API tools faq
paste
Advertisement
Guest User

VBoxHardening.log

a guest
Apr 23rd, 2018
336
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 431.08 KB | None | 0 0
raw download clone embed print report
  1. 510.1fd0: Log file opened: 5.2.8r121009 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
  2. 510.1fd0: \SystemRoot\System32\ntdll.dll:
  3. 510.1fd0: CreationTime: 2014-07-29T15:15:12.093598700Z
  4. 510.1fd0: LastWriteTime: 2013-08-29T02:16:35.515578900Z
  5. 510.1fd0: ChangeTime: 2014-07-29T15:42:24.768970900Z
  6. 510.1fd0: FileAttributes: 0x20
  7. 510.1fd0: Size: 0x1a6dc0
  8. 510.1fd0: NT Headers: 0xe0
  9. 510.1fd0: Timestamp: 0x521eaf24
  10. 510.1fd0: Machine: 0x8664 - amd64
  11. 510.1fd0: Timestamp: 0x521eaf24
  12. 510.1fd0: Image Version: 6.1
  13. 510.1fd0: SizeOfImage: 0x1a9000 (1740800)
  14. 510.1fd0: Resource Dir: 0x151000 LB 0x560d8
  15. 510.1fd0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
  16. 510.1fd0: [Raw version resource data: 0x1510f0 LB 0x380, codepage 0x0 (reserved 0x0)]
  17. 510.1fd0: ProductName: Microsoft® Windows® Operating System
  18. 510.1fd0: ProductVersion: 6.1.7601.18247
  19. 510.1fd0: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532)
  20. 510.1fd0: FileDescription: NT Layer DLL
  21. 510.1fd0: \SystemRoot\System32\kernel32.dll:
  22. 510.1fd0: CreationTime: 2014-07-29T15:11:12.789178400Z
  23. 510.1fd0: LastWriteTime: 2014-03-04T09:44:00.336000000Z
  24. 510.1fd0: ChangeTime: 2014-07-29T15:42:24.035769600Z
  25. 510.1fd0: FileAttributes: 0x20
  26. 510.1fd0: Size: 0x11c000
  27. 510.1fd0: NT Headers: 0xe8
  28. 510.1fd0: Timestamp: 0x5315a059
  29. 510.1fd0: Machine: 0x8664 - amd64
  30. 510.1fd0: Timestamp: 0x5315a059
  31. 510.1fd0: Image Version: 6.1
  32. 510.1fd0: SizeOfImage: 0x11f000 (1175552)
  33. 510.1fd0: Resource Dir: 0x116000 LB 0x528
  34. 510.1fd0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
  35. 510.1fd0: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
  36. 510.1fd0: ProductName: Microsoft® Windows® Operating System
  37. 510.1fd0: ProductVersion: 6.1.7601.18409
  38. 510.1fd0: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
  39. 510.1fd0: FileDescription: Windows NT BASE API Client DLL
  40. 510.1fd0: \SystemRoot\System32\KernelBase.dll:
  41. 510.1fd0: CreationTime: 2014-07-29T15:50:33.070665800Z
  42. 510.1fd0: LastWriteTime: 2014-03-04T09:44:00.336000000Z
  43. 510.1fd0: ChangeTime: 2014-07-29T15:55:55.374432100Z
  44. 510.1fd0: FileAttributes: 0x20
  45. 510.1fd0: Size: 0x67c00
  46. 510.1fd0: NT Headers: 0xe8
  47. 510.1fd0: Timestamp: 0x5315a05a
  48. 510.1fd0: Machine: 0x8664 - amd64
  49. 510.1fd0: Timestamp: 0x5315a05a
  50. 510.1fd0: Image Version: 6.1
  51. 510.1fd0: SizeOfImage: 0x6c000 (442368)
  52. 510.1fd0: Resource Dir: 0x6a000 LB 0x530
  53. 510.1fd0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
  54. 510.1fd0: [Raw version resource data: 0x6a0b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
  55. 510.1fd0: ProductName: Microsoft® Windows® Operating System
  56. 510.1fd0: ProductVersion: 6.1.7601.18409
  57. 510.1fd0: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
  58. 510.1fd0: FileDescription: Windows NT BASE API Client DLL
  59. 510.1fd0: \SystemRoot\System32\apisetschema.dll:
  60. 510.1fd0: CreationTime: 2014-07-29T15:14:28.210721700Z
  61. 510.1fd0: LastWriteTime: 2013-08-02T02:12:20.275000000Z
  62. 510.1fd0: ChangeTime: 2014-07-29T15:42:25.455372100Z
  63. 510.1fd0: FileAttributes: 0x20
  64. 510.1fd0: Size: 0x1a00
  65. 510.1fd0: NT Headers: 0xc0
  66. 510.1fd0: Timestamp: 0x51fb15ca
  67. 510.1fd0: Machine: 0x8664 - amd64
  68. 510.1fd0: Timestamp: 0x51fb15ca
  69. 510.1fd0: Image Version: 6.1
  70. 510.1fd0: SizeOfImage: 0x50000 (327680)
  71. 510.1fd0: Resource Dir: 0x30000 LB 0x3f8
  72. 510.1fd0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  73. 510.1fd0: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
  74. 510.1fd0: ProductName: Microsoft® Windows® Operating System
  75. 510.1fd0: ProductVersion: 6.1.7601.18229
  76. 510.1fd0: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
  77. 510.1fd0: FileDescription: ApiSet Schema DLL
  78. 510.1fd0: supR3HardenedWinFindAdversaries: 0x88
  79. 510.1fd0: \SystemRoot\System32\drivers\tmcomm.sys:
  80. 510.1fd0: CreationTime: 2017-04-13T02:38:07.967000100Z
  81. 510.1fd0: LastWriteTime: 2016-08-22T19:20:54.000000000Z
  82. 510.1fd0: ChangeTime: 2017-04-13T02:44:35.055140200Z
  83. 510.1fd0: FileAttributes: 0x20
  84. 510.1fd0: Size: 0x512e0
  85. 510.1fd0: NT Headers: 0xe8
  86. 510.1fd0: Timestamp: 0x57a30a7f
  87. 510.1fd0: Machine: 0x8664 - amd64
  88. 510.1fd0: Timestamp: 0x57a30a7f
  89. 510.1fd0: Image Version: 6.0
  90. 510.1fd0: SizeOfImage: 0x52000 (335872)
  91. 510.1fd0: Resource Dir: 0x50000 LB 0x758
  92. 510.1fd0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  93. 510.1fd0: [Raw version resource data: 0x50060 LB 0x6f8, codepage 0x0 (reserved 0x0)]
  94. 510.1fd0: ProductName: Trend Micro Eyes
  95. 510.1fd0: ProductVersion: 6.70
  96. 510.1fd0: FileVersion: 6.70.0.1098
  97. 510.1fd0: SpecialBuild: 1098
  98. 510.1fd0: PrivateBuild: Build 1098 - 8/4/2016
  99. 510.1fd0: FileDescription: TrendMicro Common Module
  100. 510.1fd0: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
  101. 510.1fd0: CreationTime: 2018-04-06T14:09:49.814773500Z
  102. 510.1fd0: LastWriteTime: 2018-04-16T03:50:05.507809600Z
  103. 510.1fd0: ChangeTime: 2018-04-16T03:50:05.710821200Z
  104. 510.1fd0: FileAttributes: 0x20
  105. 510.1fd0: Size: 0x3dee0
  106. 510.1fd0: NT Headers: 0x110
  107. 510.1fd0: Timestamp: 0x5aa00b51
  108. 510.1fd0: Machine: 0x8664 - amd64
  109. 510.1fd0: Timestamp: 0x5aa00b51
  110. 510.1fd0: Image Version: 6.3
  111. 510.1fd0: SizeOfImage: 0x40000 (262144)
  112. 510.1fd0: Resource Dir: 0x3e000 LB 0x3b8
  113. 510.1fd0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  114. 510.1fd0: [Raw version resource data: 0x3e060 LB 0x358, codepage 0x0 (reserved 0x0)]
  115. 510.1fd0: ProductName: Malwarebytes SwissArmy
  116. 510.1fd0: ProductVersion: 4.2.0.150
  117. 510.1fd0: FileVersion: 4.2.0.150
  118. 510.1fd0: FileDescription: Malwarebytes SwissArmy
  119. 510.1fd0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume7\apps\virtualbox'
  120. 510.1fd0: Calling main()
  121. 510.1fd0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
  122. 510.1fd0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume7\apps\virtualbox'
  123. 510.1fd0: SUPR3HardenedMain: Respawn #1
  124. 510.1fd0: System32: \Device\HarddiskVolume2\Windows\System32
  125. 510.1fd0: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
  126. 510.1fd0: KnownDllPath: C:\Windows\system32
  127. 510.1fd0: '\Device\HarddiskVolume7\apps\virtualbox\VirtualBox.exe' has no imports
  128. 510.1fd0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\apps\virtualbox\VirtualBox.exe)
  129. 510.1fd0: supR3HardNtEnableThreadCreation:
  130. 510.1fd0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077adc340 pvNtTerminateThread=0000000077b017e0
  131. 510.1fd0: supR3HardenedWinDoReSpawn(1): New child 1890.d3c [kernel32].
  132. 510.1fd0: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd8000 cbPeb=0x380
  133. 510.1fd0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077ab0000 uNtDllChildAddr=0000000077ab0000
  134. 510.1fd0: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077adc340
  135. 510.1fd0: supR3HardenedWinSetupChildInit: Start child.
  136. 510.1fd0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
  137. 510.1fd0: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 60 sleeps
  138. 510.1fd0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
  139. 510.1fd0: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
  140. 510.1fd0: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
  141. 510.1fd0: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
  142. 510.1fd0: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
  143. 510.1fd0: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
  144. 510.1fd0: 0000000000041000-000000000015ffff 0x0001/0x0000 0x0000000
  145. 510.1fd0: *0000000000160000-000000000025bfff 0x0000/0x0004 0x0020000
  146. 510.1fd0: 000000000025c000-000000000025dfff 0x0104/0x0004 0x0020000
  147. 510.1fd0: 000000000025e000-000000000025ffff 0x0004/0x0004 0x0020000
  148. 510.1fd0: 0000000000260000-0000000077aaffff 0x0001/0x0000 0x0000000
  149. 510.1fd0: *0000000077ab0000-0000000077ab0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
  150. 510.1fd0: 0000000077ab1000-0000000077bb2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
  151. 510.1fd0: 0000000077bb3000-0000000077be1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
  152. 510.1fd0: 0000000077be2000-0000000077be9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
  153. 510.1fd0: 0000000077bea000-0000000077beafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
  154. 510.1fd0: 0000000077beb000-0000000077bedfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
  155. 510.1fd0: 0000000077bee000-0000000077c58fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
  156. 510.1fd0: 0000000077c59000-000000007efdffff 0x0001/0x0000 0x0000000
  157. 510.1fd0: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
  158. 510.1fd0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
  159. 510.1fd0: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
  160. 510.1fd0: 000000007fff0000-000000013f18ffff 0x0001/0x0000 0x0000000
  161. 510.1fd0: *000000013f190000-000000013f190fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\apps\virtualbox\VirtualBox.exe
  162. 510.1fd0: 000000013f191000-000000013f201fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\apps\virtualbox\VirtualBox.exe
  163. 510.1fd0: 000000013f202000-000000013f202fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume7\apps\virtualbox\VirtualBox.exe
  164. 510.1fd0: 000000013f203000-000000013f248fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\apps\virtualbox\VirtualBox.exe
  165. 510.1fd0: 000000013f249000-000000013f249fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\apps\virtualbox\VirtualBox.exe
  166. 510.1fd0: 000000013f24a000-000000013f24afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\apps\virtualbox\VirtualBox.exe
  167. 510.1fd0: 000000013f24b000-000000013f24ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\apps\virtualbox\VirtualBox.exe
  168. 510.1fd0: 000000013f250000-000000013f250fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\apps\virtualbox\VirtualBox.exe
  169. 510.1fd0: 000000013f251000-000000013f251fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\apps\virtualbox\VirtualBox.exe
  170. 510.1fd0: 000000013f252000-000000013f255fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\apps\virtualbox\VirtualBox.exe
  171. 510.1fd0: 000000013f256000-000000013f29dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\apps\virtualbox\VirtualBox.exe
  172. 510.1fd0: 000000013f29e000-000007feffdcffff 0x0001/0x0000 0x0000000
  173. 510.1fd0: *000007feffdd0000-000007feffdd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
  174. 510.1fd0: 000007feffdd1000-000007fffffaffff 0x0001/0x0000 0x0000000
  175. 510.1fd0: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
  176. 510.1fd0: 000007fffffd3000-000007fffffd7fff 0x0001/0x0000 0x0000000
  177. 510.1fd0: *000007fffffd8000-000007fffffd8fff 0x0004/0x0004 0x0020000
  178. 510.1fd0: 000007fffffd9000-000007fffffddfff 0x0001/0x0000 0x0000000
  179. 510.1fd0: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000
  180. 510.1fd0: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
  181. 510.1fd0: apisetschema.dll: timestamp 0x51fb15ca (rc=VINF_SUCCESS)
  182. 510.1fd0: VirtualBox.exe: timestamp 0x5a942b95 (rc=VINF_SUCCESS)
  183. 510.1fd0: '\Device\HarddiskVolume7\apps\virtualbox\VirtualBox.exe' has no imports
  184. 510.1fd0: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
  185. 510.1fd0: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
  186. 510.1fd0: supR3HardNtChildPurify: Done after 577 ms and 0 fixes (loop #0).
  187. 1890.d3c: Log file opened: 5.2.8r121009 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
  188. 1890.d3c: supR3HardenedVmProcessInit: uNtDllAddr=0000000077ab0000 g_uNtVerCombined=0x611db100
  189. 1890.d3c: ntdll.dll: timestamp 0x521eaf24 (rc=VINF_SUCCESS)
  190. 1890.d3c: New simple heap: #1 0000000000260000 LB 0x400000 (for 1740800 allocation)
  191. 510.1fd0: supR3HardNtEnableThreadCreation:
  192. 1890.d3c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume7\apps\virtualbox'
  193. 1890.d3c: System32: \Device\HarddiskVolume2\Windows\System32
  194. 1890.d3c: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
  195. 1890.d3c: KnownDllPath: C:\Windows\system32
  196. 1890.d3c: supR3HardenedVmProcessInit: Opening vboxdrv stub...
  197. 1890.d3c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
  198. 1890.d3c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
  199. 1890.d3c: Registered Dll notification callback with NTDLL.
  200. 1890.d3c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
  201. 1890.d3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
  202. 1890.d3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
  203. 1890.d3c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  204. 1890.d3c: supR3HardenedDllNotificationCallback: load 0000000077990000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
  205. 1890.d3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  206. 1890.d3c: supR3HardenedDllNotificationCallback: load 000007fefd9e0000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
  207. 1890.d3c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
  208. 1890.d3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
  209. 1890.d3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077990000 'C:\Windows\system32\kernel32.dll'
  210. 1890.d3c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077adc340 pvNtTerminateThread=0000000077b017e0
  211. 510.1fd0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 62 ms.
  212. 1890.d3c: \SystemRoot\System32\ntdll.dll:
  213. 1890.d3c: CreationTime: 2014-07-29T15:15:12.093598700Z
  214. 1890.d3c: LastWriteTime: 2013-08-29T02:16:35.515578900Z
  215. 1890.d3c: ChangeTime: 2014-07-29T15:42:24.768970900Z
  216. 1890.d3c: FileAttributes: 0x20
  217. 1890.d3c: Size: 0x1a6dc0
  218. 1890.d3c: NT Headers: 0xe0
  219. 1890.d3c: Timestamp: 0x521eaf24
  220. 1890.d3c: Machine: 0x8664 - amd64
  221. 1890.d3c: Timestamp: 0x521eaf24
  222. 1890.d3c: Image Version: 6.1
  223. 1890.d3c: SizeOfImage: 0x1a9000 (1740800)
  224. 1890.d3c: Resource Dir: 0x151000 LB 0x560d8
  225. 1890.d3c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
  226. 1890.d3c: [Raw version resource data: 0x1510f0 LB 0x380, codepage 0x0 (reserved 0x0)]
  227. 1890.d3c: ProductName: Microsoft® Windows® Operating System
  228. 1890.d3c: ProductVersion: 6.1.7601.18247
  229. 1890.d3c: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532)
  230. 1890.d3c: FileDescription: NT Layer DLL
  231. 1890.d3c: \SystemRoot\System32\kernel32.dll:
  232. 1890.d3c: CreationTime: 2014-07-29T15:11:12.789178400Z
  233. 1890.d3c: LastWriteTime: 2014-03-04T09:44:00.336000000Z
  234. 1890.d3c: ChangeTime: 2014-07-29T15:42:24.035769600Z
  235. 1890.d3c: FileAttributes: 0x20
  236. 1890.d3c: Size: 0x11c000
  237. 1890.d3c: NT Headers: 0xe8
  238. 1890.d3c: Timestamp: 0x5315a059
  239. 1890.d3c: Machine: 0x8664 - amd64
  240. 1890.d3c: Timestamp: 0x5315a059
  241. 1890.d3c: Image Version: 6.1
  242. 1890.d3c: SizeOfImage: 0x11f000 (1175552)
  243. 1890.d3c: Resource Dir: 0x116000 LB 0x528
  244. 1890.d3c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
  245. 1890.d3c: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
  246. 1890.d3c: ProductName: Microsoft® Windows® Operating System
  247. 1890.d3c: ProductVersion: 6.1.7601.18409
  248. 1890.d3c: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
  249. 1890.d3c: FileDescription: Windows NT BASE API Client DLL
  250. 1890.d3c: \SystemRoot\System32\KernelBase.dll:
  251. 1890.d3c: CreationTime: 2014-07-29T15:50:33.070665800Z
  252. 1890.d3c: LastWriteTime: 2014-03-04T09:44:00.336000000Z
  253. 1890.d3c: ChangeTime: 2014-07-29T15:55:55.374432100Z
  254. 1890.d3c: FileAttributes: 0x20
  255. 1890.d3c: Size: 0x67c00
  256. 1890.d3c: NT Headers: 0xe8
  257. 1890.d3c: Timestamp: 0x5315a05a
  258. 1890.d3c: Machine: 0x8664 - amd64
  259. 1890.d3c: Timestamp: 0x5315a05a
  260. 1890.d3c: Image Version: 6.1
  261. 1890.d3c: SizeOfImage: 0x6c000 (442368)
  262. 1890.d3c: Resource Dir: 0x6a000 LB 0x530
  263. 1890.d3c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
  264. 1890.d3c: [Raw version resource data: 0x6a0b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
  265. 1890.d3c: ProductName: Microsoft® Windows® Operating System
  266. 1890.d3c: ProductVersion: 6.1.7601.18409
  267. 1890.d3c: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
  268. 1890.d3c: FileDescription: Windows NT BASE API Client DLL
  269. 1890.d3c: \SystemRoot\System32\apisetschema.dll:
  270. 1890.d3c: CreationTime: 2014-07-29T15:14:28.210721700Z
  271. 1890.d3c: LastWriteTime: 2013-08-02T02:12:20.275000000Z
  272. 1890.d3c: ChangeTime: 2014-07-29T15:42:25.455372100Z
  273. 1890.d3c: FileAttributes: 0x20
  274. 1890.d3c: Size: 0x1a00
  275. 1890.d3c: NT Headers: 0xc0
  276. 1890.d3c: Timestamp: 0x51fb15ca
  277. 1890.d3c: Machine: 0x8664 - amd64
  278. 1890.d3c: Timestamp: 0x51fb15ca
  279. 1890.d3c: Image Version: 6.1
  280. 1890.d3c: SizeOfImage: 0x50000 (327680)
  281. 1890.d3c: Resource Dir: 0x30000 LB 0x3f8
  282. 1890.d3c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  283. 1890.d3c: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
  284. 1890.d3c: ProductName: Microsoft® Windows® Operating System
  285. 1890.d3c: ProductVersion: 6.1.7601.18229
  286. 1890.d3c: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
  287. 1890.d3c: FileDescription: ApiSet Schema DLL
  288. 1890.d3c: supR3HardenedWinFindAdversaries: 0x88
  289. 1890.d3c: \SystemRoot\System32\drivers\tmcomm.sys:
  290. 1890.d3c: CreationTime: 2017-04-13T02:38:07.967000100Z
  291. 1890.d3c: LastWriteTime: 2016-08-22T19:20:54.000000000Z
  292. 1890.d3c: ChangeTime: 2017-04-13T02:44:35.055140200Z
  293. 1890.d3c: FileAttributes: 0x20
  294. 1890.d3c: Size: 0x512e0
  295. 1890.d3c: NT Headers: 0xe8
  296. 1890.d3c: Timestamp: 0x57a30a7f
  297. 1890.d3c: Machine: 0x8664 - amd64
  298. 1890.d3c: Timestamp: 0x57a30a7f
  299. 1890.d3c: Image Version: 6.0
  300. 1890.d3c: SizeOfImage: 0x52000 (335872)
  301. 1890.d3c: Resource Dir: 0x50000 LB 0x758
  302. 1890.d3c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  303. 1890.d3c: [Raw version resource data: 0x50060 LB 0x6f8, codepage 0x0 (reserved 0x0)]
  304. 1890.d3c: ProductName: Trend Micro Eyes
  305. 1890.d3c: ProductVersion: 6.70
  306. 1890.d3c: FileVersion: 6.70.0.1098
  307. 1890.d3c: SpecialBuild: 1098
  308. 1890.d3c: PrivateBuild: Build 1098 - 8/4/2016
  309. 1890.d3c: FileDescription: TrendMicro Common Module
  310. 1890.d3c: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
  311. 1890.d3c: CreationTime: 2018-04-06T14:09:49.814773500Z
  312. 1890.d3c: LastWriteTime: 2018-04-16T03:50:05.507809600Z
  313. 1890.d3c: ChangeTime: 2018-04-16T03:50:05.710821200Z
  314. 1890.d3c: FileAttributes: 0x20
  315. 1890.d3c: Size: 0x3dee0
  316. 1890.d3c: NT Headers: 0x110
  317. 1890.d3c: Timestamp: 0x5aa00b51
  318. 1890.d3c: Machine: 0x8664 - amd64
  319. 1890.d3c: Timestamp: 0x5aa00b51
  320. 1890.d3c: Image Version: 6.3
  321. 1890.d3c: SizeOfImage: 0x40000 (262144)
  322. 1890.d3c: Resource Dir: 0x3e000 LB 0x3b8
  323. 1890.d3c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  324. 1890.d3c: [Raw version resource data: 0x3e060 LB 0x358, codepage 0x0 (reserved 0x0)]
  325. 1890.d3c: ProductName: Malwarebytes SwissArmy
  326. 1890.d3c: ProductVersion: 4.2.0.150
  327. 1890.d3c: FileVersion: 4.2.0.150
  328. 1890.d3c: FileDescription: Malwarebytes SwissArmy
  329. 1890.d3c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume7\apps\virtualbox'
  330. 1890.d3c: Calling main()
  331. 1890.d3c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
  332. 1890.d3c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume7\apps\virtualbox'
  333. 1890.d3c: '\Device\HarddiskVolume7\apps\virtualbox\VirtualBox.exe' has no imports
  334. 1890.d3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\apps\virtualbox\VirtualBox.exe)
  335. 1890.d3c: SUPR3HardenedMain: Respawn #2
  336. 1890.d3c: supR3HardNtEnableThreadCreation:
  337. 1890.d3c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
  338. 1890.d3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
  339. 1890.d3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
  340. 1890.d3c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
  341. 1890.d3c: supR3HardenedDllNotificationCallback: load 000007fefd7b0000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
  342. 1890.d3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
  343. 1890.d3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7b0000 'C:\Windows\system32\apphelp.dll'
  344. 1890.d3c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077adc340 pvNtTerminateThread=0000000077b017e0
  345. 1890.d3c: supR3HardenedWinDoReSpawn(2): New child 1db4.1c50 [kernel32].
  346. 1890.d3c: supR3HardNtChildGatherData: PebBaseAddress=000007fffffda000 cbPeb=0x380
  347. 1890.d3c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077ab0000 uNtDllChildAddr=0000000077ab0000
  348. 1890.d3c: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077adc340
  349. 1890.d3c: supR3HardenedWinSetupChildInit: Start child.
  350. 1890.d3c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
  351. 1890.d3c: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 33 sleeps
  352. 1890.d3c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
  353. 1890.d3c: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
  354. 1890.d3c: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
  355. 1890.d3c: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
  356. 1890.d3c: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
  357. 1890.d3c: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
  358. 1890.d3c: 0000000000041000-000000000014ffff 0x0001/0x0000 0x0000000
  359. 1890.d3c: *0000000000150000-000000000024bfff 0x0000/0x0004 0x0020000
  360. 1890.d3c: 000000000024c000-000000000024dfff 0x0104/0x0004 0x0020000
  361. 1890.d3c: 000000000024e000-000000000024ffff 0x0004/0x0004 0x0020000
  362. 1890.d3c: 0000000000250000-0000000077aaffff 0x0001/0x0000 0x0000000
  363. 1890.d3c: *0000000077ab0000-0000000077ab0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
  364. 1890.d3c: 0000000077ab1000-0000000077bb2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
  365. 1890.d3c: 0000000077bb3000-0000000077be1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
  366. 1890.d3c: 0000000077be2000-0000000077be9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
  367. 1890.d3c: 0000000077bea000-0000000077beafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
  368. 1890.d3c: 0000000077beb000-0000000077bedfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
  369. 1890.d3c: 0000000077bee000-0000000077c58fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
  370. 1890.d3c: 0000000077c59000-000000007efdffff 0x0001/0x0000 0x0000000
  371. 1890.d3c: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
  372. 1890.d3c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
  373. 1890.d3c: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
  374. 1890.d3c: 000000007fff0000-000000013f18ffff 0x0001/0x0000 0x0000000
  375. 1890.d3c: *000000013f190000-000000013f190fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\apps\virtualbox\VirtualBox.exe
  376. 1890.d3c: 000000013f191000-000000013f201fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume7\apps\virtualbox\VirtualBox.exe
  377. 1890.d3c: 000000013f202000-000000013f202fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume7\apps\virtualbox\VirtualBox.exe
  378. 1890.d3c: 000000013f203000-000000013f248fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\apps\virtualbox\VirtualBox.exe
  379. 1890.d3c: 000000013f249000-000000013f249fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\apps\virtualbox\VirtualBox.exe
  380. 1890.d3c: 000000013f24a000-000000013f24afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\apps\virtualbox\VirtualBox.exe
  381. 1890.d3c: 000000013f24b000-000000013f24ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\apps\virtualbox\VirtualBox.exe
  382. 1890.d3c: 000000013f250000-000000013f250fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\apps\virtualbox\VirtualBox.exe
  383. 1890.d3c: 000000013f251000-000000013f251fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume7\apps\virtualbox\VirtualBox.exe
  384. 1890.d3c: 000000013f252000-000000013f255fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume7\apps\virtualbox\VirtualBox.exe
  385. 1890.d3c: 000000013f256000-000000013f29dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume7\apps\virtualbox\VirtualBox.exe
  386. 1890.d3c: 000000013f29e000-000007feffdcffff 0x0001/0x0000 0x0000000
  387. 1890.d3c: *000007feffdd0000-000007feffdd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
  388. 1890.d3c: 000007feffdd1000-000007fffffaffff 0x0001/0x0000 0x0000000
  389. 1890.d3c: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
  390. 1890.d3c: 000007fffffd3000-000007fffffd9fff 0x0001/0x0000 0x0000000
  391. 1890.d3c: *000007fffffda000-000007fffffdafff 0x0004/0x0004 0x0020000
  392. 1890.d3c: 000007fffffdb000-000007fffffddfff 0x0001/0x0000 0x0000000
  393. 1890.d3c: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000
  394. 1890.d3c: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
  395. 1890.d3c: apisetschema.dll: timestamp 0x51fb15ca (rc=VINF_SUCCESS)
  396. 1890.d3c: VirtualBox.exe: timestamp 0x5a942b95 (rc=VINF_SUCCESS)
  397. 1890.d3c: '\Device\HarddiskVolume7\apps\virtualbox\VirtualBox.exe' has no imports
  398. 1890.d3c: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
  399. 1890.d3c: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
  400. 1890.d3c: supR3HardNtChildPurify: Done after 578 ms and 0 fixes (loop #0).
  401. 1db4.1c50: Log file opened: 5.2.8r121009 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
  402. 1db4.1c50: supR3HardenedVmProcessInit: uNtDllAddr=0000000077ab0000 g_uNtVerCombined=0x611db100
  403. 1890.d3c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000260000 LB 0x400000)
  404. 1890.d3c: supR3HardNtEnableThreadCreation:
  405. 1db4.1c50: ntdll.dll: timestamp 0x521eaf24 (rc=VINF_SUCCESS)
  406. 1db4.1c50: New simple heap: #1 0000000000250000 LB 0x400000 (for 1740800 allocation)
  407. 1db4.1c50: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume7\apps\virtualbox'
  408. 1db4.1c50: System32: \Device\HarddiskVolume2\Windows\System32
  409. 1db4.1c50: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
  410. 1db4.1c50: KnownDllPath: C:\Windows\system32
  411. 1db4.1c50: supR3HardenedVmProcessInit: Opening vboxdrv...
  412. 1db4.1c50: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
  413. 1db4.1c50: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
  414. 1db4.1c50: Registered Dll notification callback with NTDLL.
  415. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
  416. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
  417. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
  418. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  419. 1db4.1c50: supR3HardenedDllNotificationCallback: load 0000000077990000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
  420. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  421. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefd9e0000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
  422. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
  423. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
  424. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077990000 'C:\Windows\system32\kernel32.dll'
  425. 1db4.1c50: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077adc340 pvNtTerminateThread=0000000077b017e0
  426. 1890.d3c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 94 ms.
  427. 1db4.1c50: \SystemRoot\System32\ntdll.dll:
  428. 1db4.1c50: CreationTime: 2014-07-29T15:15:12.093598700Z
  429. 1db4.1c50: LastWriteTime: 2013-08-29T02:16:35.515578900Z
  430. 1db4.1c50: ChangeTime: 2014-07-29T15:42:24.768970900Z
  431. 1db4.1c50: FileAttributes: 0x20
  432. 1db4.1c50: Size: 0x1a6dc0
  433. 1db4.1c50: NT Headers: 0xe0
  434. 1db4.1c50: Timestamp: 0x521eaf24
  435. 1db4.1c50: Machine: 0x8664 - amd64
  436. 1db4.1c50: Timestamp: 0x521eaf24
  437. 1db4.1c50: Image Version: 6.1
  438. 1db4.1c50: SizeOfImage: 0x1a9000 (1740800)
  439. 1db4.1c50: Resource Dir: 0x151000 LB 0x560d8
  440. 1db4.1c50: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
  441. 1db4.1c50: [Raw version resource data: 0x1510f0 LB 0x380, codepage 0x0 (reserved 0x0)]
  442. 1db4.1c50: ProductName: Microsoft® Windows® Operating System
  443. 1db4.1c50: ProductVersion: 6.1.7601.18247
  444. 1db4.1c50: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532)
  445. 1db4.1c50: FileDescription: NT Layer DLL
  446. 1db4.1c50: \SystemRoot\System32\kernel32.dll:
  447. 1db4.1c50: CreationTime: 2014-07-29T15:11:12.789178400Z
  448. 1db4.1c50: LastWriteTime: 2014-03-04T09:44:00.336000000Z
  449. 1db4.1c50: ChangeTime: 2014-07-29T15:42:24.035769600Z
  450. 1db4.1c50: FileAttributes: 0x20
  451. 1db4.1c50: Size: 0x11c000
  452. 1db4.1c50: NT Headers: 0xe8
  453. 1db4.1c50: Timestamp: 0x5315a059
  454. 1db4.1c50: Machine: 0x8664 - amd64
  455. 1db4.1c50: Timestamp: 0x5315a059
  456. 1db4.1c50: Image Version: 6.1
  457. 1db4.1c50: SizeOfImage: 0x11f000 (1175552)
  458. 1db4.1c50: Resource Dir: 0x116000 LB 0x528
  459. 1db4.1c50: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
  460. 1db4.1c50: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
  461. 1db4.1c50: ProductName: Microsoft® Windows® Operating System
  462. 1db4.1c50: ProductVersion: 6.1.7601.18409
  463. 1db4.1c50: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
  464. 1db4.1c50: FileDescription: Windows NT BASE API Client DLL
  465. 1db4.1c50: \SystemRoot\System32\KernelBase.dll:
  466. 1db4.1c50: CreationTime: 2014-07-29T15:50:33.070665800Z
  467. 1db4.1c50: LastWriteTime: 2014-03-04T09:44:00.336000000Z
  468. 1db4.1c50: ChangeTime: 2014-07-29T15:55:55.374432100Z
  469. 1db4.1c50: FileAttributes: 0x20
  470. 1db4.1c50: Size: 0x67c00
  471. 1db4.1c50: NT Headers: 0xe8
  472. 1db4.1c50: Timestamp: 0x5315a05a
  473. 1db4.1c50: Machine: 0x8664 - amd64
  474. 1db4.1c50: Timestamp: 0x5315a05a
  475. 1db4.1c50: Image Version: 6.1
  476. 1db4.1c50: SizeOfImage: 0x6c000 (442368)
  477. 1db4.1c50: Resource Dir: 0x6a000 LB 0x530
  478. 1db4.1c50: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
  479. 1db4.1c50: [Raw version resource data: 0x6a0b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
  480. 1db4.1c50: ProductName: Microsoft® Windows® Operating System
  481. 1db4.1c50: ProductVersion: 6.1.7601.18409
  482. 1db4.1c50: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144)
  483. 1db4.1c50: FileDescription: Windows NT BASE API Client DLL
  484. 1db4.1c50: \SystemRoot\System32\apisetschema.dll:
  485. 1db4.1c50: CreationTime: 2014-07-29T15:14:28.210721700Z
  486. 1db4.1c50: LastWriteTime: 2013-08-02T02:12:20.275000000Z
  487. 1db4.1c50: ChangeTime: 2014-07-29T15:42:25.455372100Z
  488. 1db4.1c50: FileAttributes: 0x20
  489. 1db4.1c50: Size: 0x1a00
  490. 1db4.1c50: NT Headers: 0xc0
  491. 1db4.1c50: Timestamp: 0x51fb15ca
  492. 1db4.1c50: Machine: 0x8664 - amd64
  493. 1db4.1c50: Timestamp: 0x51fb15ca
  494. 1db4.1c50: Image Version: 6.1
  495. 1db4.1c50: SizeOfImage: 0x50000 (327680)
  496. 1db4.1c50: Resource Dir: 0x30000 LB 0x3f8
  497. 1db4.1c50: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  498. 1db4.1c50: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
  499. 1db4.1c50: ProductName: Microsoft® Windows® Operating System
  500. 1db4.1c50: ProductVersion: 6.1.7601.18229
  501. 1db4.1c50: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533)
  502. 1db4.1c50: FileDescription: ApiSet Schema DLL
  503. 1db4.1c50: supR3HardenedWinFindAdversaries: 0x88
  504. 1db4.1c50: \SystemRoot\System32\drivers\tmcomm.sys:
  505. 1db4.1c50: CreationTime: 2017-04-13T02:38:07.967000100Z
  506. 1db4.1c50: LastWriteTime: 2016-08-22T19:20:54.000000000Z
  507. 1db4.1c50: ChangeTime: 2017-04-13T02:44:35.055140200Z
  508. 1db4.1c50: FileAttributes: 0x20
  509. 1db4.1c50: Size: 0x512e0
  510. 1db4.1c50: NT Headers: 0xe8
  511. 1db4.1c50: Timestamp: 0x57a30a7f
  512. 1db4.1c50: Machine: 0x8664 - amd64
  513. 1db4.1c50: Timestamp: 0x57a30a7f
  514. 1db4.1c50: Image Version: 6.0
  515. 1db4.1c50: SizeOfImage: 0x52000 (335872)
  516. 1db4.1c50: Resource Dir: 0x50000 LB 0x758
  517. 1db4.1c50: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  518. 1db4.1c50: [Raw version resource data: 0x50060 LB 0x6f8, codepage 0x0 (reserved 0x0)]
  519. 1db4.1c50: ProductName: Trend Micro Eyes
  520. 1db4.1c50: ProductVersion: 6.70
  521. 1db4.1c50: FileVersion: 6.70.0.1098
  522. 1db4.1c50: SpecialBuild: 1098
  523. 1db4.1c50: PrivateBuild: Build 1098 - 8/4/2016
  524. 1db4.1c50: FileDescription: TrendMicro Common Module
  525. 1db4.1c50: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
  526. 1db4.1c50: CreationTime: 2018-04-06T14:09:49.814773500Z
  527. 1db4.1c50: LastWriteTime: 2018-04-16T03:50:05.507809600Z
  528. 1db4.1c50: ChangeTime: 2018-04-16T03:50:05.710821200Z
  529. 1db4.1c50: FileAttributes: 0x20
  530. 1db4.1c50: Size: 0x3dee0
  531. 1db4.1c50: NT Headers: 0x110
  532. 1db4.1c50: Timestamp: 0x5aa00b51
  533. 1db4.1c50: Machine: 0x8664 - amd64
  534. 1db4.1c50: Timestamp: 0x5aa00b51
  535. 1db4.1c50: Image Version: 6.3
  536. 1db4.1c50: SizeOfImage: 0x40000 (262144)
  537. 1db4.1c50: Resource Dir: 0x3e000 LB 0x3b8
  538. 1db4.1c50: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
  539. 1db4.1c50: [Raw version resource data: 0x3e060 LB 0x358, codepage 0x0 (reserved 0x0)]
  540. 1db4.1c50: ProductName: Malwarebytes SwissArmy
  541. 1db4.1c50: ProductVersion: 4.2.0.150
  542. 1db4.1c50: FileVersion: 4.2.0.150
  543. 1db4.1c50: FileDescription: Malwarebytes SwissArmy
  544. 1db4.1c50: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume7\apps\virtualbox'
  545. 1db4.1c50: Calling main()
  546. 1db4.1c50: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
  547. 1db4.1c50: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume7\apps\virtualbox'
  548. 1db4.1c50: '\Device\HarddiskVolume7\apps\virtualbox\VirtualBox.exe' has no imports
  549. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\apps\virtualbox\VirtualBox.exe)
  550. 1db4.1c50: SUPR3HardenedMain: Final process, opening VBoxDrv...
  551. 1db4.1c50: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000250000 LB 0x400000)
  552. 1db4.1c50: supR3HardNtEnableThreadCreation:
  553. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\apps\virtualbox\VBoxSupLib.dll)
  554. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\apps\virtualbox\VBoxSupLib.dll
  555. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=E:\apps\virtualbox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000695020:C:\Windows\system32 [calling]
  556. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxSupLib.dll [lacks WinVerifyTrust]
  557. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007feed6a0000 LB 0x00005000 E:\apps\virtualbox\VBoxSupLib.DLL [fFlags=0x0]
  558. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxSupLib.dll [lacks WinVerifyTrust]
  559. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxSupLib.dll [lacks WinVerifyTrust]
  560. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=E:\apps\virtualbox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  561. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed6a0000 'E:\apps\virtualbox\VBoxSupLib.DLL'
  562. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxSupLib.dll [lacks WinVerifyTrust]
  563. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=E:\apps\virtualbox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  564. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed6a0000 'E:\apps\virtualbox\VBoxSupLib.DLL'
  565. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed6a0000 'E:\apps\virtualbox\VBoxSupLib.DLL'
  566. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  567. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
  568. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
  569. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
  570. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
  571. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
  572. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  573. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  574. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
  575. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
  576. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
  577. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
  578. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
  579. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
  580. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
  581. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
  582. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  583. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
  584. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
  585. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
  586. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  587. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  588. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
  589. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
  590. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
  591. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
  592. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
  593. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  594. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  595. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  596. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000695020:C:\Windows\system32 [calling]
  597. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  598. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefd980000 LB 0x0003a000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
  599. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  600. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007feff210000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
  601. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  602. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefda70000 LB 0x0016c000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
  603. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  604. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefd8d0000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
  605. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
  606. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007feffc90000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
  607. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  608. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd980000 'C:\Windows\system32\Wintrust.dll'
  609. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
  610. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
  611. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006da920:C:\Windows\system32 [calling]
  612. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  613. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefd210000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
  614. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  615. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd210000 'C:\Windows\system32\bcrypt.dll'
  616. 1db4.1c50: bcrypt.dll loaded at 000007fefd210000, BCryptOpenAlgorithmProvider at 000007fefd212640, preloading providers:
  617. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
  618. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
  619. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
  620. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
  621. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
  622. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
  623. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  624. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  625. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  626. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  627. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
  628. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
  629. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
  630. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  631. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  632. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  633. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  634. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  635. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  636. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  637. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
  638. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefcd00000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
  639. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
  640. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefde70000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
  641. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
  642. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
  643. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
  644. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
  645. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
  646. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefe110000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
  647. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
  648. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd00000 'C:\Windows\system32\bcryptprimitives.dll'
  649. 1db4.1c50: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000006dd690)
  650. 1db4.1c50: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000006ddf20)
  651. 1db4.1c50: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000006de040)
  652. 1db4.1c50: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000006de250)
  653. 1db4.1c50: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000006de370)
  654. 1db4.1c50: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000006de490)
  655. 1db4.1c50: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000006de6d0)
  656. 1db4.1c50: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000006de7f0)
  657. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
  658. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
  659. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  660. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  661. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  662. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  663. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  664. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  665. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  666. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
  667. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefd0c0000 LB 0x00017000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
  668. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
  669. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0c0000 'C:\Windows\system32\CRYPTSP.dll'
  670. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  671. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
  672. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
  673. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  674. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  675. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  676. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  677. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  678. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefcdc0000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
  679. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  680. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcdc0000 'C:\Windows\system32\rsaenh.dll'
  681. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
  682. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  683. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde70000 'C:\Windows\system32\ADVAPI32.dll'
  684. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
  685. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
  686. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  687. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
  688. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefd6c0000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
  689. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
  690. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd6c0000 'C:\Windows\system32\CRYPTBASE.dll'
  691. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  692. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  693. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077990000 'C:\Windows\system32\kernel32.dll'
  694. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  695. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  696. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd980000 'C:\Windows\system32\WINTRUST.DLL'
  697. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  698. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  699. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda70000 'C:\Windows\system32\CRYPT32.dll'
  700. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  701. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
  702. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
  703. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
  704. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  705. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  706. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
  707. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  708. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  709. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  710. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  711. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
  712. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefe1a0000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
  713. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
  714. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe1a0000 'C:\Windows\system32\imagehlp.dll'
  715. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
  716. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  717. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0c0000 'C:\Windows\system32\CRYPTSP.dll'
  718. 1db4.1c50: \Device\HarddiskVolume2\Windows\System32\user32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 ae 4d ef 8d ed db df fd 54 89 01 57 e8 03 00 00)
  719. 1db4.1c50: \Device\HarddiskVolume2\Windows\System32\user32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32).
  720. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
  721. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
  722. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
  723. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  724. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  725. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
  726. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
  727. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
  728. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
  729. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
  730. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
  731. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
  732. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
  733. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
  734. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
  735. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
  736. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  737. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  738. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
  739. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
  740. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
  741. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  742. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
  743. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
  744. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
  745. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
  746. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  747. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  748. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
  749. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  750. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  751. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  752. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  753. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  754. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  755. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  756. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  757. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
  758. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  759. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  760. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  761. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  762. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
  763. 1db4.1c50: supR3HardenedDllNotificationCallback: load 0000000077890000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
  764. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
  765. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefe130000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
  766. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  767. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefe470000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
  768. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
  769. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007feff4c0000 LB 0x000c9000 C:\Windows\system32\USP10.dll [fFlags=0x0]
  770. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
  771. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  772. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  773. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe130000 'C:\Windows\system32\gdi32.dll'
  774. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
  775. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
  776. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
  777. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
  778. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
  779. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
  780. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
  781. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  782. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
  783. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
  784. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
  785. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
  786. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
  787. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  788. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  789. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  790. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  791. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  792. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
  793. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
  794. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
  795. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
  796. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  797. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  798. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  799. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  800. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  801. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
  802. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  803. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  804. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  805. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  806. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
  807. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007feff770000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
  808. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
  809. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefdd60000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
  810. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
  811. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff770000 'C:\Windows\system32\IMM32.DLL'
  812. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077890000 'C:\Windows\system32\USER32.dll'
  813. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
  814. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
  815. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
  816. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
  817. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
  818. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
  819. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
  820. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
  821. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  822. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  823. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  824. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
  825. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
  826. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  827. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  828. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
  829. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefd240000 LB 0x0004d000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
  830. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
  831. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd240000 'C:\Windows\system32\ncrypt.dll'
  832. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  833. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  834. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd210000 'C:\Windows\system32\bcrypt.dll'
  835. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  836. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
  837. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
  838. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
  839. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
  840. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
  841. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
  842. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  843. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
  844. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
  845. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  846. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  847. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  848. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  849. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  850. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  851. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  852. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  853. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  854. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  855. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
  856. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefda50000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
  857. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
  858. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefd8c0000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
  859. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
  860. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda50000 'C:\Windows\system32\USERENV.dll'
  861. 1db4.1c50: supR3HardenedIsApiSetDll: '<NULL>' -> true
  862. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  863. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe110000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
  864. 1db4.1c50: supR3HardenedIsApiSetDll: '<NULL>' -> true
  865. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  866. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe110000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
  867. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  868. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
  869. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
  870. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
  871. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  872. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  873. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  874. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  875. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  876. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  877. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  878. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
  879. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefcb80000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
  880. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
  881. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb80000 'C:\Windows\system32\GPAPI.dll'
  882. 1db4.1c50: supR3HardenedIsApiSetDll: '<NULL>' -> true
  883. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  884. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe110000 'API-MS-WIN-Service-Management-L1-1-0.dll'
  885. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  886. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  887. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffc90000 'C:\Windows\system32\rpcrt4.dll'
  888. 1db4.1c50: supR3HardenedIsApiSetDll: '<NULL>' -> true
  889. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  890. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe110000 'API-MS-WIN-Service-Management-L2-1-0.dll'
  891. 1db4.1c50: supR3HardenedIsApiSetDll: '<NULL>' -> true
  892. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  893. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe110000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
  894. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  895. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
  896. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
  897. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
  898. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
  899. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
  900. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
  901. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
  902. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  903. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
  904. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
  905. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
  906. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
  907. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  908. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  909. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  910. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
  911. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  912. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  913. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  914. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  915. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  916. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  917. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  918. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  919. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefa690000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
  920. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  921. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefe210000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
  922. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
  923. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  924. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  925. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa690000 'C:\Windows\system32\cryptnet.dll'
  926. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  927. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  928. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa690000 'C:\Windows\system32\cryptnet.dll'
  929. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  930. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  931. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa690000 'C:\Windows\system32\cryptnet.dll'
  932. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  933. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  934. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa690000 'C:\Windows\system32\cryptnet.dll'
  935. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  936. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  937. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa690000 'C:\Windows\system32\cryptnet.dll'
  938. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  939. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  940. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa690000 'C:\Windows\system32\cryptnet.dll'
  941. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  942. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa690000 'C:\Windows\system32\cryptnet.dll'
  943. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  944. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa690000 'C:\Windows\system32\cryptnet.dll'
  945. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  946. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa690000 'C:\Windows\system32\cryptnet.dll'
  947. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  948. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa690000 'C:\Windows\system32\cryptnet.dll'
  949. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  950. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa690000 'C:\Windows\system32\cryptnet.dll'
  951. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa690000 'C:\Windows\system32\cryptnet.dll'
  952. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  953. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa690000 'C:\Windows\system32\cryptnet.dll'
  954. 1db4.1c50: supR3HardenedIsApiSetDll: '<NULL>' -> true
  955. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  956. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe110000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
  957. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
  958. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  959. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8c0000 'C:\Windows\system32\profapi.dll'
  960. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
  961. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
  962. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
  963. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
  964. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
  965. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  966. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  967. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  968. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  969. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  970. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
  971. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  972. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  973. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
  974. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  975. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
  976. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefe270000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
  977. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
  978. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe270000 'C:\Windows\system32\SHLWAPI.dll'
  979. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
  980. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000006d6b20
  981. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  982. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=771D512B7B1C39F0393BD4EF9FC62F442783FB35
  983. 1db4.1c50: supR3HardenedIsApiSetDll: '<NULL>' -> true
  984. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  985. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe110000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
  986. 1db4.1c50: supR3HardenedIsApiSetDll: '<NULL>' -> true
  987. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  988. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe110000 'API-MS-WIN-Service-Management-L1-1-0.dll'
  989. 1db4.1c50: supR3HardenedIsApiSetDll: '<NULL>' -> true
  990. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  991. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe110000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
  992. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
  993. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  994. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde70000 'C:\Windows\system32\ADVAPI32.dll'
  995. 1db4.1c50: supR3HardenedIsApiSetDll: '<NULL>' -> true
  996. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  997. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe110000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
  998. 1db4.1c50: supR3HardenedIsApiSetDll: '<NULL>' -> true
  999. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  1000. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe110000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
  1001. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2882822~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\SystemRoot\System32\ntdll.dll'
  1002. 1db4.1c50: g_pfnWinVerifyTrust=000007fefd981010
  1003. 1db4.1c50: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
  1004. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
  1005. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1006. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1007. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CF258E1DA85AD69891395F6F7501E1D54F2DFED8
  1008. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_112_for_KB2868626~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
  1009. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1010. 1db4.1c50: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
  1011. 1db4.1c50: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
  1012. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
  1013. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1014. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1015. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=80662AB761CF56CEC7909E5D03289BC65B4457A8
  1016. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB2862966~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
  1017. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1018. 1db4.1c50: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
  1019. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000388 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
  1020. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1021. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1022. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
  1023. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
  1024. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1025. 1db4.1c50: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
  1026. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000380 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
  1027. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1028. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1029. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
  1030. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
  1031. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1032. 1db4.1c50: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
  1033. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000037c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
  1034. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1035. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1036. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C1C670A9871F2BD448B2F0FA6127AC7A486B8D8F
  1037. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB2862966~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
  1038. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1039. 1db4.1c50: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
  1040. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000258 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
  1041. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1042. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1043. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
  1044. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
  1045. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1046. 1db4.1c50: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
  1047. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c4 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
  1048. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1049. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1050. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
  1051. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
  1052. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1053. 1db4.1c50: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
  1054. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c0 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
  1055. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1056. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1057. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
  1058. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
  1059. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1060. 1db4.1c50: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
  1061. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001ac pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
  1062. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1063. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1064. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=79EA9CBEF21789D2261F797DD2A1624A054306AB
  1065. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_52_for_KB2973337~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
  1066. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1067. 1db4.1c50: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
  1068. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
  1069. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1070. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1071. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=803AF52F95A9EFDFDA06C595023831EE36ACD3A8
  1072. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
  1073. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1074. 1db4.1c50: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
  1075. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
  1076. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1077. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1078. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
  1079. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
  1080. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1081. 1db4.1c50: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
  1082. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
  1083. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1084. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1085. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F1AA8340DE02FC1B6341EE2706E55D56EDF63B8
  1086. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2957509~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
  1087. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1088. 1db4.1c50: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
  1089. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
  1090. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1091. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1092. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6FCA4D678614C8615E6E5C082BF3A4562FCF14EB
  1093. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2847311~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
  1094. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1095. 1db4.1c50: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
  1096. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
  1097. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1098. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1099. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AEB59C2353484ADF282BEA358113ABD82C223B9
  1100. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2993651~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
  1101. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1102. 1db4.1c50: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
  1103. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
  1104. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1105. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1106. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B723D1B8AD72750B0CF5F6BEC66171B1254ED879
  1107. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
  1108. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1109. 1db4.1c50: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
  1110. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
  1111. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1112. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1113. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
  1114. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
  1115. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1116. 1db4.1c50: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
  1117. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
  1118. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1119. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1120. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A965CC5DB13A5FB23BBB1B6B5FA6D400DC49462F
  1121. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
  1122. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1123. 1db4.1c50: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
  1124. 1db4.1c50: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
  1125. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000012c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
  1126. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1127. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1128. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=40667EDBA9045D4A4BE1D4844665D3B88F8CD0E0
  1129. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
  1130. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1131. 1db4.1c50: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
  1132. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
  1133. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1134. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1135. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323
  1136. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
  1137. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1138. 1db4.1c50: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
  1139. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
  1140. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1141. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1142. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7C0A1C638CE7C1160F49C473EC1420BD3AB693C4
  1143. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2882822~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
  1144. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1145. 1db4.1c50: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
  1146. 1db4.1c50: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
  1147. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
  1148. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1149. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1150. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
  1151. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
  1152. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1153. 1db4.1c50: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
  1154. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
  1155. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1156. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1157. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
  1158. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
  1159. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1160. 1db4.1c50: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
  1161. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
  1162. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1163. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1164. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
  1165. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
  1166. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1167. 1db4.1c50: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
  1168. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
  1169. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1170. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1171. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03E871CFC4A3E7194619AFC99CEEA1EC75982D12
  1172. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2978668~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
  1173. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1174. 1db4.1c50: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
  1175. 1db4.1c50: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume7\apps\virtualbox\VBoxSupLib.dll'
  1176. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
  1177. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1178. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1179. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=57EB6F834C5A5D9585A660D91756134028A3B089
  1180. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB2871997~31bf3856ad364e35~amd64~~6.1.2.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
  1181. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1182. 1db4.1c50: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
  1183. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
  1184. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1185. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1186. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5349346AE66DA4E3A7206628F484AC3B3AA43776
  1187. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB2871997~31bf3856ad364e35~amd64~~6.1.2.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
  1188. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1189. 1db4.1c50: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
  1190. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
  1191. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000028bf310:C:\Windows\system32 [calling]
  1192. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda70000 'C:\Windows\system32\crypt32.dll'
  1193. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
  1194. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
  1195. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0xca2de669f55ba200 C=US, O=Symantec Corporation, CN=Symantec Root 2005 CA
  1196. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
  1197. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
  1198. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
  1199. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x6864e162ceb5d900 CN=UniversalADB
  1200. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
  1201. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x3423e6c7a208b400 O=Symantec Corporation, CN=Symantec Root CA
  1202. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0xfa9d9f76947289ee CN=NGO
  1203. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
  1204. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0xa45b257adbbeb200 CN=127.0.0.1
  1205. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
  1206. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x722f7e828a308acb CN=libusb-win32 (WorldCup_Device.inf) [Self]
  1207. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
  1208. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
  1209. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0xa12b07674f1bf600 C=US, O=AffirmTrust, CN=AffirmTrust Commercial
  1210. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
  1211. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x91e3728b8b40d000 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority
  1212. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
  1213. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
  1214. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
  1215. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
  1216. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
  1217. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
  1218. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
  1219. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
  1220. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
  1221. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x9403a4b8727eb000 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
  1222. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
  1223. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
  1224. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
  1225. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
  1226. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
  1227. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
  1228. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
  1229. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
  1230. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
  1231. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
  1232. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
  1233. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
  1234. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
  1235. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
  1236. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x802b3770cb00af00 C=EU, L=Madrid (see current address at www.camerfirma.com/address), SRN=A82743287, O=AC Camerfirma S.A., CN=Chambers of Commerce Root - 2008
  1237. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
  1238. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
  1239. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
  1240. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
  1241. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
  1242. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
  1243. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
  1244. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
  1245. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
  1246. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
  1247. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
  1248. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
  1249. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x30669a4e82fa800 C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
  1250. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
  1251. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
  1252. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x20b7075b3689b600 C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2
  1253. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
  1254. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
  1255. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x92ac5ed85c2d0e9b C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4
  1256. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
  1257. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
  1258. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
  1259. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
  1260. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
  1261. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
  1262. 1db4.1c50: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
  1263. 1db4.1c50: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=70
  1264. 1db4.1c50: SUPR3HardenedMain: Load Runtime...
  1265. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  1266. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
  1267. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
  1268. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
  1269. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\apps\virtualbox\VBoxRT.dll) WinVerifyTrust
  1270. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\apps\virtualbox\VBoxRT.dll
  1271. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1272. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1273. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
  1274. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
  1275. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
  1276. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003f8 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
  1277. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1278. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1279. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
  1280. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
  1281. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1282. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1283. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
  1284. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
  1285. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
  1286. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
  1287. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
  1288. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcp100.dll' [rcNtRedir=0xc0150008]
  1289. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  1290. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\apps\virtualbox\msvcp100.dll) WinVerifyTrust
  1291. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\apps\virtualbox\msvcp100.dll
  1292. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  1293. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
  1294. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll) WinVerifyTrust
  1295. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll
  1296. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  1297. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
  1298. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll
  1299. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
  1300. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
  1301. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000440 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
  1302. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1303. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1304. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
  1305. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
  1306. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1307. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
  1308. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
  1309. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1310. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1311. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
  1312. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1313. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1314. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
  1315. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=E:\apps\virtualbox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000781d20:E:\apps\virtualbox;C:\Windows\system32 [calling]
  1316. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxRT.dll
  1317. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fee6c60000 LB 0x00590000 E:\apps\virtualbox\VBoxRT.dll [fFlags=0x0]
  1318. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxRT.dll
  1319. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll
  1320. 1db4.1c50: supR3HardenedDllNotificationCallback: load 0000000066480000 LB 0x000d2000 E:\apps\virtualbox\MSVCR100.dll [fFlags=0x0]
  1321. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll
  1322. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\msvcp100.dll
  1323. 1db4.1c50: supR3HardenedDllNotificationCallback: load 00000000663e0000 LB 0x00098000 E:\apps\virtualbox\MSVCP100.dll [fFlags=0x0]
  1324. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\msvcp100.dll
  1325. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefe1c0000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
  1326. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
  1327. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefe460000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
  1328. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
  1329. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxRT.dll
  1330. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=E:\apps\virtualbox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  1331. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c60000 'E:\apps\virtualbox\VBoxRT.dll'
  1332. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxRT.dll
  1333. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=E:\apps\virtualbox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  1334. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c60000 'E:\apps\virtualbox\VBoxRT.dll'
  1335. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxRT.dll
  1336. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=E:\apps\virtualbox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  1337. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c60000 'E:\apps\virtualbox\VBoxRT.dll'
  1338. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxRT.dll
  1339. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=E:\apps\virtualbox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  1340. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c60000 'E:\apps\virtualbox\VBoxRT.dll'
  1341. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxRT.dll
  1342. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=E:\apps\virtualbox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  1343. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c60000 'E:\apps\virtualbox\VBoxRT.dll'
  1344. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxRT.dll
  1345. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=E:\apps\virtualbox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  1346. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c60000 'E:\apps\virtualbox\VBoxRT.dll'
  1347. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c60000 'E:\apps\virtualbox\VBoxRT.dll'
  1348. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c60000 'E:\apps\virtualbox\VBoxRT.dll'
  1349. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c60000 'E:\apps\virtualbox\VBoxRT.dll'
  1350. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c60000 'E:\apps\virtualbox\VBoxRT.dll'
  1351. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c60000 'E:\apps\virtualbox\VBoxRT.dll'
  1352. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c60000 'E:\apps\virtualbox\VBoxRT.dll'
  1353. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c60000 'E:\apps\virtualbox\VBoxRT.dll'
  1354. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxRT.dll
  1355. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=E:\apps\virtualbox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  1356. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c60000 'E:\apps\virtualbox\VBoxRT.dll'
  1357. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c60000 'E:\apps\virtualbox\VBoxRT.dll'
  1358. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c60000 'E:\apps\virtualbox\VBoxRT.dll'
  1359. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c60000 'E:\apps\virtualbox\VBoxRT.dll'
  1360. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c60000 'E:\apps\virtualbox\VBoxRT.dll'
  1361. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c60000 'E:\apps\virtualbox\VBoxRT.dll'
  1362. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c60000 'E:\apps\virtualbox\VBoxRT.dll'
  1363. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c60000 'E:\apps\virtualbox\VBoxRT.dll'
  1364. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c60000 'E:\apps\virtualbox\VBoxRT.dll'
  1365. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c60000 'E:\apps\virtualbox\VBoxRT.dll'
  1366. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c60000 'E:\apps\virtualbox\VBoxRT.dll'
  1367. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c60000 'E:\apps\virtualbox\VBoxRT.dll'
  1368. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c60000 'E:\apps\virtualbox\VBoxRT.dll'
  1369. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c60000 'E:\apps\virtualbox\VBoxRT.dll'
  1370. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c60000 'E:\apps\virtualbox\VBoxRT.dll'
  1371. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c60000 'E:\apps\virtualbox\VBoxRT.dll'
  1372. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxRT.dll
  1373. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=E:\apps\virtualbox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000695c50:E:\apps\virtualbox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;E:\apps\Iridium Browser;C:\Program Files (x86)\Google\Chrome\Application;C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\ProgramData\Oracle\Java\javapath;C:\Program Files\Dell\DW WLAN Card;C:\Ruby-install\bin;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\Microsoft SQL Server\110\Tools\Binn;C:\Program Files\WIDCOMM\Bluetooth Software;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files (x86)\Windows Kits\8.1\Windows Performance Toolkit;E:\apps\CMake\bin;E:\apps\PDFtk\bin;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5;E:\apps\MySQL\MySQL Fabric 1.5 ^& MySQL Utilities 1.5\Doctrine extensions for PHP;C:\adb;E:\apps\Tesseract-OCR;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;E:\apps\NodeJS\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;E:\apps\python;E:\apps\Python\Scripts\;E:\apps\Python\;C:\Users\TouchOdeath\AppData\Roaming\npm [calling]
  1374. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c60000 'E:\apps\virtualbox\VBoxRT.dll'
  1375. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c60000 'E:\apps\virtualbox\VBoxRT.dll'
  1376. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c60000 'E:\apps\virtualbox\VBoxRT.dll'
  1377. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c60000 'E:\apps\virtualbox\VBoxRT.dll'
  1378. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
  1379. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000028d9530:C:\Windows\system32 [calling]
  1380. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd980000 'C:\Windows\system32\Wintrust.dll'
  1381. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
  1382. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000028d9530:C:\Windows\system32 [calling]
  1383. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda70000 'C:\Windows\system32\crypt32.dll'
  1384. 1db4.1c50: SUPR3HardenedMain: Load TrustedMain...
  1385. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
  1386. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
  1387. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
  1388. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
  1389. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
  1390. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
  1391. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
  1392. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
  1393. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
  1394. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
  1395. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
  1396. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
  1397. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
  1398. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
  1399. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
  1400. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\apps\virtualbox\VirtualBox.dll) WinVerifyTrust
  1401. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\apps\virtualbox\VirtualBox.dll
  1402. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
  1403. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
  1404. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000480 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
  1405. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1406. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1407. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
  1408. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
  1409. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1410. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
  1411. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
  1412. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
  1413. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
  1414. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  1415. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  1416. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000460 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
  1417. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1418. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1419. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C1D7CC9111C6B5A59641FA11BE0A6A1841FEBBCD
  1420. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2564958~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
  1421. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1422. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
  1423. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
  1424. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
  1425. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
  1426. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
  1427. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
  1428. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
  1429. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  1430. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  1431. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000048c pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
  1432. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1433. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1434. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E64AE329BD5124592BC8CB0B327AA3B95DC65B7
  1435. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
  1436. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1437. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1438. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
  1439. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
  1440. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
  1441. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
  1442. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
  1443. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
  1444. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
  1445. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000498 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
  1446. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1447. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1448. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8D11B9B481EE916E64C94F8ECA71C2995A2999B7
  1449. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2980245~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
  1450. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1451. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1452. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
  1453. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
  1454. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
  1455. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
  1456. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
  1457. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  1458. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  1459. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
  1460. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1461. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1462. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
  1463. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
  1464. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
  1465. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
  1466. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
  1467. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
  1468. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\apps\virtualbox\Qt5OpenGLVBox.dll) WinVerifyTrust
  1469. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\apps\virtualbox\Qt5OpenGLVBox.dll
  1470. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
  1471. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
  1472. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
  1473. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
  1474. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
  1475. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
  1476. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
  1477. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
  1478. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
  1479. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
  1480. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\apps\virtualbox\Qt5PrintSupportVBox.dll) WinVerifyTrust
  1481. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\apps\virtualbox\Qt5PrintSupportVBox.dll
  1482. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
  1483. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
  1484. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
  1485. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
  1486. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
  1487. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
  1488. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
  1489. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
  1490. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
  1491. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\apps\virtualbox\Qt5WidgetsVBox.dll) WinVerifyTrust
  1492. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\apps\virtualbox\Qt5WidgetsVBox.dll
  1493. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
  1494. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
  1495. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
  1496. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
  1497. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
  1498. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
  1499. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
  1500. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
  1501. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
  1502. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\apps\virtualbox\Qt5GuiVBox.dll) WinVerifyTrust
  1503. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\apps\virtualbox\Qt5GuiVBox.dll
  1504. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
  1505. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
  1506. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
  1507. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
  1508. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
  1509. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
  1510. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
  1511. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
  1512. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
  1513. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
  1514. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\apps\virtualbox\Qt5CoreVBox.dll) WinVerifyTrust
  1515. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\apps\virtualbox\Qt5CoreVBox.dll
  1516. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  1517. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
  1518. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll
  1519. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
  1520. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcp100.dll' [rcNtRedir=0xc0150008]
  1521. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\msvcp100.dll
  1522. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  1523. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
  1524. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
  1525. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
  1526. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b8 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
  1527. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1528. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1529. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
  1530. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
  1531. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1532. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1533. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
  1534. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
  1535. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
  1536. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
  1537. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
  1538. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
  1539. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
  1540. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1541. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1542. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
  1543. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
  1544. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ac pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
  1545. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1546. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1547. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
  1548. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
  1549. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1550. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1551. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
  1552. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
  1553. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
  1554. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
  1555. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
  1556. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
  1557. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
  1558. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
  1559. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
  1560. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b4 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
  1561. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1562. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1563. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
  1564. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
  1565. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1566. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1567. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
  1568. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
  1569. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
  1570. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
  1571. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1572. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1573. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
  1574. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  1575. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  1576. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
  1577. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1578. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1579. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  1580. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
  1581. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll
  1582. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
  1583. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcp100.dll' [rcNtRedir=0xc0150008]
  1584. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\msvcp100.dll
  1585. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
  1586. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
  1587. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c8 pwszName=\Device\HarddiskVolume2\Windows\System32\mpr.dll
  1588. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1589. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1590. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F84FE9BA047B24E7694C9E0C349B48B9FD5F925B
  1591. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\mpr.dll'
  1592. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1593. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll) WinVerifyTrust
  1594. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
  1595. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
  1596. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
  1597. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
  1598. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  1599. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  1600. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
  1601. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  1602. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  1603. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
  1604. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
  1605. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
  1606. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
  1607. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1608. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1609. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  1610. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
  1611. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll
  1612. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
  1613. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcp100.dll' [rcNtRedir=0xc0150008]
  1614. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\msvcp100.dll
  1615. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
  1616. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
  1617. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\Qt5CoreVBox.dll
  1618. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1619. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1620. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1621. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1622. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
  1623. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
  1624. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
  1625. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  1626. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  1627. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
  1628. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  1629. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
  1630. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll
  1631. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
  1632. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcp100.dll' [rcNtRedir=0xc0150008]
  1633. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\msvcp100.dll
  1634. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
  1635. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
  1636. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
  1637. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
  1638. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
  1639. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\Qt5CoreVBox.dll
  1640. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
  1641. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
  1642. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\Qt5GuiVBox.dll
  1643. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1644. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1645. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1646. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1647. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  1648. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
  1649. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll
  1650. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
  1651. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
  1652. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d4 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
  1653. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1654. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1655. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
  1656. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
  1657. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1658. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1659. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
  1660. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
  1661. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
  1662. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
  1663. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
  1664. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
  1665. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
  1666. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
  1667. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
  1668. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d8 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
  1669. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1670. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1671. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
  1672. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
  1673. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1674. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1675. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
  1676. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
  1677. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust
  1678. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
  1679. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
  1680. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
  1681. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\Qt5CoreVBox.dll
  1682. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
  1683. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
  1684. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\Qt5GuiVBox.dll
  1685. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
  1686. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
  1687. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\Qt5WidgetsVBox.dll
  1688. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1689. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1690. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1691. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1692. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  1693. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
  1694. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
  1695. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
  1696. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\Qt5CoreVBox.dll
  1697. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
  1698. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
  1699. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\Qt5GuiVBox.dll
  1700. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
  1701. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
  1702. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\Qt5WidgetsVBox.dll
  1703. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1704. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1705. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1706. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1707. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
  1708. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
  1709. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
  1710. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1711. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1712. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1713. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1714. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1715. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1716. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
  1717. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1718. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1719. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1720. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1721. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1722. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1723. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1724. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1725. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1726. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1727. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1728. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1729. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  1730. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  1731. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
  1732. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1733. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1734. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1735. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1736. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1737. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1738. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1739. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1740. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1741. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1742. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
  1743. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
  1744. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
  1745. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
  1746. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
  1747. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004cc pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
  1748. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1749. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1750. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A2FB6B10717AFC03CD9FE6E8F1337A8EA94BF9B
  1751. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2864058~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
  1752. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1753. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
  1754. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
  1755. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
  1756. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
  1757. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
  1758. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1759. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1760. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
  1761. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1762. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1763. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
  1764. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
  1765. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
  1766. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1767. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1768. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1769. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1770. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
  1771. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
  1772. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
  1773. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1774. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1775. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
  1776. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
  1777. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e0 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
  1778. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1779. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1780. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B79EE7B5AD74EF51A849809202E043183A2C727E
  1781. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
  1782. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1783. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1784. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
  1785. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
  1786. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
  1787. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
  1788. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
  1789. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
  1790. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e8 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
  1791. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1792. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1793. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
  1794. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
  1795. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1796. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
  1797. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
  1798. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
  1799. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
  1800. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
  1801. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
  1802. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
  1803. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
  1804. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
  1805. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1806. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1807. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
  1808. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
  1809. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000484 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
  1810. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1811. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1812. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F097BF0B081F54722F0A01EF1CC13AECA64B12F0
  1813. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2847311~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
  1814. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1815. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1816. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
  1817. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
  1818. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
  1819. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
  1820. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1821. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1822. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1823. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1824. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1825. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1826. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1827. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1828. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1829. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1830. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
  1831. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
  1832. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f4 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
  1833. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1834. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1835. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
  1836. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
  1837. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1838. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1839. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
  1840. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
  1841. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
  1842. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  1843. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  1844. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
  1845. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1846. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1847. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1848. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1849. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1850. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1851. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1852. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1853. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
  1854. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
  1855. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004fc pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
  1856. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  1857. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  1858. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
  1859. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
  1860. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  1861. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  1862. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
  1863. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
  1864. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) WinVerifyTrust
  1865. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
  1866. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1867. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1868. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1869. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1870. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1871. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1872. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1873. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1874. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1875. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1876. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  1877. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  1878. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  1879. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  1880. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  1881. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  1882. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1883. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1884. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
  1885. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
  1886. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
  1887. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  1888. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  1889. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=E:\apps\virtualbox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000781d20:E:\apps\virtualbox;C:\Windows\system32 [calling]
  1890. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VirtualBox.dll
  1891. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fed6410000 LB 0x00a06000 E:\apps\virtualbox\VirtualBox.dll [fFlags=0x0]
  1892. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VirtualBox.dll
  1893. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
  1894. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fee74f0000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
  1895. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
  1896. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
  1897. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fee7b70000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
  1898. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
  1899. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
  1900. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fee73f0000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
  1901. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
  1902. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
  1903. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007feed660000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
  1904. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
  1905. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007feff590000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
  1906. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
  1907. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefd8e0000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
  1908. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
  1909. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefdc80000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
  1910. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
  1911. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007feff2b0000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
  1912. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
  1913. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefd9c0000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
  1914. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
  1915. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
  1916. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefbc10000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
  1917. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
  1918. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\Qt5CoreVBox.dll
  1919. 1db4.1c50: supR3HardenedDllNotificationCallback: load 0000000065ce0000 LB 0x00565000 E:\apps\virtualbox\Qt5CoreVBox.dll [fFlags=0x0]
  1920. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\Qt5CoreVBox.dll
  1921. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefe480000 LB 0x00d88000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
  1922. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
  1923. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
  1924. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefc7c0000 LB 0x00018000 C:\Windows\system32\MPR.dll [fFlags=0x0]
  1925. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
  1926. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\Qt5GuiVBox.dll
  1927. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fee6660000 LB 0x005f7000 E:\apps\virtualbox\Qt5GuiVBox.dll [fFlags=0x0]
  1928. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\Qt5GuiVBox.dll
  1929. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\Qt5WidgetsVBox.dll
  1930. 1db4.1c50: supR3HardenedDllNotificationCallback: load 0000000055a20000 LB 0x00561000 E:\apps\virtualbox\Qt5WidgetsVBox.dll [fFlags=0x0]
  1931. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\Qt5WidgetsVBox.dll
  1932. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\Qt5PrintSupportVBox.dll
  1933. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fee7860000 LB 0x00051000 E:\apps\virtualbox\Qt5PrintSupportVBox.dll [fFlags=0x0]
  1934. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\Qt5PrintSupportVBox.dll
  1935. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
  1936. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefb950000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
  1937. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
  1938. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefdf50000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
  1939. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
  1940. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
  1941. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
  1942. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
  1943. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll)
  1944. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll
  1945. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fee63d0000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\COMCTL32.dll [fFlags=0x0]
  1946. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll [avoiding WinVerifyTrust]
  1947. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\Qt5OpenGLVBox.dll
  1948. 1db4.1c50: supR3HardenedDllNotificationCallback: load 0000000066380000 LB 0x00054000 E:\apps\virtualbox\Qt5OpenGLVBox.dll [fFlags=0x0]
  1949. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\Qt5OpenGLVBox.dll
  1950. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
  1951. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fef75c0000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
  1952. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
  1953. 1db4.1c50: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll'.
  1954. 1db4.1c50: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll' [rescheduled]
  1955. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
  1956. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  1957. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  1958. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  1959. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  1960. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  1961. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  1962. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006f5250:E:\apps\virtualbox;C:\Windows\system32 [calling]
  1963. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff770000 'C:\Windows\system32\imm32.dll'
  1964. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde70000 'C:\Windows\system32\ADVAPI32.DLL'
  1965. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
  1966. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
  1967. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd6c0000 'C:\Windows\system32\cryptbase.dll'
  1968. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6410000 'E:\apps\virtualbox\VirtualBox.dll'
  1969. 1db4.1c50: SUPR3HardenedMain: Calling TrustedMain (000007fed64114f0)...
  1970. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
  1971. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000781d20:E:\apps\virtualbox;C:\Windows\system32 [calling]
  1972. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff2b0000 'C:\Windows\system32\ole32.dll'
  1973. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde70000 'C:\Windows\system32\ADVAPI32.dll'
  1974. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
  1975. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000781d20:E:\apps\virtualbox;C:\Windows\system32 [calling]
  1976. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8c0000 'C:\Windows\system32\profapi.dll'
  1977. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
  1978. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
  1979. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
  1980. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
  1981. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
  1982. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
  1983. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
  1984. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
  1985. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
  1986. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
  1987. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
  1988. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\apps\virtualbox\platforms\qwindows.dll) WinVerifyTrust
  1989. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\apps\virtualbox\platforms\qwindows.dll
  1990. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  1991. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
  1992. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
  1993. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
  1994. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\Qt5CoreVBox.dll
  1995. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
  1996. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
  1997. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\Qt5GuiVBox.dll
  1998. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  1999. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  2000. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
  2001. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
  2002. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
  2003. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  2004. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  2005. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
  2006. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
  2007. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
  2008. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
  2009. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
  2010. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
  2011. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
  2012. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2013. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2014. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  2015. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  2016. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
  2017. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  2018. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  2019. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=E:\apps\virtualbox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000781d20:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2020. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\platforms\qwindows.dll
  2021. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fee6530000 LB 0x0012e000 E:\apps\virtualbox\platforms\qwindows.dll [fFlags=0x0]
  2022. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\platforms\qwindows.dll
  2023. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6530000 'E:\apps\virtualbox\platforms\qwindows.dll'
  2024. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
  2025. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000781d20:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2026. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd6c0000 'C:\Windows\system32\CRYPTBASE.dll'
  2027. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000058c pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
  2028. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  2029. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  2030. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
  2031. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
  2032. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  2033. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2034. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
  2035. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
  2036. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
  2037. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
  2038. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  2039. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  2040. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2041. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2042. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2043. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2044. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000737d00:C:\Windows\system32;E:\apps\virtualbox;C:\Windows\system32 [calling]
  2045. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
  2046. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefbfc0000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
  2047. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
  2048. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfc0000 'C:\Windows\system32\uxtheme.dll'
  2049. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
  2050. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000737d00:C:\Windows\system32;E:\apps\virtualbox;C:\Windows\system32 [calling]
  2051. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfc0000 'C:\Windows\system32\uxtheme.dll'
  2052. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
  2053. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000737d00:C:\Windows\system32;E:\apps\virtualbox;C:\Windows\system32 [calling]
  2054. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfc0000 'C:\Windows\system32\uxtheme.dll'
  2055. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
  2056. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000737d00:C:\Windows\system32;E:\apps\virtualbox;C:\Windows\system32 [calling]
  2057. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfc0000 'C:\Windows\system32\uxtheme.dll'
  2058. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077890000 'C:\Windows\system32\user32.dll'
  2059. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
  2060. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006f53a0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2061. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe480000 'C:\Windows\system32\shell32.dll'
  2062. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
  2063. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Windows\system32\wintab32.dll'
  2064. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
  2065. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006f53a0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2066. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  2067. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
  2068. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006f53a0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2069. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  2070. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
  2071. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006f53a0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2072. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe480000 'C:\Windows\system32\shell32.dll'
  2073. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
  2074. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006f53a0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2075. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfc0000 'C:\Windows\system32\uxtheme.dll'
  2076. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde70000 'C:\Windows\system32\advapi32.dll'
  2077. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
  2078. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006f53a0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2079. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda50000 'C:\Windows\system32\userenv.dll'
  2080. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
  2081. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006f53a0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2082. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077990000 'C:\Windows\system32\kernel32.dll'
  2083. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000594 pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
  2084. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  2085. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  2086. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
  2087. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
  2088. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  2089. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2090. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
  2091. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
  2092. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
  2093. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
  2094. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
  2095. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) WinVerifyTrust
  2096. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
  2097. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  2098. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  2099. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  2100. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  2101. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
  2102. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  2103. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  2104. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
  2105. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2106. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2107. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  2108. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  2109. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
  2110. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2111. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2112. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
  2113. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006f53a0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2114. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
  2115. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefdff0000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
  2116. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
  2117. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdff0000 'C:\Windows\system32\CLBCatQ.DLL'
  2118. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde70000 'C:\Windows\system32\ADVAPI32.dll'
  2119. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
  2120. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006f5640:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2121. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0c0000 'C:\Windows\system32\CRYPTSP.dll'
  2122. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005dc pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
  2123. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  2124. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  2125. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
  2126. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
  2127. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  2128. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
  2129. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
  2130. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
  2131. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  2132. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  2133. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000006f56b0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2134. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
  2135. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fefd810000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
  2136. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
  2137. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd810000 'C:\Windows\system32\RpcRtRemote.dll'
  2138. 1db4.fec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  2139. 1db4.fec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
  2140. 1db4.fec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
  2141. 1db4.fec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
  2142. 1db4.fec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
  2143. 1db4.fec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
  2144. 1db4.fec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\apps\virtualbox\VBoxC.dll) WinVerifyTrust
  2145. 1db4.fec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\apps\virtualbox\VBoxC.dll
  2146. 1db4.fec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  2147. 1db4.fec: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  2148. 1db4.fec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
  2149. 1db4.fec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  2150. 1db4.fec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  2151. 1db4.fec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
  2152. 1db4.fec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  2153. 1db4.fec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  2154. 1db4.fec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  2155. 1db4.fec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
  2156. 1db4.fec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
  2157. 1db4.fec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcp100.dll' [rcNtRedir=0xc0150008]
  2158. 1db4.fec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\msvcp100.dll
  2159. 1db4.fec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  2160. 1db4.fec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
  2161. 1db4.fec: supR3HardenedMonitor_LdrLoadDll: pName=E:\apps\virtualbox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000738720:E:\apps\virtualbox;E:\apps\virtualbox;C:\Windows\system32 [calling]
  2162. 1db4.fec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxC.dll
  2163. 1db4.fec: supR3HardenedDllNotificationCallback: load 000007fedc0c0000 LB 0x00545000 E:\apps\virtualbox\VBoxC.dll [fFlags=0x0]
  2164. 1db4.fec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxC.dll
  2165. 1db4.fec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc0c0000 'E:\apps\virtualbox\VBoxC.dll'
  2166. 1db4.fec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  2167. 1db4.fec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
  2168. 1db4.fec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
  2169. 1db4.fec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
  2170. 1db4.fec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
  2171. 1db4.fec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
  2172. 1db4.fec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
  2173. 1db4.fec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\apps\virtualbox\VBoxProxyStub.dll) WinVerifyTrust
  2174. 1db4.fec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\apps\virtualbox\VBoxProxyStub.dll
  2175. 1db4.fec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  2176. 1db4.fec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  2177. 1db4.fec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  2178. 1db4.fec: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  2179. 1db4.fec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
  2180. 1db4.fec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  2181. 1db4.fec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  2182. 1db4.fec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
  2183. 1db4.fec: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
  2184. 1db4.fec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
  2185. 1db4.fec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  2186. 1db4.fec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  2187. 1db4.fec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  2188. 1db4.fec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
  2189. 1db4.fec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  2190. 1db4.fec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
  2191. 1db4.fec: supR3HardenedMonitor_LdrLoadDll: pName=E:\apps\virtualbox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007388d0:E:\apps\virtualbox;E:\apps\virtualbox;C:\Windows\system32 [calling]
  2192. 1db4.fec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxProxyStub.dll
  2193. 1db4.fec: supR3HardenedDllNotificationCallback: load 000007fee6470000 LB 0x000ba000 E:\apps\virtualbox\VBoxProxyStub.dll [fFlags=0x0]
  2194. 1db4.fec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxProxyStub.dll
  2195. 1db4.fec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6470000 'E:\apps\virtualbox\VBoxProxyStub.dll'
  2196. 1db4.fec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
  2197. 1db4.fec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007388d0:C:\Windows\system32;E:\apps\virtualbox;C:\Windows\system32 [calling]
  2198. 1db4.fec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc80000 'C:\Windows\system32\oleaut32.dll'
  2199. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde70000 'C:\Windows\system32\ADVAPI32.dll'
  2200. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe130000 'C:\Windows\system32\gdi32.dll'
  2201. 1db4.7ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  2202. 1db4.7ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
  2203. 1db4.7ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
  2204. 1db4.7ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
  2205. 1db4.7ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  2206. 1db4.7ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
  2207. 1db4.7ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  2208. 1db4.7ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
  2209. 1db4.7ec: supR3HardenedMonitor_LdrLoadDll: pName=E:\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002f9f340:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2210. 1db4.7ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
  2211. 1db4.7ec: supR3HardenedDllNotificationCallback: load 000007fefc030000 LB 0x0000e000 E:\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
  2212. 1db4.7ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
  2213. 1db4.7ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc030000 'E:\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
  2214. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
  2215. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003001d70:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2216. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe480000 'C:\Windows\system32\shell32.dll'
  2217. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
  2218. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8e590:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2219. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbc10000 'C:\Windows\system32\dwmapi.dll'
  2220. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde70000 'C:\Windows\system32\ADVAPI32.dll'
  2221. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff2b0000 'C:\Windows\system32\ole32.dll'
  2222. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff2b0000 'C:\Windows\system32\ole32.dll'
  2223. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
  2224. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8e830:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2225. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc80000 'C:\Windows\system32\OLEAUT32.dll'
  2226. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000097c pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
  2227. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  2228. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  2229. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
  2230. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
  2231. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  2232. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2233. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
  2234. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
  2235. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
  2236. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
  2237. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
  2238. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
  2239. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
  2240. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
  2241. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
  2242. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
  2243. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  2244. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  2245. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  2246. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  2247. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  2248. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  2249. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
  2250. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
  2251. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000980 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
  2252. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  2253. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  2254. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
  2255. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
  2256. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  2257. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2258. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
  2259. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
  2260. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
  2261. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
  2262. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
  2263. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
  2264. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2265. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2266. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
  2267. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
  2268. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
  2269. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2270. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2271. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
  2272. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  2273. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  2274. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  2275. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  2276. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2277. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2278. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002930f40:C:\Windows\system32\wbem;E:\apps\virtualbox;C:\Windows\system32 [calling]
  2279. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
  2280. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fef6b40000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
  2281. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
  2282. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
  2283. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fef6dc0000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
  2284. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
  2285. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b40000 'C:\Windows\system32\wbem\wbemprox.dll'
  2286. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009a8 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
  2287. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  2288. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  2289. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
  2290. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
  2291. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  2292. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2293. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
  2294. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
  2295. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
  2296. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  2297. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  2298. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
  2299. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2300. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2301. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002931080:C:\Windows\system32\wbem;E:\apps\virtualbox;C:\Windows\system32 [calling]
  2302. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
  2303. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007feed4a0000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
  2304. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
  2305. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed4a0000 'C:\Windows\system32\wbem\wbemsvc.dll'
  2306. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009ac pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
  2307. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  2308. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  2309. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
  2310. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
  2311. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  2312. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2313. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
  2314. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
  2315. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
  2316. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
  2317. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
  2318. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
  2319. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
  2320. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
  2321. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
  2322. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000098c pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
  2323. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  2324. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  2325. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
  2326. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll'
  2327. 1db4.1c50: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  2328. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2329. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
  2330. 1db4.1c50: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
  2331. 1db4.1c50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll) WinVerifyTrust
  2332. 1db4.1c50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
  2333. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  2334. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  2335. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  2336. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  2337. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  2338. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  2339. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
  2340. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
  2341. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
  2342. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2343. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2344. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
  2345. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
  2346. 1db4.1c50: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
  2347. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  2348. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  2349. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2350. 1db4.1c50: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2351. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002931080:C:\Windows\system32\wbem;E:\apps\virtualbox;C:\Windows\system32 [calling]
  2352. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
  2353. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fef6b50000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
  2354. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
  2355. 1db4.1c50: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
  2356. 1db4.1c50: supR3HardenedDllNotificationCallback: load 000007fef6d50000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
  2357. 1db4.1c50: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
  2358. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b50000 'C:\Windows\system32\wbem\fastprox.dll'
  2359. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc80000 'C:\Windows\system32\OLEAUT32.dll'
  2360. 1db4.18d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  2361. 1db4.18d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
  2362. 1db4.18d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
  2363. 1db4.18d0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\apps\virtualbox\VBoxVMM.dll) WinVerifyTrust
  2364. 1db4.18d0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\apps\virtualbox\VBoxVMM.dll
  2365. 1db4.18d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  2366. 1db4.18d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
  2367. 1db4.18d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
  2368. 1db4.18d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\vboxrem.dll' [rcNtRedir=0xc0150008]
  2369. 1db4.18d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
  2370. 1db4.18d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
  2371. 1db4.18d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
  2372. 1db4.18d0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\apps\virtualbox\VBoxREM.dll) WinVerifyTrust
  2373. 1db4.18d0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\apps\virtualbox\VBoxREM.dll
  2374. 1db4.18d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  2375. 1db4.18d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
  2376. 1db4.18d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2377. 1db4.18d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2378. 1db4.18d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
  2379. 1db4.18d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\vboxvmm.dll' [rcNtRedir=0xc0150008]
  2380. 1db4.18d0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxVMM.dll
  2381. 1db4.18d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  2382. 1db4.18d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
  2383. 1db4.18d0: supR3HardenedMonitor_LdrLoadDll: pName=E:\apps\virtualbox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8ea60:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2384. 1db4.18d0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxVMM.dll
  2385. 1db4.18d0: supR3HardenedDllNotificationCallback: load 000007fedab50000 LB 0x002c9000 E:\apps\virtualbox\VBoxVMM.DLL [fFlags=0x0]
  2386. 1db4.18d0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxVMM.dll
  2387. 1db4.18d0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxREM.dll
  2388. 1db4.18d0: supR3HardenedDllNotificationCallback: load 0000000057430000 LB 0x0010b000 E:\apps\virtualbox\VBoxREM.dll [fFlags=0x0]
  2389. 1db4.18d0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxREM.dll
  2390. 1db4.18d0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedab50000 'E:\apps\virtualbox\VBoxVMM.DLL'
  2391. 1db4.1e00: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  2392. 1db4.1e00: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
  2393. 1db4.1e00: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
  2394. 1db4.1e00: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
  2395. 1db4.1e00: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\apps\virtualbox\VBoxSharedClipboard.dll) WinVerifyTrust
  2396. 1db4.1e00: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\apps\virtualbox\VBoxSharedClipboard.dll
  2397. 1db4.1e00: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2398. 1db4.1e00: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2399. 1db4.1e00: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  2400. 1db4.1e00: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
  2401. 1db4.1e00: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
  2402. 1db4.1e00: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\vboxvmm.dll' [rcNtRedir=0xc0150008]
  2403. 1db4.1e00: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxVMM.dll
  2404. 1db4.1e00: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  2405. 1db4.1e00: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
  2406. 1db4.1e00: supR3HardenedMonitor_LdrLoadDll: pName=E:\apps\virtualbox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8fbe0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2407. 1db4.1e00: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxSharedClipboard.dll
  2408. 1db4.1e00: supR3HardenedDllNotificationCallback: load 000007feed910000 LB 0x0000b000 E:\apps\virtualbox\VBoxSharedClipboard.DLL [fFlags=0x0]
  2409. 1db4.1e00: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxSharedClipboard.dll
  2410. 1db4.1e00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed910000 'E:\apps\virtualbox\VBoxSharedClipboard.DLL'
  2411. 1db4.1e00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077890000 'C:\Windows\system32\User32.dll'
  2412. 1db4.12cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  2413. 1db4.12cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
  2414. 1db4.12cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
  2415. 1db4.12cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\apps\virtualbox\VBoxDragAndDropSvc.dll) WinVerifyTrust
  2416. 1db4.12cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\apps\virtualbox\VBoxDragAndDropSvc.dll
  2417. 1db4.12cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  2418. 1db4.12cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
  2419. 1db4.12cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
  2420. 1db4.12cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcp100.dll' [rcNtRedir=0xc0150008]
  2421. 1db4.12cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\msvcp100.dll
  2422. 1db4.12cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  2423. 1db4.12cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
  2424. 1db4.12cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll
  2425. 1db4.12cc: supR3HardenedMonitor_LdrLoadDll: pName=E:\apps\virtualbox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8fbe0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2426. 1db4.12cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxDragAndDropSvc.dll
  2427. 1db4.12cc: supR3HardenedDllNotificationCallback: load 000007feed900000 LB 0x0000d000 E:\apps\virtualbox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
  2428. 1db4.12cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxDragAndDropSvc.dll
  2429. 1db4.12cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed900000 'E:\apps\virtualbox\VBoxDragAndDropSvc.DLL'
  2430. 1db4.560: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  2431. 1db4.560: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
  2432. 1db4.560: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
  2433. 1db4.560: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\apps\virtualbox\VBoxGuestPropSvc.dll) WinVerifyTrust
  2434. 1db4.560: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\apps\virtualbox\VBoxGuestPropSvc.dll
  2435. 1db4.560: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  2436. 1db4.560: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
  2437. 1db4.560: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
  2438. 1db4.560: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcp100.dll' [rcNtRedir=0xc0150008]
  2439. 1db4.560: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  2440. 1db4.560: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
  2441. 1db4.560: supR3HardenedMonitor_LdrLoadDll: pName=E:\apps\virtualbox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8fbe0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2442. 1db4.560: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxGuestPropSvc.dll
  2443. 1db4.560: supR3HardenedDllNotificationCallback: load 000007feed8f0000 LB 0x0000c000 E:\apps\virtualbox\VBoxGuestPropSvc.DLL [fFlags=0x0]
  2444. 1db4.560: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxGuestPropSvc.dll
  2445. 1db4.560: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed8f0000 'E:\apps\virtualbox\VBoxGuestPropSvc.DLL'
  2446. 1db4.1954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  2447. 1db4.1954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
  2448. 1db4.1954: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
  2449. 1db4.1954: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\apps\virtualbox\VBoxGuestControlSvc.dll) WinVerifyTrust
  2450. 1db4.1954: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\apps\virtualbox\VBoxGuestControlSvc.dll
  2451. 1db4.1954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  2452. 1db4.1954: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
  2453. 1db4.1954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
  2454. 1db4.1954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcp100.dll' [rcNtRedir=0xc0150008]
  2455. 1db4.1954: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  2456. 1db4.1954: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
  2457. 1db4.1954: supR3HardenedMonitor_LdrLoadDll: pName=E:\apps\virtualbox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8fd30:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2458. 1db4.1954: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxGuestControlSvc.dll
  2459. 1db4.1954: supR3HardenedDllNotificationCallback: load 000007feed8e0000 LB 0x0000b000 E:\apps\virtualbox\VBoxGuestControlSvc.DLL [fFlags=0x0]
  2460. 1db4.1954: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxGuestControlSvc.dll
  2461. 1db4.1954: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed8e0000 'E:\apps\virtualbox\VBoxGuestControlSvc.DLL'
  2462. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe480000 'C:\Windows\system32\Shell32.dll'
  2463. 1db4.e4c: supR3HardenedIsApiSetDll: '<NULL>' -> true
  2464. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000003d8fd30:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2465. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe110000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
  2466. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxVMM.dll
  2467. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=E:\apps\virtualbox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8f080:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2468. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedab50000 'E:\apps\virtualbox\VBoxVMM.DLL'
  2469. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  2470. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
  2471. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
  2472. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
  2473. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
  2474. 1db4.e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
  2475. 1db4.e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
  2476. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  2477. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  2478. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  2479. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  2480. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2481. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2482. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  2483. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
  2484. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  2485. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
  2486. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=E:\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8f080:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2487. 1db4.e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
  2488. 1db4.e4c: supR3HardenedDllNotificationCallback: load 000007feeb310000 LB 0x00041000 E:\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
  2489. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
  2490. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb310000 'E:\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
  2491. 1db4.e4c: supR3HardenedDllNotificationCallback: Unload 000007feeb310000 LB 0x00041000 E:\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
  2492. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  2493. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
  2494. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
  2495. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
  2496. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
  2497. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
  2498. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
  2499. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
  2500. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
  2501. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
  2502. 1db4.e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\apps\virtualbox\VBoxDD.dll) WinVerifyTrust
  2503. 1db4.e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\apps\virtualbox\VBoxDD.dll
  2504. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
  2505. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
  2506. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bf4 pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
  2507. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  2508. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  2509. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
  2510. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
  2511. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  2512. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2513. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
  2514. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
  2515. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
  2516. 1db4.e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
  2517. 1db4.e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
  2518. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  2519. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  2520. 1db4.e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
  2521. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
  2522. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
  2523. 1db4.e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
  2524. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
  2525. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
  2526. 1db4.e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
  2527. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2528. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2529. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
  2530. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\vboxdd2.dll' [rcNtRedir=0xc0150008]
  2531. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  2532. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
  2533. 1db4.e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\apps\virtualbox\VBoxDD2.dll) WinVerifyTrust
  2534. 1db4.e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\apps\virtualbox\VBoxDD2.dll
  2535. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
  2536. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\vboxddu.dll' [rcNtRedir=0xc0150008]
  2537. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  2538. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
  2539. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
  2540. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
  2541. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
  2542. 1db4.e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\apps\virtualbox\VBoxDDU.dll) WinVerifyTrust
  2543. 1db4.e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\apps\virtualbox\VBoxDDU.dll
  2544. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  2545. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
  2546. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
  2547. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\vboxvmm.dll' [rcNtRedir=0xc0150008]
  2548. 1db4.e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxVMM.dll
  2549. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  2550. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
  2551. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  2552. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  2553. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
  2554. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
  2555. 1db4.e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
  2556. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2557. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2558. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  2559. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
  2560. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  2561. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
  2562. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  2563. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
  2564. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  2565. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
  2566. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  2567. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  2568. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
  2569. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
  2570. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000be0 pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll
  2571. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  2572. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  2573. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91
  2574. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
  2575. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  2576. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2577. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
  2578. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
  2579. 1db4.e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust
  2580. 1db4.e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
  2581. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
  2582. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
  2583. 1db4.e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
  2584. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2585. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2586. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
  2587. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
  2588. 1db4.e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
  2589. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  2590. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  2591. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2592. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2593. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=E:\apps\virtualbox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8ea60:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2594. 1db4.e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxDD.dll
  2595. 1db4.e4c: supR3HardenedDllNotificationCallback: load 000007fed57b0000 LB 0x009c3000 E:\apps\virtualbox\VBoxDD.DLL [fFlags=0x0]
  2596. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxDD.dll
  2597. 1db4.e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxDDU.dll
  2598. 1db4.e4c: supR3HardenedDllNotificationCallback: load 000007fee76d0000 LB 0x00063000 E:\apps\virtualbox\VBoxDDU.dll [fFlags=0x0]
  2599. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxDDU.dll
  2600. 1db4.e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxDD2.dll
  2601. 1db4.e4c: supR3HardenedDllNotificationCallback: load 000007feeb300000 LB 0x0005d000 E:\apps\virtualbox\VBoxDD2.dll [fFlags=0x0]
  2602. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxDD2.dll
  2603. 1db4.e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
  2604. 1db4.e4c: supR3HardenedDllNotificationCallback: load 000007fefb3a0000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0]
  2605. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
  2606. 1db4.e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
  2607. 1db4.e4c: supR3HardenedDllNotificationCallback: load 000007fefb300000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0]
  2608. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
  2609. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed57b0000 'E:\apps\virtualbox\VBoxDD.DLL'
  2610. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
  2611. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=E:\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8ea60:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2612. 1db4.e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
  2613. 1db4.e4c: supR3HardenedDllNotificationCallback: load 000007fee7be0000 LB 0x00041000 E:\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
  2614. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
  2615. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7be0000 'E:\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
  2616. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxC.dll
  2617. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=E:\apps\virtualbox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8ea60:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2618. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc0c0000 'E:\apps\virtualbox\VBoxC.DLL'
  2619. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxDD2.dll
  2620. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=E:\apps\virtualbox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8ea60:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2621. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb300000 'E:\apps\virtualbox\VBoxDD2.DLL'
  2622. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  2623. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
  2624. 1db4.e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
  2625. 1db4.e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
  2626. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  2627. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
  2628. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  2629. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
  2630. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=E:\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8ea60:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2631. 1db4.e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
  2632. 1db4.e4c: supR3HardenedDllNotificationCallback: load 000007feed8c0000 LB 0x0001f000 E:\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
  2633. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
  2634. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed8c0000 'E:\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
  2635. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  2636. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
  2637. 1db4.e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
  2638. 1db4.e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
  2639. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  2640. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
  2641. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  2642. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
  2643. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=E:\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8ea60:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2644. 1db4.e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
  2645. 1db4.e4c: supR3HardenedDllNotificationCallback: load 000007feeb2e0000 LB 0x00018000 E:\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
  2646. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
  2647. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb2e0000 'E:\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
  2648. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  2649. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
  2650. 1db4.e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
  2651. 1db4.e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
  2652. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  2653. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
  2654. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  2655. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
  2656. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=E:\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8ea60:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2657. 1db4.e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
  2658. 1db4.e4c: supR3HardenedDllNotificationCallback: load 000007feeb2c0000 LB 0x00018000 E:\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
  2659. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
  2660. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb2c0000 'E:\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
  2661. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  2662. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
  2663. 1db4.e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
  2664. 1db4.e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
  2665. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  2666. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
  2667. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  2668. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
  2669. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=E:\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8ea60:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2670. 1db4.e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
  2671. 1db4.e4c: supR3HardenedDllNotificationCallback: load 000007feeb250000 LB 0x00019000 E:\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
  2672. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
  2673. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb250000 'E:\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
  2674. 1db4.1d4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  2675. 1db4.1d4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
  2676. 1db4.1d4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
  2677. 1db4.1d4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\apps\virtualbox\VBoxSharedFolders.dll) WinVerifyTrust
  2678. 1db4.1d4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\apps\virtualbox\VBoxSharedFolders.dll
  2679. 1db4.1d4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  2680. 1db4.1d4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
  2681. 1db4.1d4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
  2682. 1db4.1d4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\vboxvmm.dll' [rcNtRedir=0xc0150008]
  2683. 1db4.1d4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxVMM.dll
  2684. 1db4.1d4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  2685. 1db4.1d4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
  2686. 1db4.1d4c: supR3HardenedMonitor_LdrLoadDll: pName=E:\apps\virtualbox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8ea60:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2687. 1db4.1d4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxSharedFolders.dll
  2688. 1db4.1d4c: supR3HardenedDllNotificationCallback: load 000007feeb240000 LB 0x0000d000 E:\apps\virtualbox\VBoxSharedFolders.DLL [fFlags=0x0]
  2689. 1db4.1d4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\VBoxSharedFolders.dll
  2690. 1db4.1d4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb240000 'E:\apps\virtualbox\VBoxSharedFolders.DLL'
  2691. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
  2692. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
  2693. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
  2694. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
  2695. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
  2696. 1db4.e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume7\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
  2697. 1db4.e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume7\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
  2698. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
  2699. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
  2700. 1db4.e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
  2701. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  2702. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  2703. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2704. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2705. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
  2706. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
  2707. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
  2708. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume7\apps\virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
  2709. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=E:\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8ea60:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2710. 1db4.e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
  2711. 1db4.e4c: supR3HardenedDllNotificationCallback: load 000007fee6300000 LB 0x000cc000 E:\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
  2712. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume7\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
  2713. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6300000 'E:\apps\virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
  2714. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
  2715. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8ea60:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2716. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb3a0000 'C:\Windows\system32\Iphlpapi.dll'
  2717. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d44 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
  2718. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  2719. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  2720. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A719769A21133C3F89F7BEA09AB706365F35DF8F
  2721. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_26_for_KB2763523~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
  2722. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  2723. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2724. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
  2725. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
  2726. 1db4.e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll) WinVerifyTrust
  2727. 1db4.e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
  2728. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
  2729. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
  2730. 1db4.e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
  2731. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  2732. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  2733. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2734. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2735. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dhcpcsvc6.DLL (Input=dhcpcsvc6.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8e7c0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2736. 1db4.e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
  2737. 1db4.e4c: supR3HardenedDllNotificationCallback: load 000007fef8f30000 LB 0x00011000 C:\Windows\system32\dhcpcsvc6.DLL [fFlags=0x0]
  2738. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
  2739. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8f30000 'C:\Windows\system32\dhcpcsvc6.DLL'
  2740. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
  2741. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8e7c0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2742. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb3a0000 'C:\Windows\system32\IPHLPAPI.DLL'
  2743. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d68 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
  2744. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  2745. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  2746. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D89E2D6AED9A19082ECA108BEEF81A904C7A9756
  2747. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
  2748. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  2749. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2750. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
  2751. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
  2752. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
  2753. 1db4.e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll) WinVerifyTrust
  2754. 1db4.e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
  2755. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
  2756. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
  2757. 1db4.e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
  2758. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
  2759. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
  2760. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  2761. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  2762. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2763. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2764. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dhcpcsvc.DLL (Input=dhcpcsvc.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8e7c0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2765. 1db4.e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
  2766. 1db4.e4c: supR3HardenedDllNotificationCallback: load 000007fef8e00000 LB 0x00018000 C:\Windows\system32\dhcpcsvc.DLL [fFlags=0x0]
  2767. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
  2768. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8e00000 'C:\Windows\system32\dhcpcsvc.DLL'
  2769. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
  2770. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8e7c0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2771. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb3a0000 'C:\Windows\system32\IPHLPAPI.DLL'
  2772. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000dd8 pwszName=\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
  2773. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  2774. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  2775. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=704F97298D44B8146C54067788F597E0BF365197
  2776. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll'
  2777. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  2778. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2779. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
  2780. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
  2781. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
  2782. 1db4.e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
  2783. 1db4.e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
  2784. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
  2785. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
  2786. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ddc pwszName=\Device\HarddiskVolume2\Windows\System32\propsys.dll
  2787. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  2788. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  2789. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A1594E841359779EF7EA7EBCF775D89F55388D3
  2790. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\propsys.dll'
  2791. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  2792. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2793. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
  2794. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
  2795. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
  2796. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
  2797. 1db4.e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
  2798. 1db4.e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
  2799. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  2800. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  2801. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2802. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2803. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2804. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2805. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  2806. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  2807. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2808. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2809. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  2810. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  2811. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  2812. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  2813. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2814. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2815. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fa0df0:C:\Windows\System32;E:\apps\virtualbox;C:\Windows\system32 [calling]
  2816. 1db4.e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
  2817. 1db4.e4c: supR3HardenedDllNotificationCallback: load 000007fefc040000 LB 0x0004b000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
  2818. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
  2819. 1db4.e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
  2820. 1db4.e4c: supR3HardenedDllNotificationCallback: load 000007fefc170000 LB 0x0012c000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0]
  2821. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
  2822. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde70000 'C:\Windows\system32\ADVAPI32.dll'
  2823. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc040000 'C:\Windows\System32\MMDevApi.dll'
  2824. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff2b0000 'C:\Windows\system32\ole32.dll'
  2825. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
  2826. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8f080:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2827. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff590000 'C:\Windows\system32\SETUPAPI.dll'
  2828. 1db4.c88: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
  2829. 1db4.c88: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8f080:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2830. 1db4.c88: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8e0000 'C:\Windows\system32\CFGMGR32.dll'
  2831. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e40 pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
  2832. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  2833. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  2834. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6C3E3D9F8B48D816E52C31576FFFD4AF86AB813
  2835. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
  2836. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  2837. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2838. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
  2839. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
  2840. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
  2841. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
  2842. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
  2843. 1db4.e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
  2844. 1db4.e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
  2845. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
  2846. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
  2847. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e44 pwszName=\Device\HarddiskVolume2\Windows\System32\powrprof.dll
  2848. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  2849. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  2850. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0B7DE18787DB24DAD3580634869A9A8FF4AB48F
  2851. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\powrprof.dll'
  2852. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  2853. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2854. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
  2855. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
  2856. 1db4.e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll) WinVerifyTrust
  2857. 1db4.e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
  2858. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
  2859. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
  2860. 1db4.e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
  2861. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  2862. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  2863. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  2864. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  2865. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2866. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2867. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2868. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2869. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
  2870. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
  2871. 1db4.e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
  2872. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  2873. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  2874. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2875. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2876. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002fa0df0:C:\Windows\System32;E:\apps\virtualbox;C:\Windows\system32 [calling]
  2877. 1db4.e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
  2878. 1db4.e4c: supR3HardenedDllNotificationCallback: load 000007fee7360000 LB 0x00088000 C:\Windows\System32\dsound.dll [fFlags=0x0]
  2879. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
  2880. 1db4.e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
  2881. 1db4.e4c: supR3HardenedDllNotificationCallback: load 000007fefc090000 LB 0x0002c000 C:\Windows\System32\POWRPROF.dll [fFlags=0x0]
  2882. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
  2883. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
  2884. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8f1d0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2885. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\System32\dsound.dll'
  2886. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\System32\dsound.dll'
  2887. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
  2888. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8f1d0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2889. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  2890. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
  2891. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8f1d0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2892. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe270000 'C:\Windows\system32\SHLWAPI.dll'
  2893. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
  2894. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8f1d0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2895. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc040000 'C:\Windows\system32\MMDEVAPI.DLL'
  2896. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff2b0000 'C:\Windows\system32\ole32.dll'
  2897. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
  2898. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8f1d0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2899. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  2900. 1db4.e4c: supR3HardenedIsApiSetDll: '<NULL>' -> true
  2901. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000003d8f1d0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2902. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe110000 'API-MS-WIN-Service-Management-L1-1-0.dll'
  2903. 1db4.e4c: supR3HardenedIsApiSetDll: '<NULL>' -> true
  2904. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000003d8f1d0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2905. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe110000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
  2906. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffc90000 'C:\Windows\system32\RPCRT4.dll'
  2907. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
  2908. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8f1d0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2909. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc040000 'C:\Windows\system32\MMDevAPI.DLL'
  2910. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e50 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
  2911. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  2912. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  2913. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4B64306F5558D2DEC53CF11AAF17F02438929FDD
  2914. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
  2915. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  2916. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2917. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
  2918. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
  2919. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
  2920. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
  2921. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ksuser.dll'.
  2922. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
  2923. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'avrt.dll'.
  2924. 1db4.e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
  2925. 1db4.e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
  2926. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
  2927. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
  2928. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e7c pwszName=\Device\HarddiskVolume2\Windows\System32\avrt.dll
  2929. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  2930. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  2931. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1362C343929DD08AB918B38DE195D1A11B1D1365
  2932. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\avrt.dll'
  2933. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  2934. 1db4.e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
  2935. 1db4.e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
  2936. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
  2937. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
  2938. 1db4.e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
  2939. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
  2940. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
  2941. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e80 pwszName=\Device\HarddiskVolume2\Windows\System32\ksuser.dll
  2942. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  2943. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  2944. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EC3873F9ACBE279185D3540F02128F42D21D0856
  2945. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ksuser.dll'
  2946. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  2947. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2948. 1db4.e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
  2949. 1db4.e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
  2950. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
  2951. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
  2952. 1db4.e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
  2953. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  2954. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  2955. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  2956. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  2957. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  2958. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  2959. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2960. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2961. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  2962. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  2963. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8f1d0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2964. 1db4.e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
  2965. 1db4.e4c: supR3HardenedDllNotificationCallback: load 000007fee7a70000 LB 0x0003b000 C:\Windows\system32\wdmaud.drv [fFlags=0x0]
  2966. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
  2967. 1db4.e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
  2968. 1db4.e4c: supR3HardenedDllNotificationCallback: load 0000000071710000 LB 0x00006000 C:\Windows\system32\ksuser.dll [fFlags=0x0]
  2969. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
  2970. 1db4.e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
  2971. 1db4.e4c: supR3HardenedDllNotificationCallback: load 000007fefbfb0000 LB 0x00009000 C:\Windows\system32\AVRT.dll [fFlags=0x0]
  2972. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
  2973. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7a70000 'C:\Windows\system32\wdmaud.drv'
  2974. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
  2975. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8f1d0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2976. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7a70000 'C:\Windows\system32\wdmaud.drv'
  2977. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
  2978. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8f1d0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2979. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7a70000 'C:\Windows\system32\wdmaud.drv'
  2980. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
  2981. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8f1d0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2982. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7a70000 'C:\Windows\system32\wdmaud.drv'
  2983. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
  2984. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8f1d0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  2985. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7a70000 'C:\Windows\system32\wdmaud.drv'
  2986. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ea8 pwszName=\Device\HarddiskVolume2\Windows\System32\AudioSes.dll
  2987. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  2988. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  2989. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1B5BCEE9F60F75E176D19C778D9B6CD5DBEB84BB
  2990. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\AudioSes.dll'
  2991. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  2992. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  2993. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
  2994. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
  2995. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
  2996. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
  2997. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
  2998. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
  2999. 1db4.e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
  3000. 1db4.e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
  3001. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
  3002. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
  3003. 1db4.e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
  3004. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  3005. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  3006. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  3007. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  3008. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
  3009. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
  3010. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
  3011. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
  3012. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  3013. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  3014. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3015. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3016. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8f1d0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  3017. 1db4.e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
  3018. 1db4.e4c: supR3HardenedDllNotificationCallback: load 000007feece80000 LB 0x0004f000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0]
  3019. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
  3020. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feece80000 'C:\Windows\system32\AUDIOSES.DLL'
  3021. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
  3022. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8f0f0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  3023. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7a70000 'C:\Windows\system32\wdmaud.drv'
  3024. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
  3025. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8f0f0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  3026. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7a70000 'C:\Windows\system32\wdmaud.drv'
  3027. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7a70000 'C:\Windows\system32\wdmaud.drv'
  3028. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e88 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
  3029. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  3030. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  3031. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=522563F5384AD4C93CF5CF4EEA899D3267552328
  3032. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
  3033. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  3034. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3035. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
  3036. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
  3037. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
  3038. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
  3039. 1db4.e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
  3040. 1db4.e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
  3041. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
  3042. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
  3043. 1db4.e4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
  3044. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
  3045. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
  3046. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000eb4 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.dll
  3047. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  3048. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  3049. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCA0A8AEE81B82C402AA72A300B2C8D2DC17C1DA
  3050. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.dll'
  3051. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  3052. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3053. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
  3054. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
  3055. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
  3056. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
  3057. 1db4.e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
  3058. 1db4.e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
  3059. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
  3060. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
  3061. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  3062. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  3063. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3064. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3065. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
  3066. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
  3067. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
  3068. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
  3069. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  3070. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  3071. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
  3072. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
  3073. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3074. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3075. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8f0f0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  3076. 1db4.e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
  3077. 1db4.e4c: supR3HardenedDllNotificationCallback: load 000007feeb210000 LB 0x0000a000 C:\Windows\system32\msacm32.drv [fFlags=0x0]
  3078. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
  3079. 1db4.e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
  3080. 1db4.e4c: supR3HardenedDllNotificationCallback: load 000007fee7a50000 LB 0x00018000 C:\Windows\system32\MSACM32.dll [fFlags=0x0]
  3081. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
  3082. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb210000 'C:\Windows\system32\msacm32.drv'
  3083. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
  3084. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8f0f0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  3085. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb210000 'C:\Windows\system32\msacm32.drv'
  3086. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
  3087. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8f0f0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  3088. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb210000 'C:\Windows\system32\msacm32.drv'
  3089. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
  3090. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8f0f0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  3091. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb210000 'C:\Windows\system32\msacm32.drv'
  3092. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
  3093. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8f0f0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  3094. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb210000 'C:\Windows\system32\msacm32.drv'
  3095. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
  3096. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8f0f0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  3097. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb210000 'C:\Windows\system32\msacm32.drv'
  3098. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
  3099. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8f0f0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  3100. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb210000 'C:\Windows\system32\msacm32.drv'
  3101. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb210000 'C:\Windows\system32\msacm32.drv'
  3102. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb210000 'C:\Windows\system32\msacm32.drv'
  3103. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb210000 'C:\Windows\system32\msacm32.drv'
  3104. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e98 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
  3105. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  3106. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  3107. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43116C5C719A4751DA70B12932084D73D7AACEA3
  3108. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
  3109. 1db4.e4c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  3110. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3111. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
  3112. 1db4.e4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
  3113. 1db4.e4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
  3114. 1db4.e4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
  3115. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
  3116. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
  3117. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  3118. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  3119. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3120. 1db4.e4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3121. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8f0f0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  3122. 1db4.e4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
  3123. 1db4.e4c: supR3HardenedDllNotificationCallback: load 000007fee7bd0000 LB 0x00009000 C:\Windows\system32\midimap.dll [fFlags=0x0]
  3124. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
  3125. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7bd0000 'C:\Windows\system32\midimap.dll'
  3126. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
  3127. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8f0f0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  3128. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7bd0000 'C:\Windows\system32\midimap.dll'
  3129. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
  3130. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8f0f0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  3131. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7bd0000 'C:\Windows\system32\midimap.dll'
  3132. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
  3133. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8f0f0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  3134. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7bd0000 'C:\Windows\system32\midimap.dll'
  3135. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3136. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3137. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3138. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff2b0000 'C:\Windows\system32\ole32.dll'
  3139. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3140. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
  3141. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8f0f0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  3142. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3143. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3144. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
  3145. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8f0f0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  3146. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3147. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3148. 1db4.18d0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
  3149. 1db4.18d0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8ed00:E:\apps\virtualbox;C:\Windows\system32 [calling]
  3150. 1db4.18d0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc80000 'C:\Windows\system32\OLEAUT32.dll'
  3151. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe480000 'C:\Windows\system32\shell32.dll'
  3152. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe480000 'C:\Windows\system32\shell32.dll'
  3153. 1db4.1c50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\WINMM.dll'
  3154. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
  3155. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8e2f0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  3156. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3157. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3158. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
  3159. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8e2f0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  3160. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3161. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3162. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3163. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3164. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
  3165. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8e2f0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  3166. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3167. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3168. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3169. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3170. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3171. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3172. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3173. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3174. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3175. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3176. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3177. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3178. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3179. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3180. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3181. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3182. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
  3183. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8e2f0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  3184. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3185. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
  3186. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8e2f0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  3187. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3188. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3189. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3190. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3191. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3192. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3193. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3194. 1db4.1f7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001040 pwszName=\Device\HarddiskVolume2\Windows\System32\mswsock.dll
  3195. 1db4.1f7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  3196. 1db4.1f7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  3197. 1db4.1f7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
  3198. 1db4.1f7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8e280:E:\apps\virtualbox;C:\Windows\system32 [calling]
  3199. 1db4.1f7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd980000 'C:\Windows\system32\WINTRUST.DLL'
  3200. 1db4.1f7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
  3201. 1db4.1f7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000003d8e280:E:\apps\virtualbox;C:\Windows\system32 [calling]
  3202. 1db4.1f7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda70000 'C:\Windows\system32\CRYPT32.dll'
  3203. 1db4.1f7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C8E5754748E0E000AB425BF2AEB177780FB43945
  3204. 1db4.1f7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa690000 'C:\Windows\system32\cryptnet.dll'
  3205. 1db4.1f7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2888049~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\mswsock.dll'
  3206. 1db4.1f7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  3207. 1db4.1f7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  3208. 1db4.1f7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
  3209. 1db4.1f7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
  3210. 1db4.1f7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
  3211. 1db4.1f7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mswsock.dll) WinVerifyTrust
  3212. 1db4.1f7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mswsock.dll
  3213. 1db4.1f7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
  3214. 1db4.1f7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
  3215. 1db4.1f7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  3216. 1db4.1f7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  3217. 1db4.1f7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
  3218. 1db4.1f7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
  3219. 1db4.1f7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  3220. 1db4.1f7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  3221. 1db4.1f7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8e2f0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  3222. 1db4.1f7c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
  3223. 1db4.1f7c: supR3HardenedDllNotificationCallback: load 000007fefd060000 LB 0x00055000 C:\Windows\system32\mswsock.dll [fFlags=0x0]
  3224. 1db4.1f7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
  3225. 1db4.1f7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd060000 'C:\Windows\system32\mswsock.dll'
  3226. 1db4.1f7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001060 pwszName=\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
  3227. 1db4.1f7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006d6b20
  3228. 1db4.1f7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006d6b20
  3229. 1db4.1f7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1EFFE58BB9FD8A94FD1609B7F82A43C8E09D98AA
  3230. 1db4.1f7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL'
  3231. 1db4.1f7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  3232. 1db4.1f7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ws2_32.dll'.
  3233. 1db4.1f7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL) WinVerifyTrust
  3234. 1db4.1f7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
  3235. 1db4.1f7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
  3236. 1db4.1f7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
  3237. 1db4.1f7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wshtcpip.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8e2f0:E:\apps\virtualbox;C:\Windows\system32 [calling]
  3238. 1db4.1f7c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
  3239. 1db4.1f7c: supR3HardenedDllNotificationCallback: load 000007fefca80000 LB 0x00007000 C:\Windows\System32\wshtcpip.dll [fFlags=0x0]
  3240. 1db4.1f7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
  3241. 1db4.1f7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca80000 'C:\Windows\System32\wshtcpip.dll'
  3242. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3243. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3244. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3245. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3246. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3247. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3248. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3249. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3250. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3251. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3252. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3253. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3254. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3255. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3256. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3257. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3258. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3259. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3260. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3261. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3262. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3263. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3264. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3265. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3266. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
  3267. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8e280:E:\apps\virtualbox;C:\Windows\system32 [calling]
  3268. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3269. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3270. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3271. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3272. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3273. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3274. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3275. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3276. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3277. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3278. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3279. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3280. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3281. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3282. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3283. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3284. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3285. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3286. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3287. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3288. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3289. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3290. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3291. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3292. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3293. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3294. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3295. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3296. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3297. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3298. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3299. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3300. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3301. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
  3302. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8e750:E:\apps\virtualbox;C:\Windows\system32 [calling]
  3303. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3304. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3305. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3306. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3307. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3308. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3309. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3310. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3311. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3312. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3313. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3314. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3315. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3316. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3317. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3318. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3319. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3320. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3321. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3322. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3323. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3324. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3325. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3326. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3327. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3328. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3329. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3330. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3331. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3332. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3333. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3334. 1db4.e4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
  3335. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003d8e280:E:\apps\virtualbox;C:\Windows\system32 [calling]
  3336. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3337. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3338. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3339. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3340. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3341. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3342. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3343. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3344. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3345. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3346. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3347. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
  3348. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7360000 'C:\Windows\system32\dsound.dll'
  3349. 1db4.e4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef75c0000 'C:\Windows\system32\winmm.dll'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!