 0x0001/0x0000 0x0000000 1764.1530: *7ffde000-7ffdcfff 0x0004/0x0004 0x0020000 1764.1530: *7ffdf000-7ffddfff 0x0004/0x0004 0x0020000 1764.1530: *7ffe0000-7ffdefff 0x0002/0x0002 0x0020000 1764.1530: 7ffe1000-7ffd1fff 0x0001/0x0002 0x0020000 1764.1530: apisetschema.dll: timestamp 0x573a5491 (rc=VINF_SUCCESS) 1764.1530: VirtualBox.exe: timestamp 0x57729827 (rc=VINF_SUCCESS) 1764.1530: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1764.1530: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports 1764.1530: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 1764.1530: supR3HardNtChildPurify: Done after 312 ms and 0 fixes (loop #0). 1724.1580: Log file opened: 5.0.24r108355 g_hStartupLog=00000004 g_uNtVerCombined=0x611db100 1724.1580: supR3HardenedVmProcessInit: uNtDllAddr=779c0000 g_uNtVerCombined=0x611db100 1764.1530: supR3HardNtEnableThreadCreation: 1724.1580: ntdll.dll: timestamp 0x573a54ca (rc=VINF_SUCCESS) 1724.1580: New simple heap: #1 00290000 LB 0x400000 (for 1323008 allocation) 1724.1580: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 1724.1580: System32: \Device\HarddiskVolume2\Windows\System32 1724.1580: WinSxS: \Device\HarddiskVolume2\Windows\winsxs 1724.1580: KnownDllPath: C:\Windows\system32 1724.1580: supR3HardenedVmProcessInit: Opening vboxdrv stub... 1724.1580: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 1724.1580: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 1724.1580: Registered Dll notification callback with NTDLL. 1724.1580: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) 1724.1580: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll 1724.1580: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000: [calling] 1724.1580: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1724.1580: supR3HardenedDllNotificationCallback: load 774e0000 LB 0x000d5000 C:\Windows\system32\kernel32.dll [fFlags=0x0] 1724.1580: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1724.1580: supR3HardenedDllNotificationCallback: load 75c20000 LB 0x0004b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] 1724.1580: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) 1724.1580: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 1724.1580: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=774e0000 'C:\Windows\system32\kernel32.dll' 1724.1580: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77a14466 pvNtTerminateThread=779f77b8 1764.1530: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 31 ms. 1724.1580: \SystemRoot\System32\ntdll.dll: 1724.1580: CreationTime: 2016-07-28T22:47:09.374825800Z 1724.1580: LastWriteTime: 2016-05-16T23:16:18.034093900Z 1724.1580: ChangeTime: 2016-07-28T22:50:40.018460900Z 1724.1580: FileAttributes: 0x20 1724.1580: Size: 0x140158 1724.1580: NT Headers: 0xd0 1724.1580: Timestamp: 0x573a54ca 1724.1580: Machine: 0x14c - i386 1724.1580: Timestamp: 0x573a54ca 1724.1580: Image Version: 6.1 1724.1580: SizeOfImage: 0x143000 (1323008) 1724.1580: Resource Dir: 0xe3000 LB 0x5a028 1724.1580: ProductName: Microsoft® Windows® Operating System 1724.1580: ProductVersion: 6.1.7601.23455 1724.1580: FileVersion: 6.1.7601.23455 (win7sp1_ldr.160516-0600) 1724.1580: FileDescription: NT Layer DLL 1724.1580: \SystemRoot\System32\kernel32.dll: 1724.1580: CreationTime: 2016-04-12T20:34:29.250990700Z 1724.1580: LastWriteTime: 2016-03-17T22:26:26.905000000Z 1724.1580: ChangeTime: 2016-04-13T11:20:27.026042500Z 1724.1580: FileAttributes: 0x20 1724.1580: Size: 0xd5000 1724.1580: NT Headers: 0xf0 1724.1580: Timestamp: 0x56eb2fb8 1724.1580: Machine: 0x14c - i386 1724.1580: Timestamp: 0x56eb2fb8 1724.1580: Image Version: 6.1 1724.1580: SizeOfImage: 0xd5000 (872448) 1724.1580: Resource Dir: 0xc8000 LB 0x528 1724.1580: ProductName: Microsoft® Windows® Operating System 1724.1580: ProductVersion: 6.1.7601.23392 1724.1580: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600) 1724.1580: FileDescription: Windows NT BASE API Client DLL 1724.1580: \SystemRoot\System32\KernelBase.dll: 1724.1580: CreationTime: 2016-04-12T20:34:29.627028300Z 1724.1580: LastWriteTime: 2016-03-17T22:26:26.921000000Z 1724.1580: ChangeTime: 2016-04-13T11:20:27.041642700Z 1724.1580: FileAttributes: 0x20 1724.1580: Size: 0x47e00 1724.1580: NT Headers: 0xe0 1724.1580: Timestamp: 0x56eb2fb9 1724.1580: Machine: 0x14c - i386 1724.1580: Timestamp: 0x56eb2fb9 1724.1580: Image Version: 6.1 1724.1580: SizeOfImage: 0x4b000 (307200) 1724.1580: Resource Dir: 0x47000 LB 0x530 1724.1580: ProductName: Microsoft® Windows® Operating System 1724.1580: ProductVersion: 6.1.7601.23392 1724.1580: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600) 1724.1580: FileDescription: Windows NT BASE API Client DLL 1724.1580: \SystemRoot\System32\apisetschema.dll: 1724.1580: CreationTime: 2016-07-28T22:47:08.407644400Z 1724.1580: LastWriteTime: 2016-05-16T23:14:25.755000000Z 1724.1580: ChangeTime: 2016-07-28T22:50:39.846860900Z 1724.1580: FileAttributes: 0x20 1724.1580: Size: 0x1a00 1724.1580: NT Headers: 0xc0 1724.1580: Timestamp: 0x573a5491 1724.1580: Machine: 0x14c - i386 1724.1580: Timestamp: 0x573a5491 1724.1580: Image Version: 6.1 1724.1580: SizeOfImage: 0x50000 (327680) 1724.1580: Resource Dir: 0x30000 LB 0x3f8 1724.1580: ProductName: Microsoft® Windows® Operating System 1724.1580: ProductVersion: 6.1.7601.23455 1724.1580: FileVersion: 6.1.7601.23455 (win7sp1_ldr.160516-0600) 1724.1580: FileDescription: ApiSet Schema DLL 1724.1580: supR3HardenedWinFindAdversaries: 0x0 1724.1580: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 1724.1580: Calling main() 1724.1580: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 1724.1580: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 1724.1580: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1724.1580: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 1724.1580: SUPR3HardenedMain: Respawn #2 1724.1580: supR3HardNtEnableThreadCreation: 1724.1580: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll) 1724.1580: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll 1724.1580: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000: [calling] 1724.1580: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 1724.1580: supR3HardenedDllNotificationCallback: load 75810000 LB 0x0004c000 C:\Windows\system32\apphelp.dll [fFlags=0x0] 1724.1580: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 1724.1580: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75810000 'C:\Windows\system32\apphelp.dll' 1724.1580: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77a14466 pvNtTerminateThread=779f77b8 1724.1580: supR3HardenedWinDoReSpawn(2): New child 14f0.139c [kernel32]. 1724.1580: supR3HardNtChildGatherData: PebBaseAddress=7ffd5000 cbPeb=0x248 1724.1580: supR3HardNtPuChFindNtdll: uNtDllParentAddr=779c0000 uNtDllChildAddr=779c0000 1724.1580: supR3HardenedWinSetupChildInit: uLdrInitThunk=77a14466 1724.1580: supR3HardenedWinSetupChildInit: Start child. 1724.1580: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 1724.1580: supR3HardNtChildPurify: Startup delay kludge #1/0: 266 ms, 0 sleeps 1724.1580: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 1724.1580: *00000000-fffeffff 0x0001/0x0000 0x0000000 1724.1580: *00010000-fffeffff 0x0004/0x0004 0x0020000 1724.1580: *00030000-0002bfff 0x0002/0x0002 0x0040000 1724.1580: 00034000-00027fff 0x0001/0x0000 0x0000000 1724.1580: *00040000-0003efff 0x0004/0x0004 0x0020000 1724.1580: 00041000-00031fff 0x0001/0x0000 0x0000000 1724.1580: *00050000-0004efff 0x0004/0x0004 0x0020000 1724.1580: 00051000-00011fff 0x0001/0x0000 0x0000000 1724.1580: *00090000-fff92fff 0x0000/0x0004 0x0020000 1724.1580: 0018d000-0018bfff 0x0104/0x0004 0x0020000 1724.1580: 0018e000-0018bfff 0x0004/0x0004 0x0020000 1724.1580: 00190000-fef7ffff 0x0001/0x0000 0x0000000 1724.1580: *013a0000-013a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1724.1580: 013a1000-01406fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1724.1580: 01407000-01407fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1724.1580: 01408000-01441fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1724.1580: 01442000-01442fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1724.1580: 01443000-01443fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1724.1580: 01444000-01444fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1724.1580: 01445000-01445fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1724.1580: 01446000-0144afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1724.1580: 0144b000-0144dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1724.1580: 0144e000-01491fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1724.1580: 01492000-8af63fff 0x0001/0x0000 0x0000000 1724.1580: *779c0000-779c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1724.1580: 779c1000-77a88fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1724.1580: 77a89000-77a8ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1724.1580: 77a90000-77a90fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1724.1580: 77a91000-77a92fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1724.1580: 77a93000-77b02fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1724.1580: 77b03000-779e5fff 0x0001/0x0000 0x0000000 1724.1580: *77c20000-77c20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll 1724.1580: 77c21000-6f891fff 0x0001/0x0000 0x0000000 1724.1580: *7ffb0000-7ff8cfff 0x0002/0x0002 0x0040000 1724.1580: 7ffd3000-7ffd0fff 0x0001/0x0000 0x0000000 1724.1580: *7ffd5000-7ffd3fff 0x0004/0x0004 0x0020000 1724.1580: 7ffd6000-7ffccfff 0x0001/0x0000 0x0000000 1724.1580: *7ffdf000-7ffddfff 0x0004/0x0004 0x0020000 1724.1580: *7ffe0000-7ffdefff 0x0002/0x0002 0x0020000 1724.1580: 7ffe1000-7ffd1fff 0x0001/0x0002 0x0020000 1724.1580: apisetschema.dll: timestamp 0x573a5491 (rc=VINF_SUCCESS) 1724.1580: VirtualBox.exe: timestamp 0x57729827 (rc=VINF_SUCCESS) 1724.1580: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1724.1580: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports 1724.1580: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 1724.1580: supR3HardNtChildPurify: Done after 312 ms and 0 fixes (loop #0). 14f0.139c: Log file opened: 5.0.24r108355 g_hStartupLog=00000004 g_uNtVerCombined=0x611db100 14f0.139c: supR3HardenedVmProcessInit: uNtDllAddr=779c0000 g_uNtVerCombined=0x611db100 1724.1580: supR3HardenedEarlyCompact: Removed heap 1 (0x290000 LB 0x400000) 1724.1580: supR3HardNtEnableThreadCreation: 14f0.139c: ntdll.dll: timestamp 0x573a54ca (rc=VINF_SUCCESS) 14f0.139c: New simple heap: #1 00290000 LB 0x400000 (for 1323008 allocation) 14f0.139c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 14f0.139c: System32: \Device\HarddiskVolume2\Windows\System32 14f0.139c: WinSxS: \Device\HarddiskVolume2\Windows\winsxs 14f0.139c: KnownDllPath: C:\Windows\system32 14f0.139c: supR3HardenedVmProcessInit: Opening vboxdrv... 14f0.139c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 14f0.139c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 14f0.139c: Registered Dll notification callback with NTDLL. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000: [calling] 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedDllNotificationCallback: load 774e0000 LB 0x000d5000 C:\Windows\system32\kernel32.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedDllNotificationCallback: load 75c20000 LB 0x0004b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] 14f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=774e0000 'C:\Windows\system32\kernel32.dll' 14f0.139c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77a14466 pvNtTerminateThread=779f77b8 1724.1580: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 32 ms. 14f0.139c: \SystemRoot\System32\ntdll.dll: 14f0.139c: CreationTime: 2016-07-28T22:47:09.374825800Z 14f0.139c: LastWriteTime: 2016-05-16T23:16:18.034093900Z 14f0.139c: ChangeTime: 2016-07-28T22:50:40.018460900Z 14f0.139c: FileAttributes: 0x20 14f0.139c: Size: 0x140158 14f0.139c: NT Headers: 0xd0 14f0.139c: Timestamp: 0x573a54ca 14f0.139c: Machine: 0x14c - i386 14f0.139c: Timestamp: 0x573a54ca 14f0.139c: Image Version: 6.1 14f0.139c: SizeOfImage: 0x143000 (1323008) 14f0.139c: Resource Dir: 0xe3000 LB 0x5a028 14f0.139c: ProductName: Microsoft® Windows® Operating System 14f0.139c: ProductVersion: 6.1.7601.23455 14f0.139c: FileVersion: 6.1.7601.23455 (win7sp1_ldr.160516-0600) 14f0.139c: FileDescription: NT Layer DLL 14f0.139c: \SystemRoot\System32\kernel32.dll: 14f0.139c: CreationTime: 2016-04-12T20:34:29.250990700Z 14f0.139c: LastWriteTime: 2016-03-17T22:26:26.905000000Z 14f0.139c: ChangeTime: 2016-04-13T11:20:27.026042500Z 14f0.139c: FileAttributes: 0x20 14f0.139c: Size: 0xd5000 14f0.139c: NT Headers: 0xf0 14f0.139c: Timestamp: 0x56eb2fb8 14f0.139c: Machine: 0x14c - i386 14f0.139c: Timestamp: 0x56eb2fb8 14f0.139c: Image Version: 6.1 14f0.139c: SizeOfImage: 0xd5000 (872448) 14f0.139c: Resource Dir: 0xc8000 LB 0x528 14f0.139c: ProductName: Microsoft® Windows® Operating System 14f0.139c: ProductVersion: 6.1.7601.23392 14f0.139c: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600) 14f0.139c: FileDescription: Windows NT BASE API Client DLL 14f0.139c: \SystemRoot\System32\KernelBase.dll: 14f0.139c: CreationTime: 2016-04-12T20:34:29.627028300Z 14f0.139c: LastWriteTime: 2016-03-17T22:26:26.921000000Z 14f0.139c: ChangeTime: 2016-04-13T11:20:27.041642700Z 14f0.139c: FileAttributes: 0x20 14f0.139c: Size: 0x47e00 14f0.139c: NT Headers: 0xe0 14f0.139c: Timestamp: 0x56eb2fb9 14f0.139c: Machine: 0x14c - i386 14f0.139c: Timestamp: 0x56eb2fb9 14f0.139c: Image Version: 6.1 14f0.139c: SizeOfImage: 0x4b000 (307200) 14f0.139c: Resource Dir: 0x47000 LB 0x530 14f0.139c: ProductName: Microsoft® Windows® Operating System 14f0.139c: ProductVersion: 6.1.7601.23392 14f0.139c: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600) 14f0.139c: FileDescription: Windows NT BASE API Client DLL 14f0.139c: \SystemRoot\System32\apisetschema.dll: 14f0.139c: CreationTime: 2016-07-28T22:47:08.407644400Z 14f0.139c: LastWriteTime: 2016-05-16T23:14:25.755000000Z 14f0.139c: ChangeTime: 2016-07-28T22:50:39.846860900Z 14f0.139c: FileAttributes: 0x20 14f0.139c: Size: 0x1a00 14f0.139c: NT Headers: 0xc0 14f0.139c: Timestamp: 0x573a5491 14f0.139c: Machine: 0x14c - i386 14f0.139c: Timestamp: 0x573a5491 14f0.139c: Image Version: 6.1 14f0.139c: SizeOfImage: 0x50000 (327680) 14f0.139c: Resource Dir: 0x30000 LB 0x3f8 14f0.139c: ProductName: Microsoft® Windows® Operating System 14f0.139c: ProductVersion: 6.1.7601.23455 14f0.139c: FileVersion: 6.1.7601.23455 (win7sp1_ldr.160516-0600) 14f0.139c: FileDescription: ApiSet Schema DLL 14f0.139c: supR3HardenedWinFindAdversaries: 0x0 14f0.139c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 14f0.139c: Calling main() 14f0.139c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 14f0.139c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 14f0.139c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 14f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 14f0.139c: SUPR3HardenedMain: Final process, opening VBoxDrv... 14f0.139c: supR3HardenedEarlyCompact: Removed heap 1 (0x290000 LB 0x400000) 14f0.139c: supR3HardNtEnableThreadCreation: 14f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018ba75: [calling] 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedDllNotificationCallback: load 6d220000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=001894a9: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d220000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=001894a9: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d220000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d220000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll) 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll) 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 14f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll) 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll) 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll) 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d88d: [calling] 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedDllNotificationCallback: load 75970000 LB 0x0002f000 C:\Windows\system32\Wintrust.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedDllNotificationCallback: load 771f0000 LB 0x000ac000 C:\Windows\system32\msvcrt.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedDllNotificationCallback: load 759b0000 LB 0x00121000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedDllNotificationCallback: load 75940000 LB 0x0000c000 C:\Windows\system32\MSASN1.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedDllNotificationCallback: load 77770000 LB 0x000a2000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75970000 'C:\Windows\system32\Wintrust.dll' 14f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll) 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d88d: [calling] 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedDllNotificationCallback: load 75470000 LB 0x00017000 C:\Windows\system32\bcrypt.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75470000 'C:\Windows\system32\bcrypt.dll' 14f0.139c: bcrypt.dll loaded at 75470000, BCryptOpenAlgorithmProvider at 75472cda, preloading providers: 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll) 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll) 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d9f5: [calling] 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedDllNotificationCallback: load 75060000 LB 0x0003d000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedDllNotificationCallback: load 76e80000 LB 0x000a1000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll) 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll 14f0.139c: supR3HardenedDllNotificationCallback: load 771d0000 LB 0x00019000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75060000 'C:\Windows\system32\bcryptprimitives.dll' 14f0.139c: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0072dbc8) 14f0.139c: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0072e218) 14f0.139c: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0072efd0) 14f0.139c: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0072db20) 14f0.139c: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0072f120) 14f0.139c: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0072f1c0) 14f0.139c: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0072f070) 14f0.139c: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0072f330) 14f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll) 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d64d: [calling] 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedDllNotificationCallback: load 75370000 LB 0x00017000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75370000 'C:\Windows\system32\CRYPTSP.dll' 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll) 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d5e9: [calling] 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedDllNotificationCallback: load 75120000 LB 0x0003b000 C:\Windows\system32\rsaenh.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75120000 'C:\Windows\system32\rsaenh.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d0bd: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76e80000 'C:\Windows\system32\ADVAPI32.dll' 14f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll) 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d3b1: [calling] 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedDllNotificationCallback: load 75860000 LB 0x0000c000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75860000 'C:\Windows\system32\CRYPTBASE.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018ceed: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=774e0000 'C:\Windows\system32\kernel32.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d5cd: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75970000 'C:\Windows\system32\WINTRUST.DLL' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0018d411: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=759b0000 'C:\Windows\system32\CRYPT32.dll' 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'advapi32.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll) 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d54d: [calling] 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedDllNotificationCallback: load 77080000 LB 0x0002b000 C:\Windows\system32\imagehlp.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77080000 'C:\Windows\system32\imagehlp.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d5f1: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75370000 'C:\Windows\system32\CRYPTSP.dll' 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll) 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll) 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll) 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll) 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d281: [calling] 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedDllNotificationCallback: load 77b10000 LB 0x000c9000 C:\Windows\system32\USER32.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedDllNotificationCallback: load 77130000 LB 0x0004e000 C:\Windows\system32\GDI32.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedDllNotificationCallback: load 76fd0000 LB 0x0000a000 C:\Windows\system32\LPK.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedDllNotificationCallback: load 76020000 LB 0x0009d000 C:\Windows\system32\USP10.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018cb99: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77130000 'C:\Windows\system32\gdi32.dll' 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll) 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll) 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018c525: [calling] 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedDllNotificationCallback: load 77bf0000 LB 0x0001f000 C:\Windows\system32\IMM32.DLL [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedDllNotificationCallback: load 760d0000 LB 0x000cc000 C:\Windows\system32\MSCTF.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bf0000 'C:\Windows\system32\IMM32.DLL' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77b10000 'C:\Windows\system32\USER32.dll' 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll) 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d4c5: [calling] 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedDllNotificationCallback: load 75490000 LB 0x00039000 C:\Windows\system32\ncrypt.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75490000 'C:\Windows\system32\ncrypt.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d51d: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75470000 'C:\Windows\system32\bcrypt.dll' 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'profapi.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll) 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll) 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018cdb1: [calling] 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedDllNotificationCallback: load 75b40000 LB 0x00017000 C:\Windows\system32\USERENV.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedDllNotificationCallback: load 75950000 LB 0x0000b000 C:\Windows\system32\profapi.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75b40000 'C:\Windows\system32\USERENV.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0018cd81: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=771d0000 'API-MS-Win-Security-SDDL-L1-1-0.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0018d195: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=771d0000 'API-MS-Win-Security-SDDL-L1-1-0.dll' 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll) 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d285: [calling] 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedDllNotificationCallback: load 74f20000 LB 0x00016000 C:\Windows\system32\GPAPI.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74f20000 'C:\Windows\system32\GPAPI.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0018d201: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=771d0000 'API-MS-WIN-Service-Management-L1-1-0.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018ccb9: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77770000 'C:\Windows\system32\rpcrt4.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0018d1dd: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=771d0000 'API-MS-WIN-Service-Management-L2-1-0.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0018d1d5: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=771d0000 'API-MS-Win-Security-SDDL-L1-1-0.dll' 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'crypt32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'wldap32.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll) 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll) 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d075: [calling] 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedDllNotificationCallback: load 72e70000 LB 0x0001d000 C:\Windows\system32\cryptnet.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedDllNotificationCallback: load 77180000 LB 0x00045000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0018c799: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72e70000 'C:\Windows\system32\cryptnet.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0018c799: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72e70000 'C:\Windows\system32\cryptnet.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0018c799: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72e70000 'C:\Windows\system32\cryptnet.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0018c799: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72e70000 'C:\Windows\system32\cryptnet.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0018c795: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72e70000 'C:\Windows\system32\cryptnet.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0018c795: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72e70000 'C:\Windows\system32\cryptnet.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72e70000 'C:\Windows\system32\cryptnet.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72e70000 'C:\Windows\system32\cryptnet.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72e70000 'C:\Windows\system32\cryptnet.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72e70000 'C:\Windows\system32\cryptnet.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72e70000 'C:\Windows\system32\cryptnet.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72e70000 'C:\Windows\system32\cryptnet.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72e70000 'C:\Windows\system32\cryptnet.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0018cc75: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=771d0000 'API-MS-Win-Security-SDDL-L1-1-0.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018cc85: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75950000 'C:\Windows\system32\profapi.dll' 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll) 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018cb49: [calling] 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedDllNotificationCallback: load 76f30000 LB 0x00057000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76f30000 'C:\Windows\system32\SHLWAPI.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000 pwszName=\SystemRoot\System32\ntdll.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: New context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=258AECABC1B39BE7A51E0245C37AC1C494AB11C4 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0018cca1: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=771d0000 'API-MS-Win-Security-SDDL-L1-1-0.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0018c831: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=771d0000 'API-MS-WIN-Service-Management-L1-1-0.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0018c82d: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=771d0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018cc95: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76e80000 'C:\Windows\system32\ADVAPI32.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0018cc75: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=771d0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0018cab5: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=771d0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB3172605~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\SystemRoot\System32\ntdll.dll' 14f0.139c: g_pfnWinVerifyTrust=7597273a 14f0.139c: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust] 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AA9F4D26D8B58751CB60C923B73ECFA7FE46B691 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_125_for_KB3172605~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' 14f0.139c: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust] 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F3E3B0E8B3F0B48C48571F1E10AB52986C32F1B 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB3172605~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000394 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A97620B38393821964747185BD0CFB4FF244F0A 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000388 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4274E678F4A09F0955B304F45CFA0547B0F86BC7 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000384 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C6BA55D75027A4D8F8ADFA0DFAA3F021D77FCF36 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB3172605~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000260 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=647D940F193F2577854A0092E0E104723ADB3326 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_76_for_KB3159398~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001cc pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D9A4C90615FC5B5674208A5401C018FEA2A04A4B 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001c8 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=21925C895DA97CB66CCC5FBA910D9ABD265AA276 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001b4 pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3ED4B4350DD7AD71402DC9ECF32453602E8624F 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB3172605~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000019c pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=21CC868DE3508F5C6F6D348B324C1E8AB2969CC6 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3033889~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000198 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB8862BB29C3F539B9BF3A9E49EBC509A515AC5C 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000194 pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=620B58DF939ECB4E691974D32E1363C8F89396C3 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3108670~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000190 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D7EA395BBA2494B31A6E9E75F84367769603A86B 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3164033~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000018c pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5B8D3604000ED15CBB49FB2FA6FE8FF051CD4FCD 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3164035~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000188 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=44098F3B14959897BB848F81A735A1BE83CB369F 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3109094~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000184 pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D59F877FD4F27652A01B1936874AFAF3A55572A8 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000138 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FA30F13B69B382CCE056E1FA0B537B7B77E385C8 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB3172605~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll' 14f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000134 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EFE6B29BE955FB2D869F3B57909DF90693FBBCEB 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_57_for_KB3033929~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000124 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=27AAFBF501C7D0BDB48FEA759DB4257783E5749A 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_38_for_KB3068708~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000120 pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E5D3F6BAE44924FCA30C85EAE673435184306700 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_128_for_KB3172605~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' 14f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000108 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F0BAB1EFD5C685AC53B020519B5A6984B19E5071 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000e8 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=50B466D5DDEDD2D1A524F20B8873F187B62AA69F 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2654428~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7068F2E1634BBD478D1FBCF4C463626913EA7285 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=50D61CCF56CBB6FD547B8863E06BF117FBE6F205 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB3172605~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' 14f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000024 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=78C215A477EBDED3EA92050D73AD064D4DACAF04 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_41_for_KB3146706~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000001c pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9560523695751C7D7E357112D9C665B53216B2EE 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_41_for_KB3146706~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018c5dd: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=759b0000 'C:\Windows\system32\crypt32.dll' 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xbc477be89bbce158 C=US, CN=Default CA 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xd96baae6fa45b277 C=US, CN=Default CA 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp. 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x91e3728b8b40d000 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048) 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x30669a4e82fa800 C=US, O=America Online Inc., CN=America Online Root Certification Authority 1 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x20b7075b3689b600 C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xe66b56ffc86e50a4 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, Email=server-certs@thawte.com 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3 14f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root 14f0.139c: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=52 14f0.139c: SUPR3HardenedMain: Load Runtime... 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000458 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9F5903563880A7F4C5D5D3DB2B4AF4CE300C2515 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3161949~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'nsi.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 14f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000460 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B5C25EDD170A1CAACC3D49C508AB6F58BD6DE6E2 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018c68d: [calling] 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 14f0.139c: supR3HardenedDllNotificationCallback: load 51200000 LB 0x0041c000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 14f0.139c: supR3HardenedDllNotificationCallback: load 523a0000 LB 0x000bf000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 14f0.139c: supR3HardenedDllNotificationCallback: load 52ef0000 LB 0x00069000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 14f0.139c: supR3HardenedDllNotificationCallback: load 76f90000 LB 0x00035000 C:\Windows\system32\WS2_32.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 14f0.139c: supR3HardenedDllNotificationCallback: load 760c0000 LB 0x00006000 C:\Windows\system32\NSI.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018a071: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018a071: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018a071: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018a071: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018a071: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018a071: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018a071: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018a071: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018e355: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75970000 'C:\Windows\system32\Wintrust.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d0b5: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=759b0000 'C:\Windows\system32\crypt32.dll' 14f0.139c: SUPR3HardenedMain: Load TrustedMain... 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtcorevbox4.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtguivbox4.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004a4 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0907A64D7756C59C69C1DFBD06460EC89D3A8FBD 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000484 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0B7E0F9A1230AA2EF739E460514A16F91C90D9AD 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB3172605~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'gdi32.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000498 pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3C9D7CD58447116AAADAA6F63A2561531EA95B33 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_41_for_KB3146706~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000048c pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2AC7204B7EC1505A1AFCF380109E511193D585D0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_40_for_KB3123862~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll) WinVerifyTrust 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll) WinVerifyTrust 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004e0 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4C7570E385B8CF66CB40344231F3E0AA4189574F 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004d4 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6D0AC3B30C2D6C734EBBA3E99BF60B93FDF28E33 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004d0 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8AAE7D02045ADA954DBE714C716FEAB98D1A54F0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004ec pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B39657B6044CE5C98BB9FC443679CBDE0E6BE222 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004b8 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1C456ACB19416C5E733133B4582891146F151614 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0] 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004bc pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6F6BC11030E34EE31C1BFA1892BB38C959ED836D 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3059317~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004dc pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=16BBD8EF93DEB2283AA2548BAF76579D798DC50D 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3078667~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004e4 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=07B90F6FCFF3E079727E8F6884115307C6E5BA41 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000508 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=55B617014CE98D8F12CB631212573AF95C0F0FCE 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3164033~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000510 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EE1631BE6E86D9131380E981EC05320E6DF3FD3A 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'cfgmgr32.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000504 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A2D26C675A9F5FB0ABA919E9F71726151CB174F1 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) WinVerifyTrust 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018c691: [calling] 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll 14f0.139c: supR3HardenedDllNotificationCallback: load 503b0000 LB 0x00815000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll 14f0.139c: supR3HardenedDllNotificationCallback: load 51e30000 LB 0x000c8000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll 14f0.139c: supR3HardenedDllNotificationCallback: load 60d30000 LB 0x00022000 C:\Windows\system32\GLU32.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll 14f0.139c: supR3HardenedDllNotificationCallback: load 63b90000 LB 0x000e7000 C:\Windows\system32\DDRAW.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll 14f0.139c: supR3HardenedDllNotificationCallback: load 68e40000 LB 0x00006000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll 14f0.139c: supR3HardenedDllNotificationCallback: load 77820000 LB 0x0019d000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll 14f0.139c: supR3HardenedDllNotificationCallback: load 75b00000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll 14f0.139c: supR3HardenedDllNotificationCallback: load 76fe0000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 14f0.139c: supR3HardenedDllNotificationCallback: load 75c70000 LB 0x0015d000 C:\Windows\system32\ole32.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 14f0.139c: supR3HardenedDllNotificationCallback: load 75b70000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll 14f0.139c: supR3HardenedDllNotificationCallback: load 73d70000 LB 0x00013000 C:\Windows\system32\dwmapi.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 14f0.139c: supR3HardenedDllNotificationCallback: load 51820000 LB 0x00216000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll 14f0.139c: supR3HardenedDllNotificationCallback: load 739b0000 LB 0x00007000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll 14f0.139c: supR3HardenedDllNotificationCallback: load 50f80000 LB 0x00274000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll 14f0.139c: supR3HardenedDllNotificationCallback: load 640b0000 LB 0x00810000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll 14f0.139c: supR3HardenedDllNotificationCallback: load 770b0000 LB 0x0007b000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll) 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll 14f0.139c: supR3HardenedDllNotificationCallback: load 70af0000 LB 0x00084000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\COMCTL32.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll [avoiding WinVerifyTrust] 14f0.139c: supR3HardenedDllNotificationCallback: load 76230000 LB 0x00c4c000 C:\Windows\system32\SHELL32.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll 14f0.139c: supR3HardenedDllNotificationCallback: load 73e60000 LB 0x00032000 C:\Windows\system32\WINMM.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv 14f0.139c: supR3HardenedDllNotificationCallback: load 74e50000 LB 0x00051000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll 14f0.139c: supR3HardenedDllNotificationCallback: load 52020000 LB 0x000c1000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll 14f0.139c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll' [rescheduled] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018c071: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bf0000 'C:\Windows\system32\imm32.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=503b0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll' 14f0.139c: SUPR3HardenedMain: Calling TrustedMain (503b1040)... 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018f565: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73e60000 'C:\Windows\system32\winmm.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000005a8 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BCFB3B3EDEC8C54A3B95DACAFC19DCB9EA6969BD 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018efed: [calling] 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 14f0.139c: supR3HardenedDllNotificationCallback: load 740f0000 LB 0x00040000 C:\Windows\system32\uxtheme.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=740f0000 'C:\Windows\system32\uxtheme.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018ec29: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=740f0000 'C:\Windows\system32\uxtheme.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018e9f5: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=740f0000 'C:\Windows\system32\uxtheme.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018e9f5: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=740f0000 'C:\Windows\system32\uxtheme.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018ee5d: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73d70000 'C:\Windows\system32\dwmapi.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018f305: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75860000 'C:\Windows\system32\CRYPTBASE.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018f445: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76230000 'C:\Windows\system32\shell32.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018f3fd: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=774e0000 'C:\Windows\system32\kernel32.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018f43d: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=740f0000 'C:\Windows\system32\uxtheme.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018f465: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=740f0000 'C:\Windows\system32\uxtheme.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018f4f5: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77b10000 'C:\Windows\system32\user32.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018f529: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=740f0000 'C:\Windows\system32\uxtheme.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77b10000 'C:\Windows\system32\user32.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76e80000 'C:\Windows\system32\advapi32.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018f4f5: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75b40000 'C:\Windows\system32\userenv.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018f4f5: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=774e0000 'C:\Windows\system32\kernel32.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000608 pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B560B8A95D275325C41DE5897E348BE60192127E 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) WinVerifyTrust 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d2bd: [calling] 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll 14f0.139c: supR3HardenedDllNotificationCallback: load 761a0000 LB 0x00083000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=761a0000 'C:\Windows\system32\CLBCatQ.DLL' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76e80000 'C:\Windows\system32\ADVAPI32.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018c5ad: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75370000 'C:\Windows\system32\CRYPTSP.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000628 pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A397FD418538BAA1CB6D18B348447E74938F66EA 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'. 14f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll) WinVerifyTrust 14f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018c2dd: [calling] 14f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll 14f0.139c: supR3HardenedDllNotificationCallback: load 758d0000 LB 0x0000e000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=758d0000 'C:\Windows\system32\RpcRtRemote.dll' 14f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 14f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 14f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'. 14f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'. 14f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. 14f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. 14f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'. 14f0.17c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust 14f0.17c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 14f0.17c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 14f0.17c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14f0.17c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 14f0.17c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 14f0.17c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 14f0.17c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0395f0fd: [calling] 14f0.17c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll 14f0.17c0: supR3HardenedDllNotificationCallback: load 0f9e0000 LB 0x00451000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0] 14f0.17c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll 14f0.17c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0f9e0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll' 14f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000068c pwszName=\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll 14f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AAE8C73E319858922705A3CB3C7B14413A48F03C 14f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll' 14f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 14f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'version.dll'. 14f0.17c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll) WinVerifyTrust 14f0.17c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'... 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008] 14f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000678 pwszName=\Device\HarddiskVolume2\Windows\System32\version.dll 14f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87F58E3B93CDFEB987BC8B5880D3F0366E3D8203 14f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\version.dll' 14f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 14f0.17c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\version.dll) WinVerifyTrust 14f0.17c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.17c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msiltcfg.dll (Input=msiltcfg.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0395e139: [calling] 14f0.17c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll 14f0.17c0: supR3HardenedDllNotificationCallback: load 6dc30000 LB 0x00007000 C:\Windows\system32\msiltcfg.dll [fFlags=0x0] 14f0.17c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll 14f0.17c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll 14f0.17c0: supR3HardenedDllNotificationCallback: load 74ed0000 LB 0x00009000 C:\Windows\system32\VERSION.dll [fFlags=0x0] 14f0.17c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll 14f0.17c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6dc30000 'C:\Windows\system32\msiltcfg.dll' 14f0.17c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77b10000 'C:\Windows\system32\user32.dll' 14f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000006ac pwszName=\Device\HarddiskVolume2\Windows\System32\msi.dll 14f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DED47079BA06FD37B0405BBE7F688D1DC3CE7B96 14f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB3172605~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\msi.dll' 14f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 14f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 14f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 14f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'shell32.dll'. 14f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'. 14f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 14f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shlwapi.dll'. 14f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'. 14f0.17c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msi.dll) WinVerifyTrust 14f0.17c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msi.dll 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 14f0.17c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 14f0.17c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 14f0.17c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 14f0.17c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 14f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 14f0.17c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msi.dll (Input=msi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0395e111: [calling] 14f0.17c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msi.dll 14f0.17c0: supR3HardenedDllNotificationCallback: load 6f510000 LB 0x00246000 C:\Windows\system32\msi.dll [fFlags=0x0] 14f0.17c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msi.dll 14f0.17c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6f510000 'C:\Windows\system32\msi.dll' 14f0.17c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll 14f0.17c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msiltcfg.dll (Input=msiltcfg.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0395e111: [calling] 14f0.17c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6dc30000 'C:\Windows\system32\msiltcfg.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77130000 'C:\Windows\system32\gdi32.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d125: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76230000 'C:\Windows\system32\shell32.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018cbcd: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d141: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76230000 'C:\Windows\system32\shell32.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d125: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76230000 'C:\Windows\system32\shell32.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76230000 'C:\Windows\system32\shell32.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76230000 'C:\Windows\system32\shell32.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76230000 'C:\Windows\system32\shell32.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77b10000 'C:\Windows\system32\user32.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76e80000 'C:\Windows\system32\ADVAPI32.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018c649: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75c70000 'C:\Windows\system32\ole32.dll' 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018cb65: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=760d0000 'C:\Windows\system32\MSCTF.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll' [redir] 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll [redoing WinVerifyTrust] 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000520 pwszName=\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6F6BC11030E34EE31C1BFA1892BB38C959ED836D 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3059317~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll' 14f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 14f0.139c: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0018b045: [calling] 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=70af0000 'C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll' 14f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77b10000 'C:\Windows\system32\User32.dll' 14f0.139c: Terminating the normal way: rcExit=1 1724.1580: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 106471 ms, the end); 1764.1530: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 106830 ms, the end);