VirtualBox

Ticket #16062: VBoxHardening.log

File VBoxHardening.log, 271.2 KB (added by LoneWanderer, 8 years ago)
Line 
1984.1214: Log file opened: 5.1.6r110634 g_hStartupLog=000000fc g_uNtVerCombined=0x611db110
2984.1214: \SystemRoot\System32\ntdll.dll:
3984.1214: CreationTime: 2016-09-04T06:14:46.672774900Z
4984.1214: LastWriteTime: 2016-09-04T06:14:46.677775100Z
5984.1214: ChangeTime: 2016-09-04T11:18:16.453577700Z
6984.1214: FileAttributes: 0x20
7984.1214: Size: 0x13ab88
8984.1214: NT Headers: 0xd0
9984.1214: Timestamp: 0x521ea91c
10984.1214: Machine: 0x14c - i386
11984.1214: Timestamp: 0x521ea91c
12984.1214: Image Version: 6.1
13984.1214: SizeOfImage: 0x13c000 (1294336)
14984.1214: Resource Dir: 0xe0000 LB 0x560d8
15984.1214: ProductName: Microsoft® Windows® Operating System
16984.1214: ProductVersion: 6.1.7601.18247
17984.1214: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532)
18984.1214: FileDescription: NT Layer DLL
19984.1214: \SystemRoot\System32\kernel32.dll:
20984.1214: CreationTime: 2016-09-04T06:12:47.120793300Z
21984.1214: LastWriteTime: 2016-09-04T06:12:47.120793300Z
22984.1214: ChangeTime: 2016-09-04T11:18:14.581574500Z
23984.1214: FileAttributes: 0x20
24984.1214: Size: 0xd4000
25984.1214: NT Headers: 0xf0
26984.1214: Timestamp: 0x503275b9
27984.1214: Machine: 0x14c - i386
28984.1214: Timestamp: 0x503275b9
29984.1214: Image Version: 6.1
30984.1214: SizeOfImage: 0xd4000 (868352)
31984.1214: Resource Dir: 0xc7000 LB 0x528
32984.1214: ProductName: Microsoft® Windows® Operating System
33984.1214: ProductVersion: 6.1.7601.17932
34984.1214: FileVersion: 6.1.7601.17932 (win7sp1_gdr.120820-0419)
35984.1214: FileDescription: Windows NT BASE API Client DLL
36984.1214: \SystemRoot\System32\KernelBase.dll:
37984.1214: CreationTime: 2016-09-04T06:12:47.120793300Z
38984.1214: LastWriteTime: 2016-09-04T06:12:47.120793300Z
39984.1214: ChangeTime: 2016-09-04T11:18:14.643974600Z
40984.1214: FileAttributes: 0x20
41984.1214: Size: 0x47a00
42984.1214: NT Headers: 0xe0
43984.1214: Timestamp: 0x503275ba
44984.1214: Machine: 0x14c - i386
45984.1214: Timestamp: 0x503275ba
46984.1214: Image Version: 6.1
47984.1214: SizeOfImage: 0x4b000 (307200)
48984.1214: Resource Dir: 0x47000 LB 0x530
49984.1214: ProductName: Microsoft® Windows® Operating System
50984.1214: ProductVersion: 6.1.7601.17932
51984.1214: FileVersion: 6.1.7601.17932 (win7sp1_gdr.120820-0419)
52984.1214: FileDescription: Windows NT BASE API Client DLL
53984.1214: \SystemRoot\System32\apisetschema.dll:
54984.1214: CreationTime: 2009-07-13T23:10:57.463372600Z
55984.1214: LastWriteTime: 2009-07-14T01:03:49.551000000Z
56984.1214: ChangeTime: 2016-09-03T11:31:35.226366800Z
57984.1214: FileAttributes: 0x20
58984.1214: Size: 0x1a00
59984.1214: NT Headers: 0xc0
60984.1214: Timestamp: 0x4a5bd9b5
61984.1214: Machine: 0x14c - i386
62984.1214: Timestamp: 0x4a5bd9b5
63984.1214: Image Version: 6.1
64984.1214: SizeOfImage: 0x50000 (327680)
65984.1214: Resource Dir: 0x30000 LB 0x3f0
66984.1214: ProductName: Microsoft® Windows® Operating System
67984.1214: ProductVersion: 6.1.7600.16385
68984.1214: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
69984.1214: FileDescription: ApiSet Schema DLL
70984.1214: supR3HardenedWinFindAdversaries: 0x80
71984.1214: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
72984.1214: CreationTime: 2016-08-29T10:06:47.906149200Z
73984.1214: LastWriteTime: 2016-10-12T11:35:25.774634500Z
74984.1214: ChangeTime: 2016-10-12T11:35:25.774634500Z
75984.1214: FileAttributes: 0x20
76984.1214: Size: 0x298d8
77984.1214: NT Headers: 0xd0
78984.1214: Timestamp: 0x55b855c7
79984.1214: Machine: 0x14c - i386
80984.1214: Timestamp: 0x55b855c7
81984.1214: Image Version: 6.1
82984.1214: SizeOfImage: 0x2d000 (184320)
83984.1214: Resource Dir: 0x2a000 LB 0x3b8
84984.1214: ProductName: Malwarebytes Anti-Malware
85984.1214: ProductVersion: 0.3.0.0
86984.1214: FileVersion: 0.3.0.0
87984.1214: FileDescription: Malwarebytes Anti-Malware
88984.1214: \SystemRoot\System32\drivers\mwac.sys:
89984.1214: CreationTime: 2016-08-29T10:06:09.598866400Z
90984.1214: LastWriteTime: 2016-03-10T07:09:04.000000000Z
91984.1214: ChangeTime: 2016-08-29T10:06:09.614466400Z
92984.1214: FileAttributes: 0x20
93984.1214: Size: 0xcf80
94984.1214: NT Headers: 0xe0
95984.1214: Timestamp: 0x53a0f41c
96984.1214: Machine: 0x14c - i386
97984.1214: Timestamp: 0x53a0f41c
98984.1214: Image Version: 6.2
99984.1214: SizeOfImage: 0xf000 (61440)
100984.1214: Resource Dir: 0xd000 LB 0x3e0
101984.1214: ProductName: Malwarebytes Web Access Control
102984.1214: ProductVersion: 1.0.6.0
103984.1214: FileVersion: 1.0.6.0
104984.1214: FileDescription: Malwarebytes Web Access Control
105984.1214: \SystemRoot\System32\drivers\mbamchameleon.sys:
106984.1214: CreationTime: 2016-08-29T10:06:09.614466400Z
107984.1214: LastWriteTime: 2016-03-10T07:08:56.000000000Z
108984.1214: ChangeTime: 2016-08-29T10:06:09.645666400Z
109984.1214: FileAttributes: 0x20
110984.1214: Size: 0x1ed80
111984.1214: NT Headers: 0xd0
112984.1214: Timestamp: 0x56a9574c
113984.1214: Machine: 0x14c - i386
114984.1214: Timestamp: 0x56a9574c
115984.1214: Image Version: 6.1
116984.1214: SizeOfImage: 0x22000 (139264)
117984.1214: Resource Dir: 0x1f000 LB 0xba8
118984.1214: ProductName: Malwarebytes Chameleon
119984.1214: ProductVersion: 1.1.22.0
120984.1214: FileVersion: 1.1.22.0
121984.1214: FileDescription: Malwarebytes Chameleon Protection Driver
122984.1214: \SystemRoot\System32\drivers\mbam.sys:
123984.1214: CreationTime: 2016-08-29T10:06:09.583266300Z
124984.1214: LastWriteTime: 2016-03-10T07:08:52.000000000Z
125984.1214: ChangeTime: 2016-08-29T10:06:09.583266300Z
126984.1214: FileAttributes: 0x20
127984.1214: Size: 0x5f80
128984.1214: NT Headers: 0xd8
129984.1214: Timestamp: 0x55ca3252
130984.1214: Machine: 0x14c - i386
131984.1214: Timestamp: 0x55ca3252
132984.1214: Image Version: 6.1
133984.1214: SizeOfImage: 0x9000 (36864)
134984.1214: Resource Dir: 0x7000 LB 0x3a0
135984.1214: ProductName: Malwarebytes Anti-Malware
136984.1214: ProductVersion: 0.1.16.0
137984.1214: FileVersion: 0.1.16.0
138984.1214: FileDescription: Malwarebytes Anti-Malware
139984.1214: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
140984.1214: Calling main()
141984.1214: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
142984.1214: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
143984.1214: SUPR3HardenedMain: Respawn #1
144984.1214: System32: \Device\HarddiskVolume2\Windows\System32
145984.1214: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
146984.1214: KnownDllPath: C:\Windows\system32
147984.1214: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
148984.1214: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
149984.1214: supR3HardNtEnableThreadCreation:
150984.1214: supR3HardNtDisableThreadCreation: pvLdrInitThunk=76f33649 pvNtTerminateThread=76f16918
151984.1214: supR3HardenedWinDoReSpawn(1): New child 1584.11ac [kernel32].
152984.1214: supR3HardNtChildGatherData: PebBaseAddress=7ffd7000 cbPeb=0x248
153984.1214: supR3HardNtPuChFindNtdll: uNtDllParentAddr=76ed0000 uNtDllChildAddr=76ed0000
154984.1214: supR3HardenedWinSetupChildInit: uLdrInitThunk=76f33649
155984.1214: supR3HardenedWinSetupChildInit: Start child.
156984.1214: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 262 ms.
157984.1214: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 0 sleeps
158984.1214: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
159984.1214: *00000000-fffeffff 0x0001/0x0000 0x0000000
160984.1214: *00010000-fffeffff 0x0004/0x0004 0x0020000
161984.1214: *00030000-0002bfff 0x0002/0x0002 0x0040000
162984.1214: 00034000-00027fff 0x0001/0x0000 0x0000000
163984.1214: *00040000-0003efff 0x0004/0x0004 0x0020000
164984.1214: 00041000-00031fff 0x0001/0x0000 0x0000000
165984.1214: *00050000-0004efff 0x0004/0x0004 0x0020000
166984.1214: 00051000-ffec1fff 0x0001/0x0000 0x0000000
167984.1214: *001e0000-000e2fff 0x0000/0x0004 0x0020000
168984.1214: 002dd000-002dbfff 0x0104/0x0004 0x0020000
169984.1214: 002de000-002dbfff 0x0004/0x0004 0x0020000
170984.1214: 002e0000-ff5bffff 0x0001/0x0000 0x0000000
171984.1214: *01000000-01000fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
172984.1214: 01001000-01065fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
173984.1214: 01066000-01066fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
174984.1214: 01067000-0109ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
175984.1214: 010a0000-010a0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
176984.1214: 010a1000-010a1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
177984.1214: 010a2000-010a2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
178984.1214: 010a3000-010a3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
179984.1214: 010a4000-010a8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
180984.1214: 010a9000-010abfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
181984.1214: 010ac000-010effff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
182984.1214: 010f0000-8b30ffff 0x0001/0x0000 0x0000000
183984.1214: *76ed0000-76ed0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
184984.1214: 76ed1000-76fa6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
185984.1214: 76fa7000-76facfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
186984.1214: 76fad000-76fadfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
187984.1214: 76fae000-76faffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
188984.1214: 76fb0000-7700bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
189984.1214: 7700c000-76f07fff 0x0001/0x0000 0x0000000
190984.1214: *77110000-77110fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
191984.1214: 77111000-6e271fff 0x0001/0x0000 0x0000000
192984.1214: *7ffb0000-7ff8cfff 0x0002/0x0002 0x0040000
193984.1214: 7ffd3000-7ffcefff 0x0001/0x0000 0x0000000
194984.1214: *7ffd7000-7ffd5fff 0x0004/0x0004 0x0020000
195984.1214: 7ffd8000-7ffd0fff 0x0001/0x0000 0x0000000
196984.1214: *7ffdf000-7ffddfff 0x0004/0x0004 0x0020000
197984.1214: *7ffe0000-7ffdefff 0x0002/0x0002 0x0020000
198984.1214: 7ffe1000-7ffd1fff 0x0001/0x0002 0x0020000
199984.1214: apisetschema.dll: timestamp 0x4a5bd9b5 (rc=VINF_SUCCESS)
200984.1214: VirtualBox.exe: timestamp 0x57d6d9bf (rc=VINF_SUCCESS)
201984.1214: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
202984.1214: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
203984.1214: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
204984.1214: supR3HardNtChildPurify: Done after 595 ms and 0 fixes (loop #0).
2051584.11ac: Log file opened: 5.1.6r110634 g_hStartupLog=00000004 g_uNtVerCombined=0x611db100
2061584.11ac: supR3HardenedVmProcessInit: uNtDllAddr=76ed0000 g_uNtVerCombined=0x611db100
207984.1214: supR3HardNtEnableThreadCreation:
2081584.11ac: ntdll.dll: timestamp 0x521ea91c (rc=VINF_SUCCESS)
2091584.11ac: New simple heap: #1 002e0000 LB 0x400000 (for 1294336 allocation)
2101584.11ac: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2111584.11ac: System32: \Device\HarddiskVolume2\Windows\System32
2121584.11ac: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
2131584.11ac: KnownDllPath: C:\Windows\system32
2141584.11ac: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2151584.11ac: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2161584.11ac: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2171584.11ac: Registered Dll notification callback with NTDLL.
2181584.11ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
2191584.11ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2201584.11ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000:<flags> [calling]
2211584.11ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2221584.11ac: supR3HardenedDllNotificationCallback: load 76b00000 LB 0x000d4000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
2231584.11ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2241584.11ac: supR3HardenedDllNotificationCallback: load 75180000 LB 0x0004b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
2251584.11ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
2261584.11ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2271584.11ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76b00000 'C:\Windows\system32\kernel32.dll'
228984.1214: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 95 ms.
2291584.11ac: supR3HardNtDisableThreadCreation: pvLdrInitThunk=76f33649 pvNtTerminateThread=76f16918
2301584.11ac: \SystemRoot\System32\ntdll.dll:
2311584.11ac: CreationTime: 2016-09-04T06:14:46.672774900Z
2321584.11ac: LastWriteTime: 2016-09-04T06:14:46.677775100Z
2331584.11ac: ChangeTime: 2016-09-04T11:18:16.453577700Z
2341584.11ac: FileAttributes: 0x20
2351584.11ac: Size: 0x13ab88
2361584.11ac: NT Headers: 0xd0
2371584.11ac: Timestamp: 0x521ea91c
2381584.11ac: Machine: 0x14c - i386
2391584.11ac: Timestamp: 0x521ea91c
2401584.11ac: Image Version: 6.1
2411584.11ac: SizeOfImage: 0x13c000 (1294336)
2421584.11ac: Resource Dir: 0xe0000 LB 0x560d8
2431584.11ac: ProductName: Microsoft® Windows® Operating System
2441584.11ac: ProductVersion: 6.1.7601.18247
2451584.11ac: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532)
2461584.11ac: FileDescription: NT Layer DLL
2471584.11ac: \SystemRoot\System32\kernel32.dll:
2481584.11ac: CreationTime: 2016-09-04T06:12:47.120793300Z
2491584.11ac: LastWriteTime: 2016-09-04T06:12:47.120793300Z
2501584.11ac: ChangeTime: 2016-09-04T11:18:14.581574500Z
2511584.11ac: FileAttributes: 0x20
2521584.11ac: Size: 0xd4000
2531584.11ac: NT Headers: 0xf0
2541584.11ac: Timestamp: 0x503275b9
2551584.11ac: Machine: 0x14c - i386
2561584.11ac: Timestamp: 0x503275b9
2571584.11ac: Image Version: 6.1
2581584.11ac: SizeOfImage: 0xd4000 (868352)
2591584.11ac: Resource Dir: 0xc7000 LB 0x528
2601584.11ac: ProductName: Microsoft® Windows® Operating System
2611584.11ac: ProductVersion: 6.1.7601.17932
2621584.11ac: FileVersion: 6.1.7601.17932 (win7sp1_gdr.120820-0419)
2631584.11ac: FileDescription: Windows NT BASE API Client DLL
2641584.11ac: \SystemRoot\System32\KernelBase.dll:
2651584.11ac: CreationTime: 2016-09-04T06:12:47.120793300Z
2661584.11ac: LastWriteTime: 2016-09-04T06:12:47.120793300Z
2671584.11ac: ChangeTime: 2016-09-04T11:18:14.643974600Z
2681584.11ac: FileAttributes: 0x20
2691584.11ac: Size: 0x47a00
2701584.11ac: NT Headers: 0xe0
2711584.11ac: Timestamp: 0x503275ba
2721584.11ac: Machine: 0x14c - i386
2731584.11ac: Timestamp: 0x503275ba
2741584.11ac: Image Version: 6.1
2751584.11ac: SizeOfImage: 0x4b000 (307200)
2761584.11ac: Resource Dir: 0x47000 LB 0x530
2771584.11ac: ProductName: Microsoft® Windows® Operating System
2781584.11ac: ProductVersion: 6.1.7601.17932
2791584.11ac: FileVersion: 6.1.7601.17932 (win7sp1_gdr.120820-0419)
2801584.11ac: FileDescription: Windows NT BASE API Client DLL
2811584.11ac: \SystemRoot\System32\apisetschema.dll:
2821584.11ac: CreationTime: 2009-07-13T23:10:57.463372600Z
2831584.11ac: LastWriteTime: 2009-07-14T01:03:49.551000000Z
2841584.11ac: ChangeTime: 2016-09-03T11:31:35.226366800Z
2851584.11ac: FileAttributes: 0x20
2861584.11ac: Size: 0x1a00
2871584.11ac: NT Headers: 0xc0
2881584.11ac: Timestamp: 0x4a5bd9b5
2891584.11ac: Machine: 0x14c - i386
2901584.11ac: Timestamp: 0x4a5bd9b5
2911584.11ac: Image Version: 6.1
2921584.11ac: SizeOfImage: 0x50000 (327680)
2931584.11ac: Resource Dir: 0x30000 LB 0x3f0
2941584.11ac: ProductName: Microsoft® Windows® Operating System
2951584.11ac: ProductVersion: 6.1.7600.16385
2961584.11ac: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
2971584.11ac: FileDescription: ApiSet Schema DLL
2981584.11ac: supR3HardenedWinFindAdversaries: 0x80
2991584.11ac: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
3001584.11ac: CreationTime: 2016-08-29T10:06:47.906149200Z
3011584.11ac: LastWriteTime: 2016-10-12T11:35:25.774634500Z
3021584.11ac: ChangeTime: 2016-10-12T11:35:25.774634500Z
3031584.11ac: FileAttributes: 0x20
3041584.11ac: Size: 0x298d8
3051584.11ac: NT Headers: 0xd0
3061584.11ac: Timestamp: 0x55b855c7
3071584.11ac: Machine: 0x14c - i386
3081584.11ac: Timestamp: 0x55b855c7
3091584.11ac: Image Version: 6.1
3101584.11ac: SizeOfImage: 0x2d000 (184320)
3111584.11ac: Resource Dir: 0x2a000 LB 0x3b8
3121584.11ac: ProductName: Malwarebytes Anti-Malware
3131584.11ac: ProductVersion: 0.3.0.0
3141584.11ac: FileVersion: 0.3.0.0
3151584.11ac: FileDescription: Malwarebytes Anti-Malware
3161584.11ac: \SystemRoot\System32\drivers\mwac.sys:
3171584.11ac: CreationTime: 2016-08-29T10:06:09.598866400Z
3181584.11ac: LastWriteTime: 2016-03-10T07:09:04.000000000Z
3191584.11ac: ChangeTime: 2016-08-29T10:06:09.614466400Z
3201584.11ac: FileAttributes: 0x20
3211584.11ac: Size: 0xcf80
3221584.11ac: NT Headers: 0xe0
3231584.11ac: Timestamp: 0x53a0f41c
3241584.11ac: Machine: 0x14c - i386
3251584.11ac: Timestamp: 0x53a0f41c
3261584.11ac: Image Version: 6.2
3271584.11ac: SizeOfImage: 0xf000 (61440)
3281584.11ac: Resource Dir: 0xd000 LB 0x3e0
3291584.11ac: ProductName: Malwarebytes Web Access Control
3301584.11ac: ProductVersion: 1.0.6.0
3311584.11ac: FileVersion: 1.0.6.0
3321584.11ac: FileDescription: Malwarebytes Web Access Control
3331584.11ac: \SystemRoot\System32\drivers\mbamchameleon.sys:
3341584.11ac: CreationTime: 2016-08-29T10:06:09.614466400Z
3351584.11ac: LastWriteTime: 2016-03-10T07:08:56.000000000Z
3361584.11ac: ChangeTime: 2016-08-29T10:06:09.645666400Z
3371584.11ac: FileAttributes: 0x20
3381584.11ac: Size: 0x1ed80
3391584.11ac: NT Headers: 0xd0
3401584.11ac: Timestamp: 0x56a9574c
3411584.11ac: Machine: 0x14c - i386
3421584.11ac: Timestamp: 0x56a9574c
3431584.11ac: Image Version: 6.1
3441584.11ac: SizeOfImage: 0x22000 (139264)
3451584.11ac: Resource Dir: 0x1f000 LB 0xba8
3461584.11ac: ProductName: Malwarebytes Chameleon
3471584.11ac: ProductVersion: 1.1.22.0
3481584.11ac: FileVersion: 1.1.22.0
3491584.11ac: FileDescription: Malwarebytes Chameleon Protection Driver
3501584.11ac: \SystemRoot\System32\drivers\mbam.sys:
3511584.11ac: CreationTime: 2016-08-29T10:06:09.583266300Z
3521584.11ac: LastWriteTime: 2016-03-10T07:08:52.000000000Z
3531584.11ac: ChangeTime: 2016-08-29T10:06:09.583266300Z
3541584.11ac: FileAttributes: 0x20
3551584.11ac: Size: 0x5f80
3561584.11ac: NT Headers: 0xd8
3571584.11ac: Timestamp: 0x55ca3252
3581584.11ac: Machine: 0x14c - i386
3591584.11ac: Timestamp: 0x55ca3252
3601584.11ac: Image Version: 6.1
3611584.11ac: SizeOfImage: 0x9000 (36864)
3621584.11ac: Resource Dir: 0x7000 LB 0x3a0
3631584.11ac: ProductName: Malwarebytes Anti-Malware
3641584.11ac: ProductVersion: 0.1.16.0
3651584.11ac: FileVersion: 0.1.16.0
3661584.11ac: FileDescription: Malwarebytes Anti-Malware
3671584.11ac: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3681584.11ac: Calling main()
3691584.11ac: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
3701584.11ac: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3711584.11ac: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3721584.11ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
3731584.11ac: SUPR3HardenedMain: Respawn #2
3741584.11ac: supR3HardNtEnableThreadCreation:
3751584.11ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
3761584.11ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
3771584.11ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000:<flags> [calling]
3781584.11ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
3791584.11ac: supR3HardenedDllNotificationCallback: load 74d60000 LB 0x0004c000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
3801584.11ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
3811584.11ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74d60000 'C:\Windows\system32\apphelp.dll'
3821584.11ac: supR3HardNtDisableThreadCreation: pvLdrInitThunk=76f33649 pvNtTerminateThread=76f16918
3831584.11ac: supR3HardenedWinDoReSpawn(2): New child 1370.e60 [kernel32].
3841584.11ac: supR3HardNtChildGatherData: PebBaseAddress=7ffd4000 cbPeb=0x248
3851584.11ac: supR3HardNtPuChFindNtdll: uNtDllParentAddr=76ed0000 uNtDllChildAddr=76ed0000
3861584.11ac: supR3HardenedWinSetupChildInit: uLdrInitThunk=76f33649
3871584.11ac: supR3HardenedWinSetupChildInit: Start child.
3881584.11ac: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 315 ms.
3891584.11ac: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 0 sleeps
3901584.11ac: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
3911584.11ac: *00000000-fffeffff 0x0001/0x0000 0x0000000
3921584.11ac: *00010000-fffeffff 0x0004/0x0004 0x0020000
3931584.11ac: *00030000-0002bfff 0x0002/0x0002 0x0040000
3941584.11ac: 00034000-00027fff 0x0001/0x0000 0x0000000
3951584.11ac: *00040000-0003efff 0x0004/0x0004 0x0020000
3961584.11ac: 00041000-00031fff 0x0001/0x0000 0x0000000
3971584.11ac: *00050000-0004efff 0x0004/0x0004 0x0020000
3981584.11ac: 00051000-fff61fff 0x0001/0x0000 0x0000000
3991584.11ac: *00140000-00042fff 0x0000/0x0004 0x0020000
4001584.11ac: 0023d000-0023bfff 0x0104/0x0004 0x0020000
4011584.11ac: 0023e000-0023bfff 0x0004/0x0004 0x0020000
4021584.11ac: 00240000-ff47ffff 0x0001/0x0000 0x0000000
4031584.11ac: *01000000-01000fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4041584.11ac: 01001000-01065fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4051584.11ac: 01066000-01066fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4061584.11ac: 01067000-0109ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4071584.11ac: 010a0000-010a0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4081584.11ac: 010a1000-010a1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4091584.11ac: 010a2000-010a2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4101584.11ac: 010a3000-010a3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4111584.11ac: 010a4000-010a8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4121584.11ac: 010a9000-010abfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4131584.11ac: 010ac000-010effff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4141584.11ac: 010f0000-8b30ffff 0x0001/0x0000 0x0000000
4151584.11ac: *76ed0000-76ed0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4161584.11ac: 76ed1000-76fa6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4171584.11ac: 76fa7000-76facfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4181584.11ac: 76fad000-76fadfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4191584.11ac: 76fae000-76faffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4201584.11ac: 76fb0000-7700bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4211584.11ac: 7700c000-76f07fff 0x0001/0x0000 0x0000000
4221584.11ac: *77110000-77110fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
4231584.11ac: 77111000-6e271fff 0x0001/0x0000 0x0000000
4241584.11ac: *7ffb0000-7ff8cfff 0x0002/0x0002 0x0040000
4251584.11ac: 7ffd3000-7ffd1fff 0x0001/0x0000 0x0000000
4261584.11ac: *7ffd4000-7ffd2fff 0x0004/0x0004 0x0020000
4271584.11ac: 7ffd5000-7ffcafff 0x0001/0x0000 0x0000000
4281584.11ac: *7ffdf000-7ffddfff 0x0004/0x0004 0x0020000
4291584.11ac: *7ffe0000-7ffdefff 0x0002/0x0002 0x0020000
4301584.11ac: 7ffe1000-7ffd1fff 0x0001/0x0002 0x0020000
4311584.11ac: apisetschema.dll: timestamp 0x4a5bd9b5 (rc=VINF_SUCCESS)
4321584.11ac: VirtualBox.exe: timestamp 0x57d6d9bf (rc=VINF_SUCCESS)
4331584.11ac: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4341584.11ac: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
4351584.11ac: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
4361584.11ac: supR3HardNtChildPurify: Done after 595 ms and 0 fixes (loop #0).
4371370.e60: Log file opened: 5.1.6r110634 g_hStartupLog=00000004 g_uNtVerCombined=0x611db100
4381370.e60: supR3HardenedVmProcessInit: uNtDllAddr=76ed0000 g_uNtVerCombined=0x611db100
4391370.e60: ntdll.dll: timestamp 0x521ea91c (rc=VINF_SUCCESS)
4401370.e60: New simple heap: #1 00340000 LB 0x400000 (for 1294336 allocation)
4411584.11ac: supR3HardenedEarlyCompact: Removed heap 1 (0x2e0000 LB 0x400000)
4421584.11ac: supR3HardNtEnableThreadCreation:
4431370.e60: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
4441370.e60: System32: \Device\HarddiskVolume2\Windows\System32
4451370.e60: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
4461370.e60: KnownDllPath: C:\Windows\system32
4471370.e60: supR3HardenedVmProcessInit: Opening vboxdrv...
4481370.e60: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
4491370.e60: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
4501370.e60: Registered Dll notification callback with NTDLL.
4511370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
4521370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
4531370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000:<flags> [calling]
4541370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
4551370.e60: supR3HardenedDllNotificationCallback: load 76b00000 LB 0x000d4000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
4561370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
4571370.e60: supR3HardenedDllNotificationCallback: load 75180000 LB 0x0004b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
4581370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
4591370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
4601370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76b00000 'C:\Windows\system32\kernel32.dll'
4611370.e60: supR3HardNtDisableThreadCreation: pvLdrInitThunk=76f33649 pvNtTerminateThread=76f16918
4621370.e60: \SystemRoot\System32\ntdll.dll:
4631370.e60: CreationTime: 2016-09-04T06:14:46.672774900Z
4641370.e60: LastWriteTime: 2016-09-04T06:14:46.677775100Z
4651370.e60: ChangeTime: 2016-09-04T11:18:16.453577700Z
4661370.e60: FileAttributes: 0x20
4671370.e60: Size: 0x13ab88
4681370.e60: NT Headers: 0xd0
4691370.e60: Timestamp: 0x521ea91c
4701370.e60: Machine: 0x14c - i386
4711370.e60: Timestamp: 0x521ea91c
4721370.e60: Image Version: 6.1
4731370.e60: SizeOfImage: 0x13c000 (1294336)
4741370.e60: Resource Dir: 0xe0000 LB 0x560d8
4751370.e60: ProductName: Microsoft® Windows® Operating System
4761370.e60: ProductVersion: 6.1.7601.18247
4771370.e60: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532)
4781370.e60: FileDescription: NT Layer DLL
4791370.e60: \SystemRoot\System32\kernel32.dll:
4801370.e60: CreationTime: 2016-09-04T06:12:47.120793300Z
4811370.e60: LastWriteTime: 2016-09-04T06:12:47.120793300Z
4821370.e60: ChangeTime: 2016-09-04T11:18:14.581574500Z
4831370.e60: FileAttributes: 0x20
4841370.e60: Size: 0xd4000
4851370.e60: NT Headers: 0xf0
4861370.e60: Timestamp: 0x503275b9
4871370.e60: Machine: 0x14c - i386
4881370.e60: Timestamp: 0x503275b9
4891370.e60: Image Version: 6.1
4901370.e60: SizeOfImage: 0xd4000 (868352)
4911370.e60: Resource Dir: 0xc7000 LB 0x528
4921370.e60: ProductName: Microsoft® Windows® Operating System
4931370.e60: ProductVersion: 6.1.7601.17932
4941370.e60: FileVersion: 6.1.7601.17932 (win7sp1_gdr.120820-0419)
4951584.11ac: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 100 ms.
4961370.e60: FileDescription: Windows NT BASE API Client DLL
4971370.e60: \SystemRoot\System32\KernelBase.dll:
4981370.e60: CreationTime: 2016-09-04T06:12:47.120793300Z
4991370.e60: LastWriteTime: 2016-09-04T06:12:47.120793300Z
5001370.e60: ChangeTime: 2016-09-04T11:18:14.643974600Z
5011370.e60: FileAttributes: 0x20
5021370.e60: Size: 0x47a00
5031370.e60: NT Headers: 0xe0
5041370.e60: Timestamp: 0x503275ba
5051370.e60: Machine: 0x14c - i386
5061370.e60: Timestamp: 0x503275ba
5071370.e60: Image Version: 6.1
5081370.e60: SizeOfImage: 0x4b000 (307200)
5091370.e60: Resource Dir: 0x47000 LB 0x530
5101370.e60: ProductName: Microsoft® Windows® Operating System
5111370.e60: ProductVersion: 6.1.7601.17932
5121370.e60: FileVersion: 6.1.7601.17932 (win7sp1_gdr.120820-0419)
5131370.e60: FileDescription: Windows NT BASE API Client DLL
5141370.e60: \SystemRoot\System32\apisetschema.dll:
5151370.e60: CreationTime: 2009-07-13T23:10:57.463372600Z
5161370.e60: LastWriteTime: 2009-07-14T01:03:49.551000000Z
5171370.e60: ChangeTime: 2016-09-03T11:31:35.226366800Z
5181370.e60: FileAttributes: 0x20
5191370.e60: Size: 0x1a00
5201370.e60: NT Headers: 0xc0
5211370.e60: Timestamp: 0x4a5bd9b5
5221370.e60: Machine: 0x14c - i386
5231370.e60: Timestamp: 0x4a5bd9b5
5241370.e60: Image Version: 6.1
5251370.e60: SizeOfImage: 0x50000 (327680)
5261370.e60: Resource Dir: 0x30000 LB 0x3f0
5271370.e60: ProductName: Microsoft® Windows® Operating System
5281370.e60: ProductVersion: 6.1.7600.16385
5291370.e60: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
5301370.e60: FileDescription: ApiSet Schema DLL
5311370.e60: supR3HardenedWinFindAdversaries: 0x80
5321370.e60: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
5331370.e60: CreationTime: 2016-08-29T10:06:47.906149200Z
5341370.e60: LastWriteTime: 2016-10-12T11:35:25.774634500Z
5351370.e60: ChangeTime: 2016-10-12T11:35:25.774634500Z
5361370.e60: FileAttributes: 0x20
5371370.e60: Size: 0x298d8
5381370.e60: NT Headers: 0xd0
5391370.e60: Timestamp: 0x55b855c7
5401370.e60: Machine: 0x14c - i386
5411370.e60: Timestamp: 0x55b855c7
5421370.e60: Image Version: 6.1
5431370.e60: SizeOfImage: 0x2d000 (184320)
5441370.e60: Resource Dir: 0x2a000 LB 0x3b8
5451370.e60: ProductName: Malwarebytes Anti-Malware
5461370.e60: ProductVersion: 0.3.0.0
5471370.e60: FileVersion: 0.3.0.0
5481370.e60: FileDescription: Malwarebytes Anti-Malware
5491370.e60: \SystemRoot\System32\drivers\mwac.sys:
5501370.e60: CreationTime: 2016-08-29T10:06:09.598866400Z
5511370.e60: LastWriteTime: 2016-03-10T07:09:04.000000000Z
5521370.e60: ChangeTime: 2016-08-29T10:06:09.614466400Z
5531370.e60: FileAttributes: 0x20
5541370.e60: Size: 0xcf80
5551370.e60: NT Headers: 0xe0
5561370.e60: Timestamp: 0x53a0f41c
5571370.e60: Machine: 0x14c - i386
5581370.e60: Timestamp: 0x53a0f41c
5591370.e60: Image Version: 6.2
5601370.e60: SizeOfImage: 0xf000 (61440)
5611370.e60: Resource Dir: 0xd000 LB 0x3e0
5621370.e60: ProductName: Malwarebytes Web Access Control
5631370.e60: ProductVersion: 1.0.6.0
5641370.e60: FileVersion: 1.0.6.0
5651370.e60: FileDescription: Malwarebytes Web Access Control
5661370.e60: \SystemRoot\System32\drivers\mbamchameleon.sys:
5671370.e60: CreationTime: 2016-08-29T10:06:09.614466400Z
5681370.e60: LastWriteTime: 2016-03-10T07:08:56.000000000Z
5691370.e60: ChangeTime: 2016-08-29T10:06:09.645666400Z
5701370.e60: FileAttributes: 0x20
5711370.e60: Size: 0x1ed80
5721370.e60: NT Headers: 0xd0
5731370.e60: Timestamp: 0x56a9574c
5741370.e60: Machine: 0x14c - i386
5751370.e60: Timestamp: 0x56a9574c
5761370.e60: Image Version: 6.1
5771370.e60: SizeOfImage: 0x22000 (139264)
5781370.e60: Resource Dir: 0x1f000 LB 0xba8
5791370.e60: ProductName: Malwarebytes Chameleon
5801370.e60: ProductVersion: 1.1.22.0
5811370.e60: FileVersion: 1.1.22.0
5821370.e60: FileDescription: Malwarebytes Chameleon Protection Driver
5831370.e60: \SystemRoot\System32\drivers\mbam.sys:
5841370.e60: CreationTime: 2016-08-29T10:06:09.583266300Z
5851370.e60: LastWriteTime: 2016-03-10T07:08:52.000000000Z
5861370.e60: ChangeTime: 2016-08-29T10:06:09.583266300Z
5871370.e60: FileAttributes: 0x20
5881370.e60: Size: 0x5f80
5891370.e60: NT Headers: 0xd8
5901370.e60: Timestamp: 0x55ca3252
5911370.e60: Machine: 0x14c - i386
5921370.e60: Timestamp: 0x55ca3252
5931370.e60: Image Version: 6.1
5941370.e60: SizeOfImage: 0x9000 (36864)
5951370.e60: Resource Dir: 0x7000 LB 0x3a0
5961370.e60: ProductName: Malwarebytes Anti-Malware
5971370.e60: ProductVersion: 0.1.16.0
5981370.e60: FileVersion: 0.1.16.0
5991370.e60: FileDescription: Malwarebytes Anti-Malware
6001370.e60: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
6011370.e60: Calling main()
6021370.e60: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
6031370.e60: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
6041370.e60: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
6051370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
6061370.e60: SUPR3HardenedMain: Final process, opening VBoxDrv...
6071370.e60: supR3HardenedEarlyCompact: Removed heap 1 (0x340000 LB 0x400000)
6081370.e60: supR3HardNtEnableThreadCreation:
6091370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
6101370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
6111370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2a4c:C:\Windows\system32 [calling]
6121370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6131370.e60: supR3HardenedDllNotificationCallback: load 69320000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
6141370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6151370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6161370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
6171370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=69320000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6181370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6191370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
6201370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=69320000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6211370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=69320000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6221370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6231370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
6241370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
6251370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
6261370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
6271370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
6281370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6291370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6301370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
6311370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
6321370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
6331370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
6341370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
6351370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
6361370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
6371370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
6381370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6391370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
6401370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
6411370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
6421370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6431370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6441370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
6451370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
6461370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
6471370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
6481370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
6491370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6501370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6511370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6521370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2a4c:C:\Windows\system32 [calling]
6531370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6541370.e60: supR3HardenedDllNotificationCallback: load 75000000 LB 0x0002d000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
6551370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6561370.e60: supR3HardenedDllNotificationCallback: load 75a00000 LB 0x000ac000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
6571370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6581370.e60: supR3HardenedDllNotificationCallback: load 75060000 LB 0x0011d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
6591370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6601370.e60: supR3HardenedDllNotificationCallback: load 74ed0000 LB 0x0000c000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
6611370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
6621370.e60: supR3HardenedDllNotificationCallback: load 76860000 LB 0x000a1000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
6631370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6641370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75000000 'C:\Windows\system32\Wintrust.dll'
6651370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
6661370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
6671370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2a4c:C:\Windows\system32 [calling]
6681370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6691370.e60: supR3HardenedDllNotificationCallback: load 749f0000 LB 0x00017000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
6701370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6711370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=749f0000 'C:\Windows\system32\bcrypt.dll'
6721370.e60: bcrypt.dll loaded at 749f0000, BCryptOpenAlgorithmProvider at 749f2cda, preloading providers:
6731370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
6741370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
6751370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
6761370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
6771370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
6781370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
6791370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6801370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
6811370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
6821370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6831370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
6841370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
6851370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
6861370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6871370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6881370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6891370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6901370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6911370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6921370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
6931370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
6941370.e60: supR3HardenedDllNotificationCallback: load 74610000 LB 0x0003d000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
6951370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
6961370.e60: supR3HardenedDllNotificationCallback: load 751e0000 LB 0x000a0000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
6971370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
6981370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
6991370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'.
7001370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
7011370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
7021370.e60: supR3HardenedDllNotificationCallback: load 75280000 LB 0x00019000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
7031370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
7041370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74610000 'C:\Windows\system32\bcryptprimitives.dll'
7051370.e60: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=008c0678)
7061370.e60: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=008c0bc8)
7071370.e60: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=008c0c68)
7081370.e60: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=008c05d0)
7091370.e60: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=008c1b80)
7101370.e60: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=008c1c20)
7111370.e60: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=008c1cc0)
7121370.e60: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=008c1d60)
7131370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
7141370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
7151370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7161370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7171370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7181370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7191370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7201370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7211370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
7221370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
7231370.e60: supR3HardenedDllNotificationCallback: load 748e0000 LB 0x00016000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
7241370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
7251370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=748e0000 'C:\Windows\system32\CRYPTSP.dll'
7261370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7271370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
7281370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
7291370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7301370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7311370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7321370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
7331370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7341370.e60: supR3HardenedDllNotificationCallback: load 74650000 LB 0x0003b000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
7351370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7361370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74650000 'C:\Windows\system32\rsaenh.dll'
7371370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
7381370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
7391370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=751e0000 'C:\Windows\system32\ADVAPI32.dll'
7401370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
7411370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
7421370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
7431370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
7441370.e60: supR3HardenedDllNotificationCallback: load 74db0000 LB 0x0000c000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
7451370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
7461370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74db0000 'C:\Windows\system32\CRYPTBASE.dll'
7471370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
7481370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
7491370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76b00000 'C:\Windows\system32\kernel32.dll'
7501370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7511370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
7521370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75000000 'C:\Windows\system32\WINTRUST.DLL'
7531370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7541370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
7551370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75060000 'C:\Windows\system32\CRYPT32.dll'
7561370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7571370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
7581370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
7591370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7601370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7611370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7621370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
7631370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
7641370.e60: supR3HardenedDllNotificationCallback: load 76760000 LB 0x0002a000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
7651370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
7661370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76760000 'C:\Windows\system32\imagehlp.dll'
7671370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
7681370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
7691370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=748e0000 'C:\Windows\system32\CRYPTSP.dll'
7701370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
7711370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
7721370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
7731370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
7741370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
7751370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
7761370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
7771370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
7781370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
7791370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
7801370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
7811370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
7821370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
7831370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
7841370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
7851370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
7861370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
7871370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7881370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
7891370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
7901370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
7911370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7921370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
7931370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
7941370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
7951370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
7961370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
7971370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7981370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
7991370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
8001370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
8011370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
8021370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
8031370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
8041370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
8051370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
8061370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
8071370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
8081370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8091370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8101370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8111370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
8121370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
8131370.e60: supR3HardenedDllNotificationCallback: load 76790000 LB 0x000c9000 C:\Windows\system32\USER32.dll [fFlags=0x0]
8141370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
8151370.e60: supR3HardenedDllNotificationCallback: load 77020000 LB 0x0004e000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
8161370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
8171370.e60: supR3HardenedDllNotificationCallback: load 755f0000 LB 0x0000a000 C:\Windows\system32\LPK.dll [fFlags=0x0]
8181370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
8191370.e60: supR3HardenedDllNotificationCallback: load 75550000 LB 0x0009d000 C:\Windows\system32\USP10.dll [fFlags=0x0]
8201370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
8211370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
8221370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
8231370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77020000 'C:\Windows\system32\gdi32.dll'
8241370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
8251370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
8261370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
8271370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
8281370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
8291370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
8301370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
8311370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8321370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
8331370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
8341370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
8351370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
8361370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
8371370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
8381370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
8391370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
8401370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
8411370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
8421370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
8431370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
8441370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
8451370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
8461370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
8471370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
8481370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
8491370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
8501370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
8511370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
8521370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8531370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8541370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8551370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
8561370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
8571370.e60: supR3HardenedDllNotificationCallback: load 75af0000 LB 0x0001f000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
8581370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
8591370.e60: supR3HardenedDllNotificationCallback: load 753c0000 LB 0x000cc000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
8601370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
8611370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75af0000 'C:\Windows\system32\IMM32.DLL'
8621370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76790000 'C:\Windows\system32\USER32.dll'
8631370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
8641370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
8651370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
8661370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
8671370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
8681370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
8691370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
8701370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
8711370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8721370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8731370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8741370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
8751370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
8761370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8771370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
8781370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
8791370.e60: supR3HardenedDllNotificationCallback: load 74a10000 LB 0x00038000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
8801370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
8811370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74a10000 'C:\Windows\system32\ncrypt.dll'
8821370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8831370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
8841370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=749f0000 'C:\Windows\system32\bcrypt.dll'
8851370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8861370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'.
8871370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'profapi.dll'.
8881370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
8891370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
8901370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
8911370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
8921370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8931370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
8941370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
8951370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8961370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8971370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8981370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8991370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9001370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9011370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9021370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9031370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9041370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
9051370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
9061370.e60: supR3HardenedDllNotificationCallback: load 74fd0000 LB 0x00017000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
9071370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
9081370.e60: supR3HardenedDllNotificationCallback: load 74ec0000 LB 0x0000b000 C:\Windows\system32\profapi.dll [fFlags=0x0]
9091370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
9101370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74fd0000 'C:\Windows\system32\USERENV.dll'
9111370.e60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
9121370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75280000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
9131370.e60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
9141370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75280000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
9151370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9161370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
9171370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
9181370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
9191370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9201370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9211370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9221370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9231370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9241370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9251370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
9261370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
9271370.e60: supR3HardenedDllNotificationCallback: load 744b0000 LB 0x00016000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
9281370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
9291370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=744b0000 'C:\Windows\system32\GPAPI.dll'
9301370.e60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
9311370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75280000 'API-MS-WIN-Service-Management-L1-1-0.dll'
9321370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9331370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
9341370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76860000 'C:\Windows\system32\rpcrt4.dll'
9351370.e60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
9361370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75280000 'API-MS-WIN-Service-Management-L2-1-0.dll'
9371370.e60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
9381370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75280000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
9391370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9401370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
9411370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'wldap32.dll'.
9421370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
9431370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
9441370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
9451370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
9461370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9471370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
9481370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
9491370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
9501370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
9511370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9521370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9531370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9541370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9551370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9561370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9571370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9581370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
9591370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9601370.e60: supR3HardenedDllNotificationCallback: load 718e0000 LB 0x0001c000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
9611370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9621370.e60: supR3HardenedDllNotificationCallback: load 75770000 LB 0x00045000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
9631370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
9641370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9651370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
9661370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718e0000 'C:\Windows\system32\cryptnet.dll'
9671370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9681370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
9691370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718e0000 'C:\Windows\system32\cryptnet.dll'
9701370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9711370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
9721370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718e0000 'C:\Windows\system32\cryptnet.dll'
9731370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9741370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
9751370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718e0000 'C:\Windows\system32\cryptnet.dll'
9761370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9771370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
9781370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718e0000 'C:\Windows\system32\cryptnet.dll'
9791370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9801370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
9811370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718e0000 'C:\Windows\system32\cryptnet.dll'
9821370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9831370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718e0000 'C:\Windows\system32\cryptnet.dll'
9841370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9851370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718e0000 'C:\Windows\system32\cryptnet.dll'
9861370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9871370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718e0000 'C:\Windows\system32\cryptnet.dll'
9881370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9891370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718e0000 'C:\Windows\system32\cryptnet.dll'
9901370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9911370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718e0000 'C:\Windows\system32\cryptnet.dll'
9921370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718e0000 'C:\Windows\system32\cryptnet.dll'
9931370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
9941370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
9951370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
9961370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
9971370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
9981370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9991370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10001370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10011370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10021370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10031370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10041370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10051370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10061370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10071370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
10081370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
10091370.e60: supR3HardenedDllNotificationCallback: load 75490000 LB 0x00057000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
10101370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
10111370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75490000 'C:\Windows\system32\SHLWAPI.dll'
10121370.e60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
10131370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75280000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
10141370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
10151370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
10161370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74ec0000 'C:\Windows\system32\profapi.dll'
10171370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
10181370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
10191370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
10201370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
10211370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
10221370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
10231370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
10241370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll)
10251370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
10261370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
10271370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
10281370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10291370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'cfgmgr32.dll'.
10301370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devobj.dll)
10311370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
10321370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
10331370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
10341370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
10351370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
10361370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
10371370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
10381370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'gdi32.dll'.
10391370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll)
10401370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
10411370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10421370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10431370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10441370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10451370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10461370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10471370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10481370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10491370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10501370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10511370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10521370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10531370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
10541370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
10551370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10561370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
10571370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
10581370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
10591370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
10601370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
10611370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
10621370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
10631370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10641370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10651370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10661370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10671370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10681370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10691370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10701370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10711370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10721370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10731370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10741370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10751370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10761370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10771370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10781370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10791370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10801370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10811370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
10821370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
10831370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10841370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
10851370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
10861370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
10871370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ole32.dll)
10881370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
10891370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
10901370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
10911370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
10921370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10931370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10941370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10951370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10961370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10971370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10981370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10991370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11001370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
11011370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11021370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11031370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11041370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11051370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11061370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11071370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\setupapi.dll (Input=setupapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
11081370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [lacks WinVerifyTrust]
11091370.e60: supR3HardenedDllNotificationCallback: load 76d30000 LB 0x0019d000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
11101370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [lacks WinVerifyTrust]
11111370.e60: supR3HardenedDllNotificationCallback: load 74ee0000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
11121370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
11131370.e60: supR3HardenedDllNotificationCallback: load 75330000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
11141370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll [lacks WinVerifyTrust]
11151370.e60: supR3HardenedDllNotificationCallback: load 75600000 LB 0x0015c000 C:\Windows\system32\ole32.dll [fFlags=0x0]
11161370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ole32.dll [lacks WinVerifyTrust]
11171370.e60: supR3HardenedDllNotificationCallback: load 75040000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
11181370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [lacks WinVerifyTrust]
11191370.e60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
11201370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76b00000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
11211370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76d30000 'C:\Windows\system32\setupapi.dll'
11221370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11231370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cabinet.dll)
11241370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cabinet.dll
11251370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11261370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11271370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11281370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Cabinet.dll (Input=Cabinet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
11291370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cabinet.dll [lacks WinVerifyTrust]
11301370.e60: supR3HardenedDllNotificationCallback: load 718c0000 LB 0x00015000 C:\Windows\system32\Cabinet.dll [fFlags=0x0]
11311370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cabinet.dll [lacks WinVerifyTrust]
11321370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718c0000 'C:\Windows\system32\Cabinet.dll'
11331370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11341370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
11351370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
11361370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11371370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11381370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11391370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DEVRTL.dll (Input=DEVRTL.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
11401370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [lacks WinVerifyTrust]
11411370.e60: supR3HardenedDllNotificationCallback: load 746a0000 LB 0x0000e000 C:\Windows\system32\DEVRTL.dll [fFlags=0x0]
11421370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [lacks WinVerifyTrust]
11431370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=746a0000 'C:\Windows\system32\DEVRTL.dll'
11441370.e60: supR3HardenedDllNotificationCallback: Unload 76d30000 LB 0x0019d000 C:\Windows\system32\setupapi.dll [flags=0x0]
11451370.e60: supR3HardenedDllNotificationCallback: Unload 75040000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
11461370.e60: supR3HardenedDllNotificationCallback: Unload 75330000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
11471370.e60: supR3HardenedDllNotificationCallback: Unload 75600000 LB 0x0015c000 C:\Windows\system32\ole32.dll [flags=0x0]
11481370.e60: supR3HardenedDllNotificationCallback: Unload 74ee0000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [flags=0x0]
11491370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11501370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718e0000 'C:\Windows\system32\cryptnet.dll'
11511370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000 pwszName=\SystemRoot\System32\ntdll.dll
11521370.e60: supR3HardNtViCallWinVerifyTrustCatFile: New context 008bc1f0
11531370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
11541370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=50929F41C33F16E8BA869CF91E6D0F8A98EBFD16
11551370.e60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
11561370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75280000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
11571370.e60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
11581370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75280000 'API-MS-WIN-Service-Management-L1-1-0.dll'
11591370.e60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
11601370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75280000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
11611370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
11621370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
11631370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=751e0000 'C:\Windows\system32\ADVAPI32.dll'
11641370.e60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
11651370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75280000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
11661370.e60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
11671370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75280000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
11681370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2882822~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\SystemRoot\System32\ntdll.dll'
11691370.e60: g_pfnWinVerifyTrust=75002674
11701370.e60: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
11711370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
11721370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
11731370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
11741370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A7A2A8BA225636E41D4A990A4D527D2BC1993AB7
11751370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
11761370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11771370.e60: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
11781370.e60: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
11791370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
11801370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
11811370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
11821370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AAFC6FF018C72268F70F327089713FA62B6A6CAC
11831370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
11841370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11851370.e60: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
11861370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000003dc pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
11871370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
11881370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
11891370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CD89866352298A7134AB5603177CD257C074D584
11901370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
11911370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11921370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
11931370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000003d0 pwszName=\Device\HarddiskVolume2\Windows\System32\cabinet.dll
11941370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
11951370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
11961370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=86A3214FF22CE214819131AA9D9FD5145ACECD0C
11971370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cabinet.dll'
11981370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11991370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cabinet.dll'
12001370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000398 pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
12011370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
12021370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
12031370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=07C15DE99041924EC7DED2E27632443249973ECA
12041370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
12051370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12061370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ole32.dll'
12071370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000394 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
12081370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
12091370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
12101370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A2D26C675A9F5FB0ABA919E9F71726151CB174F1
12111370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
12121370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12131370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
12141370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000390 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
12151370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
12161370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
12171370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=670D97F5DC29234BF188E6E1EBC8A3A9D4EDA114
12181370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
12191370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12201370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
12211370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000038c pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
12221370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
12231370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
12241370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EE1631BE6E86D9131380E981EC05320E6DF3FD3A
12251370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
12261370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12271370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devobj.dll'
12281370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000388 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
12291370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
12301370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
12311370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=07B90F6FCFF3E079727E8F6884115307C6E5BA41
12321370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
12331370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12341370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
12351370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000037c pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
12361370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
12371370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
12381370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A97620B38393821964747185BD0CFB4FF244F0A
12391370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
12401370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12411370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
12421370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000370 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
12431370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
12441370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
12451370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4274E678F4A09F0955B304F45CFA0547B0F86BC7
12461370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
12471370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12481370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
12491370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000036c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
12501370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
12511370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
12521370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C52865414241F58CAC9EEBC4EC3F3B16CC08EAEE
12531370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
12541370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12551370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
12561370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000258 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
12571370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
12581370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
12591370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BD66D8D7C0A43466AD80C34E81C083C3C69E195B
12601370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
12611370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12621370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
12631370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001c4 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
12641370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
12651370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
12661370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D9A4C90615FC5B5674208A5401C018FEA2A04A4B
12671370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
12681370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12691370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
12701370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001c0 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
12711370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
12721370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
12731370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=21925C895DA97CB66CCC5FBA910D9ABD265AA276
12741370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
12751370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12761370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
12771370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001ac pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
12781370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
12791370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
12801370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CE0ECE66FA0266873DB2E9FEEF903A73BDC5376
12811370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
12821370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12831370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
12841370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000194 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
12851370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
12861370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
12871370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=64F08BBBD276BF0D30DC1EB035E557AB0D981A25
12881370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
12891370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12901370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
12911370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000190 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
12921370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
12931370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
12941370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB8862BB29C3F539B9BF3A9E49EBC509A515AC5C
12951370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
12961370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12971370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
12981370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000018c pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
12991370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
13001370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
13011370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A2FDEE6777EE1392CEB3E98C6B38CE7EA30C9F31
13021370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
13031370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13041370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
13051370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000188 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
13061370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
13071370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
13081370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3AB0DC60D51A0053E75090F639D8517BE8BC74AD
13091370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
13101370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13111370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
13121370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000184 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
13131370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
13141370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
13151370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41DED5EF02BD22C4EC0CA99DF7F18E78EE9F1CB1
13161370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
13171370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13181370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
13191370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000180 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
13201370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
13211370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
13221370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=46D722AD9F66278A8EBC0D192855961CE6A21050
13231370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
13241370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13251370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
13261370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000178 pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
13271370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
13281370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
13291370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3E987531CA5DDB46DA0288B32D60D692350E2A63
13301370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
13311370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13321370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
13331370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000134 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
13341370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
13351370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
13361370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7E0CBD7D0C7F18B4CDC624EAFFFE29E8644EB2D5
13371370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
13381370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13391370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
13401370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
13411370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
13421370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
13431370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
13441370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCDD93573F63B6F37F01E3BC42D7CB8A7C6AD119
13451370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
13461370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13471370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
13481370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000124 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
13491370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
13501370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
13511370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=78E9ABD813B4175EBA8EBD16ACB465E0E2FBF7F8
13521370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
13531370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13541370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
13551370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000120 pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
13561370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
13571370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
13581370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0126923AE273E77D7677F69E1B331A63871D998A
13591370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2882822~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
13601370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13611370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
13621370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
13631370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000108 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
13641370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
13651370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
13661370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F0BAB1EFD5C685AC53B020519B5A6984B19E5071
13671370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
13681370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13691370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
13701370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000e8 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
13711370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
13721370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
13731370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F316018CBA12E77998A5FA21A14EB469FA6A1904
13741370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
13751370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13761370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
13771370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
13781370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
13791370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
13801370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7068F2E1634BBD478D1FBCF4C463626913EA7285
13811370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
13821370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13831370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
13841370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
13851370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
13861370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
13871370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3D25D5DCD0ECE76AD56254FBC21654977069634D
13881370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
13891370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13901370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
13911370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
13921370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000024 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
13931370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
13941370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
13951370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B8A16C6D142809F326F4D54E56BF3C184D273000
13961370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_38_for_KB2731771~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
13971370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13981370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
13991370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000001c pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
14001370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
14011370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
14021370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A3FC7F66FFD5575D4BA6A43EF031388F26ADAD23
14031370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_38_for_KB2731771~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
14041370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14051370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
14061370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
14071370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008eaebc:C:\Windows\system32 [calling]
14081370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75060000 'C:\Windows\system32\crypt32.dll'
14091370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
14101370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
14111370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
14121370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
14131370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
14141370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
14151370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
14161370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
14171370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
14181370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
14191370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
14201370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
14211370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
14221370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
14231370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
14241370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
14251370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
14261370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
14271370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
14281370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
14291370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
14301370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
14311370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
14321370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
14331370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
14341370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
14351370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x30669a4e82fa800 C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
14361370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
14371370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0xe66b56ffc86e50a4 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, Email=server-certs@thawte.com
14381370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
14391370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
14401370.e60: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=31
14411370.e60: SUPR3HardenedMain: Load Runtime...
14421370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
14431370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
14441370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
14451370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
14461370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
14471370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
14481370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14491370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14501370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
14511370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
14521370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000003c0 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
14531370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
14541370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
14551370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2535224DB54945234E1A0C452639FCBB02F5F364
14561370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
14571370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14581370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14591370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
14601370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'nsi.dll'.
14611370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
14621370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
14631370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14641370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14651370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
14661370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
14671370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
14681370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14691370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14701370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
14711370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
14721370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14731370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14741370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
14751370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
14761370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
14771370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000003f0 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
14781370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
14791370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
14801370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B5C25EDD170A1CAACC3D49C508AB6F58BD6DE6E2
14811370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
14821370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14831370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
14841370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
14851370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14861370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14871370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14881370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14891370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008cd014:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
14901370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
14911370.e60: supR3HardenedDllNotificationCallback: load 614c0000 LB 0x0042b000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
14921370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
14931370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
14941370.e60: supR3HardenedDllNotificationCallback: load 67760000 LB 0x000bf000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
14951370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
14961370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
14971370.e60: supR3HardenedDllNotificationCallback: load 68450000 LB 0x00069000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
14981370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
14991370.e60: supR3HardenedDllNotificationCallback: load 75ab0000 LB 0x00035000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
15001370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
15011370.e60: supR3HardenedDllNotificationCallback: load 752a0000 LB 0x00006000 C:\Windows\system32\NSI.dll [fFlags=0x0]
15021370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
15031370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
15041370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
15051370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15061370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
15071370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
15081370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15091370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
15101370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
15111370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15121370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
15131370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
15141370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15151370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
15161370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
15171370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15181370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
15191370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
15201370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15211370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15221370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15231370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15241370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15251370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15261370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15271370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15281370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
15291370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
15301370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15311370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15321370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15331370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15341370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15351370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15361370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15371370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15381370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15391370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15401370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15411370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15421370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15431370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15441370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15451370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15461370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
15471370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling]
15481370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15491370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15501370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15511370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15521370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
15531370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008eaebc:C:\Windows\system32 [calling]
15541370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75000000 'C:\Windows\system32\Wintrust.dll'
15551370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
15561370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008eaebc:C:\Windows\system32 [calling]
15571370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75060000 'C:\Windows\system32\crypt32.dll'
15581370.e60: SUPR3HardenedMain: Load TrustedMain...
15591370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
15601370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
15611370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
15621370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
15631370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
15641370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
15651370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
15661370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
15671370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5printsupportvbox.dll'.
15681370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5openglvbox.dll'.
15691370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'user32.dll'.
15701370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'advapi32.dll'.
15711370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'shell32.dll'.
15721370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'ole32.dll'.
15731370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
15741370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
15751370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
15761370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
15771370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
15781370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
15791370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000430 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
15801370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
15811370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
15821370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0907A64D7756C59C69C1DFBD06460EC89D3A8FBD
15831370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
15841370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15851370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
15861370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
15871370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
15881370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
15891370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
15901370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
15911370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
15921370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
15931370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
15941370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
15951370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
15961370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
15971370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000410 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
15981370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
15991370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
16001370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8BEFE2D8EC7EF34FCC6A62BE11D1AAE6597F4884
16011370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
16021370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16031370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16041370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
16051370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
16061370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
16071370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
16081370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
16091370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16101370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16111370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
16121370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16131370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16141370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
16151370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
16161370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
16171370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
16181370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
16191370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
16201370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
16211370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
16221370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
16231370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
16241370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
16251370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
16261370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
16271370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
16281370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
16291370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
16301370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
16311370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
16321370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
16331370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
16341370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
16351370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
16361370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
16371370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
16381370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
16391370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
16401370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
16411370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
16421370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
16431370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
16441370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
16451370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
16461370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
16471370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
16481370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
16491370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
16501370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcp100.dll'.
16511370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
16521370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust
16531370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16541370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16551370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16561370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
16571370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
16581370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
16591370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
16601370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
16611370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
16621370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
16631370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
16641370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) WinVerifyTrust
16651370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16661370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16671370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16681370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
16691370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
16701370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
16711370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
16721370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
16731370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
16741370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
16751370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
16761370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
16771370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
16781370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
16791370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
16801370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
16811370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
16821370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
16831370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000043c pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
16841370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
16851370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
16861370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4C7570E385B8CF66CB40344231F3E0AA4189574F
16871370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
16881370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16891370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16901370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
16911370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
16921370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
16931370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
16941370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
16951370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
16961370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
16971370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16981370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16991370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
17001370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
17011370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000454 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
17021370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
17031370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
17041370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6D0AC3B30C2D6C734EBBA3E99BF60B93FDF28E33
17051370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
17061370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17071370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17081370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
17091370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
17101370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
17111370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
17121370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
17131370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
17141370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
17151370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
17161370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
17171370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000450 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
17181370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
17191370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
17201370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8AAE7D02045ADA954DBE714C716FEAB98D1A54F0
17211370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
17221370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17231370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17241370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
17251370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
17261370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
17271370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
17281370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17291370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17301370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17311370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17321370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
17331370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17341370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17351370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
17361370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
17371370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
17381370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
17391370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
17401370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
17411370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
17421370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
17431370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
17441370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17451370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17461370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
17471370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17481370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17491370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
17501370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
17511370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
17521370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
17531370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
17541370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
17551370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000470 pwszName=\Device\HarddiskVolume2\Windows\System32\mpr.dll
17561370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
17571370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
17581370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=59D688F30A17609F526F66E4182B6C29A30402D4
17591370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\mpr.dll'
17601370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17611370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll) WinVerifyTrust
17621370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
17631370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
17641370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
17651370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
17661370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17671370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17681370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
17691370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
17701370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17711370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
17721370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
17731370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
17741370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
17751370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17761370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17771370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17781370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17791370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
17801370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
17811370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
17821370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
17831370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
17841370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
17851370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
17861370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17871370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17881370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17891370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17901370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
17911370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
17921370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
17931370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17941370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17951370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
17961370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
17971370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
17981370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
17991370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
18001370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
18011370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
18021370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
18031370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
18041370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
18051370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18061370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18071370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
18081370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18091370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18101370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18111370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18121370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
18131370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
18141370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000440 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
18151370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
18161370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
18171370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1C456ACB19416C5E733133B4582891146F151614
18181370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
18191370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18201370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18211370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
18221370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
18231370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
18241370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
18251370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
18261370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
18271370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
18281370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
18291370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
18301370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000474 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
18311370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
18321370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
18331370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B39657B6044CE5C98BB9FC443679CBDE0E6BE222
18341370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
18351370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18361370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18371370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
18381370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
18391370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust
18401370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
18411370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
18421370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
18431370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
18441370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
18451370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
18461370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
18471370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
18481370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
18491370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
18501370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18511370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18521370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18531370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18541370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18551370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18561370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
18571370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
18581370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
18591370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
18601370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
18611370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
18621370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
18631370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
18641370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
18651370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18661370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18671370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18681370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18691370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
18701370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
18711370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
18721370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18731370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18741370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18751370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18761370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18771370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18781370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18791370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18801370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18811370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18821370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
18831370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18841370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18851370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
18861370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
18871370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
18881370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
18891370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
18901370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000046c pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
18911370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
18921370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
18931370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E96A920E91CC2AD46A67747FA2057790B4771F6B
18941370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
18951370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18961370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
18971370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
18981370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
18991370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
19001370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
19011370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19021370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19031370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19041370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19051370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
19061370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
19071370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
19081370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19091370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19101370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
19111370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
19121370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
19131370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
19141370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
19151370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19161370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19171370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19181370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19191370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
19201370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
19211370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
19221370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19231370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19241370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
19251370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
19261370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000484 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
19271370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
19281370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
19291370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2DD0519DFAD1ED741C9324879C92EC15A9FFB8D0
19301370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
19311370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19321370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19331370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
19341370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
19351370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
19361370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
19371370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
19381370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
19391370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
19401370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19411370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19421370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
19431370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
19441370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000434 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
19451370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
19461370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
19471370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1CABD2640C1BC20B2A2C36EAF39DEED33F0F7235
19481370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
19491370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19501370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19511370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
19521370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
19531370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
19541370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
19551370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19561370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19571370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19581370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19591370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19601370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19611370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19621370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19631370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19641370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19651370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19661370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19671370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19681370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19691370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19701370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19711370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
19721370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19731370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19741370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19751370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19761370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19771370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19781370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
19791370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008ccf8c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
19801370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
19811370.e60: supR3HardenedDllNotificationCallback: load 60ca0000 LB 0x00811000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
19821370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
19831370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
19841370.e60: supR3HardenedDllNotificationCallback: load 6dfe0000 LB 0x000c8000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
19851370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
19861370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
19871370.e60: supR3HardenedDllNotificationCallback: load 6dfb0000 LB 0x00022000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
19881370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
19891370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
19901370.e60: supR3HardenedDllNotificationCallback: load 6dec0000 LB 0x000e7000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
19911370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
19921370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
19931370.e60: supR3HardenedDllNotificationCallback: load 6deb0000 LB 0x00006000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
19941370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
19951370.e60: supR3HardenedDllNotificationCallback: load 76d30000 LB 0x0019d000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
19961370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
19971370.e60: supR3HardenedDllNotificationCallback: load 74ee0000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
19981370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
19991370.e60: supR3HardenedDllNotificationCallback: load 75330000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
20001370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20011370.e60: supR3HardenedDllNotificationCallback: load 75600000 LB 0x0015c000 C:\Windows\system32\ole32.dll [fFlags=0x0]
20021370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
20031370.e60: supR3HardenedDllNotificationCallback: load 75040000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
20041370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
20051370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
20061370.e60: supR3HardenedDllNotificationCallback: load 73920000 LB 0x00013000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
20071370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
20081370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
20091370.e60: supR3HardenedDllNotificationCallback: load 66260000 LB 0x00243000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.dll [fFlags=0x0]
20101370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
20111370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
20121370.e60: supR3HardenedDllNotificationCallback: load 69310000 LB 0x00007000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
20131370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
20141370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
20151370.e60: supR3HardenedDllNotificationCallback: load 603a0000 LB 0x00475000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
20161370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
20171370.e60: supR3HardenedDllNotificationCallback: load 75b10000 LB 0x00c4a000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
20181370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
20191370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
20201370.e60: supR3HardenedDllNotificationCallback: load 6fdf0000 LB 0x00012000 C:\Windows\system32\MPR.dll [fFlags=0x0]
20211370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
20221370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
20231370.e60: supR3HardenedDllNotificationCallback: load 5fa40000 LB 0x004ae000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
20241370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
20251370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
20261370.e60: supR3HardenedDllNotificationCallback: load 5ff50000 LB 0x0044d000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
20271370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
20281370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
20291370.e60: supR3HardenedDllNotificationCallback: load 686c0000 LB 0x00044000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
20301370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
20311370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
20321370.e60: supR3HardenedDllNotificationCallback: load 73340000 LB 0x00051000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
20331370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
20341370.e60: supR3HardenedDllNotificationCallback: load 752b0000 LB 0x0007b000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
20351370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
20361370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
20371370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
20381370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
20391370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll)
20401370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
20411370.e60: supR3HardenedDllNotificationCallback: load 6eb00000 LB 0x00084000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\COMCTL32.dll [fFlags=0x0]
20421370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll [avoiding WinVerifyTrust]
20431370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
20441370.e60: supR3HardenedDllNotificationCallback: load 683a0000 LB 0x00046000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
20451370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
20461370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
20471370.e60: supR3HardenedDllNotificationCallback: load 73100000 LB 0x00032000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
20481370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
20491370.e60: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll'.
20501370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll' [rescheduled]
20511370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
20521370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20531370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20541370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20551370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20561370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20571370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20581370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008cd1ac:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
20591370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75af0000 'C:\Windows\system32\imm32.dll'
20601370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=751e0000 'C:\Windows\system32\ADVAPI32.DLL'
20611370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
20621370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000:<flags> [calling]
20631370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74db0000 'C:\Windows\system32\cryptbase.dll'
20641370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=60ca0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
20651370.e60: SUPR3HardenedMain: Calling TrustedMain (60ca1560)...
20661370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
20671370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008ccf8c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
20681370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75600000 'C:\Windows\system32\ole32.dll'
20691370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=751e0000 'C:\Windows\system32\ADVAPI32.dll'
20701370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
20711370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008ccf8c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
20721370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75b10000 'C:\Windows\system32\shell32.dll'
20731370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
20741370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'imm32.dll'.
20751370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'winmm.dll'.
20761370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
20771370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
20781370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
20791370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
20801370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
20811370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
20821370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
20831370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
20841370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
20851370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
20861370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20871370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20881370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
20891370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
20901370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
20911370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
20921370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
20931370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
20941370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20951370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20961370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20971370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20981370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20991370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21001370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
21011370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
21021370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
21031370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21041370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21051370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
21061370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
21071370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
21081370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
21091370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
21101370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
21111370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
21121370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21131370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21141370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
21151370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008ccf8c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21161370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
21171370.e60: supR3HardenedDllNotificationCallback: load 671f0000 LB 0x000ee000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
21181370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
21191370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=671f0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
21201370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000510 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
21211370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
21221370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
21231370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BCFB3B3EDEC8C54A3B95DACAFC19DCB9EA6969BD
21241370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
21251370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21261370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21271370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
21281370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
21291370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
21301370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
21311370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21321370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21331370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21341370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21351370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21361370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21371370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=024d9abc:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21381370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
21391370.e60: supR3HardenedDllNotificationCallback: load 73d60000 LB 0x00040000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
21401370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
21411370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73d60000 'C:\Windows\system32\uxtheme.dll'
21421370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
21431370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=024d9abc:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21441370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73d60000 'C:\Windows\system32\uxtheme.dll'
21451370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
21461370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=024d9abc:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21471370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73d60000 'C:\Windows\system32\uxtheme.dll'
21481370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
21491370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=024d9abc:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21501370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73d60000 'C:\Windows\system32\uxtheme.dll'
21511370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
21521370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008cc81c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21531370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74db0000 'C:\Windows\system32\CRYPTBASE.dll'
21541370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76790000 'C:\Windows\system32\user32.dll'
21551370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
21561370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008cc81c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21571370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75b10000 'C:\Windows\system32\shell32.dll'
21581370.e60: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
21591370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008cc81c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21601370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
21611370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
21621370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008cc81c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21631370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73920000 'C:\Windows\system32\dwmapi.dll'
21641370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
21651370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008cc81c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21661370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73100000 'C:\Windows\system32\winmm.dll'
21671370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
21681370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008cc81c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21691370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73100000 'C:\Windows\system32\winmm.dll'
21701370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
21711370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008cc81c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21721370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75b10000 'C:\Windows\system32\shell32.dll'
21731370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
21741370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008cc81c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21751370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73d60000 'C:\Windows\system32\uxtheme.dll'
21761370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=751e0000 'C:\Windows\system32\advapi32.dll'
21771370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
21781370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008cc81c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21791370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74fd0000 'C:\Windows\system32\userenv.dll'
21801370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
21811370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008cc81c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
21821370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76b00000 'C:\Windows\system32\kernel32.dll'
21831370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000540 pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
21841370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
21851370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
21861370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B560B8A95D275325C41DE5897E348BE60192127E
21871370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
21881370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21891370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21901370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
21911370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
21921370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
21931370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
21941370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
21951370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) WinVerifyTrust
21961370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
21971370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21981370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21991370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22001370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22011370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
22021370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22031370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22041370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22051370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22061370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22071370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22081370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
22091370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22101370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22111370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008cc81c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22121370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
22131370.e60: supR3HardenedDllNotificationCallback: load 77070000 LB 0x00083000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
22141370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
22151370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77070000 'C:\Windows\system32\CLBCatQ.DLL'
22161370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=751e0000 'C:\Windows\system32\ADVAPI32.dll'
22171370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
22181370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008cd124:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22191370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=748e0000 'C:\Windows\system32\CRYPTSP.dll'
22201370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000055c pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
22211370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
22221370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
22231370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A397FD418538BAA1CB6D18B348447E74938F66EA
22241370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
22251370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22261370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
22271370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
22281370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
22291370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22301370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22311370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008cce7c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
22321370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
22331370.e60: supR3HardenedDllNotificationCallback: load 74e50000 LB 0x0000e000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
22341370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
22351370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74e50000 'C:\Windows\system32\RpcRtRemote.dll'
22361370.e60: \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll: Owner is administrators group.
22371370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000590 pwszName=\Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll
22381370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0
22391370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
22401370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D5CDF4FDAA815EDACE2632509BAD2A4F705CCFB9
22411370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
22421370.e60: supR3HardNtViCallWinVerifyTrustCatFile: New context 008bc1f0
22431370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0
22441370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D5CDF4FDAA815EDACE2632509BAD2A4F705CCFB9
22451370.e60: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
22461370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
22471370.e60: supHardenedWinVerifyImageByHandle: -> -22900 (\Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll) WinVerifyTrust
22481370.e60: Error (rc=0):
22491370.e60: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll: Not signed.
22501370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll
22511370.e60: Error (rc=0):
22521370.e60: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Smadav\SmadHook32.dll' (C:\Program Files\Smadav\SmadHook32.dll): rcNt=0xc0000190
22531370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Smadav\SmadHook32.dll'
22541370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll
22551370.e60: Error (rc=0):
22561370.e60: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll
22571370.e60: Error (rc=0):
22581370.e60: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Smadav\SmadHook32.dll' (C:\Program Files\Smadav\SmadHook32.dll): rcNt=0xc0000190
22591370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Smadav\SmadHook32.dll'
22601370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll
22611370.e60: Error (rc=0):
22621370.e60: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll
22631370.e60: Error (rc=0):
22641370.e60: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Smadav\SmadHook32.dll' (C:\Program Files\Smadav\SmadHook32.dll): rcNt=0xc0000190
22651370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Smadav\SmadHook32.dll'
22661370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll
22671370.e60: Error (rc=0):
22681370.e60: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=3 \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll
22691370.e60: Error (rc=0):
22701370.e60: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Smadav\SmadHook32.dll' (C:\Program Files\Smadav\SmadHook32.dll): rcNt=0xc0000190
22711370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Smadav\SmadHook32.dll'
22721370.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22731370.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
22741370.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
22751370.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
22761370.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
22771370.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
22781370.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
22791370.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
22801370.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
22811370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22821370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22831370.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
22841370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22851370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22861370.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
22871370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22881370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22891370.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
22901370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22911370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22921370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
22931370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
22941370.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22951370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22961370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
22971370.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
22981370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22991370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23001370.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008ef12c:C:\Program Files\Oracle\VirtualBox;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23011370.15fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
23021370.15fc: supR3HardenedDllNotificationCallback: load 5f5f0000 LB 0x0044d000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
23031370.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
23041370.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=5f5f0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
23051370.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23061370.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
23071370.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
23081370.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
23091370.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
23101370.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
23111370.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
23121370.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
23131370.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
23141370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23151370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23161370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23171370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23181370.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
23191370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23201370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23211370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
23221370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
23231370.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
23241370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23251370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23261370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23271370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23281370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23291370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23301370.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008ef12c:C:\Program Files\Oracle\VirtualBox;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23311370.15fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
23321370.15fc: supR3HardenedDllNotificationCallback: load 676f0000 LB 0x0006e000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
23331370.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
23341370.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=676f0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
23351370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77020000 'C:\Windows\system32\gdi32.dll'
23361370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75b10000 'C:\Windows\system32\shell32.dll'
23371370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75b10000 'C:\Windows\system32\shell32.dll'
23381370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75b10000 'C:\Windows\system32\shell32.dll'
23391370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75b10000 'C:\Windows\system32\shell32.dll'
23401370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75b10000 'C:\Windows\system32\shell32.dll'
23411370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75b10000 'C:\Windows\system32\shell32.dll'
23421370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=751e0000 'C:\Windows\system32\ADVAPI32.dll'
23431370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75600000 'C:\Windows\system32\ole32.dll'
23441370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75600000 'C:\Windows\system32\ole32.dll'
23451370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
23461370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=024d9abc:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23471370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=753c0000 'C:\Windows\system32\MSCTF.dll'
23481370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll
23491370.e60: Error (rc=0):
23501370.e60: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=4 \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll
23511370.e60: Error (rc=0):
23521370.e60: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Smadav\SmadHook32.dll' (C:\Program Files\Smadav\SmadHook32.dll): rcNt=0xc0000190
23531370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Smadav\SmadHook32.dll'
23541370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll
23551370.e60: Error (rc=0):
23561370.e60: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=5 \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll
23571370.e60: Error (rc=0):
23581370.e60: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Smadav\SmadHook32.dll' (C:\Program Files\Smadav\SmadHook32.dll): rcNt=0xc0000190
23591370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Smadav\SmadHook32.dll'
23601370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll
23611370.e60: Error (rc=0):
23621370.e60: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=6 \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll
23631370.e60: Error (rc=0):
23641370.e60: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Smadav\SmadHook32.dll' (C:\Program Files\Smadav\SmadHook32.dll): rcNt=0xc0000190
23651370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Smadav\SmadHook32.dll'
23661370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll
23671370.e60: Error (rc=0):
23681370.e60: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=7 \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll
23691370.e60: Error (rc=0):
23701370.e60: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Smadav\SmadHook32.dll' (C:\Program Files\Smadav\SmadHook32.dll): rcNt=0xc0000190
23711370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Smadav\SmadHook32.dll'
23721370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll
23731370.e60: Error (rc=0):
23741370.e60: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=8 \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll
23751370.e60: Error (rc=0):
23761370.e60: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Smadav\SmadHook32.dll' (C:\Program Files\Smadav\SmadHook32.dll): rcNt=0xc0000190
23771370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Smadav\SmadHook32.dll'
23781370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
23791370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008ccd6c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
23801370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73100000 'C:\Windows\system32\WINMM.dll'
23811370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll
23821370.e60: Error (rc=0):
23831370.e60: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=16 \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll
23841370.e60: Error (rc=0):
23851370.e60: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Smadav\SmadHook32.dll' (C:\Program Files\Smadav\SmadHook32.dll): rcNt=0xc0000190
23861370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Smadav\SmadHook32.dll'
23871370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll
23881370.e60: Error (rc=0):
23891370.e60: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=32 \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll
23901370.e60: Error (rc=0):
23911370.e60: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Smadav\SmadHook32.dll' (C:\Program Files\Smadav\SmadHook32.dll): rcNt=0xc0000190
23921370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Smadav\SmadHook32.dll'
23931370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll
23941370.e60: Error (rc=0):
23951370.e60: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=64 \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll
23961370.e60: Error (rc=0):
23971370.e60: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Smadav\SmadHook32.dll' (C:\Program Files\Smadav\SmadHook32.dll): rcNt=0xc0000190
23981370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Smadav\SmadHook32.dll'
23991370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll
24001370.e60: Error (rc=0):
24011370.e60: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=128 \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll
24021370.e60: Error (rc=0):
24031370.e60: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Smadav\SmadHook32.dll' (C:\Program Files\Smadav\SmadHook32.dll): rcNt=0xc0000190
24041370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Smadav\SmadHook32.dll'
24051370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll
24061370.e60: Error (rc=0):
24071370.e60: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=256 \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll
24081370.e60: Error (rc=0):
24091370.e60: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Smadav\SmadHook32.dll' (C:\Program Files\Smadav\SmadHook32.dll): rcNt=0xc0000190
24101370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Smadav\SmadHook32.dll'
24111370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll
24121370.e60: Error (rc=0):
24131370.e60: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=512 \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll
24141370.e60: Error (rc=0):
24151370.e60: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Smadav\SmadHook32.dll' (C:\Program Files\Smadav\SmadHook32.dll): rcNt=0xc0000190
24161370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Smadav\SmadHook32.dll'
24171370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll
24181370.e60: Error (rc=0):
24191370.e60: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1024 \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll
24201370.e60: Error (rc=0):
24211370.e60: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Smadav\SmadHook32.dll' (C:\Program Files\Smadav\SmadHook32.dll): rcNt=0xc0000190
24221370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Smadav\SmadHook32.dll'

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette