Ticket #16291: VBoxHardening_freezeB.log

File VBoxHardening_freezeB.log, 381.3 KB (added by neumannd, 8 years ago)
Hardening Log file (relating to VBox_freezeB.log)

Line
1	16c.e9c: Log file opened: 5.1.10r112026 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
2	16c.e9c: \SystemRoot\System32\ntdll.dll:
3	16c.e9c: CreationTime: 2010-11-21T03:23:51.351694200Z
4	16c.e9c: LastWriteTime: 2010-11-21T03:23:51.367294200Z
5	16c.e9c: ChangeTime: 2016-09-30T16:27:23.544905100Z
6	16c.e9c: FileAttributes: 0x20
7	16c.e9c: Size: 0x1a6d60
8	16c.e9c: NT Headers: 0xe0
9	16c.e9c: Timestamp: 0x4ce7c8f9
10	16c.e9c: Machine: 0x8664 - amd64
11	16c.e9c: Timestamp: 0x4ce7c8f9
12	16c.e9c: Image Version: 6.1
13	16c.e9c: SizeOfImage: 0x1a9000 (1740800)
14	16c.e9c: Resource Dir: 0x151000 LB 0x560d8
15	16c.e9c: ProductName: Microsoft® Windows® Operating System
16	16c.e9c: ProductVersion: 6.1.7601.17514
17	16c.e9c: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
18	16c.e9c: FileDescription: NT Layer DLL
19	16c.e9c: \SystemRoot\System32\kernel32.dll:
20	16c.e9c: CreationTime: 2010-11-21T03:24:07.965723400Z
21	16c.e9c: LastWriteTime: 2010-11-21T03:24:07.981323400Z
22	16c.e9c: ChangeTime: 2016-09-30T16:27:03.155669300Z
23	16c.e9c: FileAttributes: 0x20
24	16c.e9c: Size: 0x11b800
25	16c.e9c: NT Headers: 0xe8
26	16c.e9c: Timestamp: 0x4ce7c78b
27	16c.e9c: Machine: 0x8664 - amd64
28	16c.e9c: Timestamp: 0x4ce7c78b
29	16c.e9c: Image Version: 6.1
30	16c.e9c: SizeOfImage: 0x11f000 (1175552)
31	16c.e9c: Resource Dir: 0x116000 LB 0x528
32	16c.e9c: ProductName: Microsoft® Windows® Operating System
33	16c.e9c: ProductVersion: 6.1.7601.17514
34	16c.e9c: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
35	16c.e9c: FileDescription: Windows NT BASE API Client DLL
36	16c.e9c: \SystemRoot\System32\KernelBase.dll:
37	16c.e9c: CreationTime: 2010-11-21T03:24:26.217755400Z
38	16c.e9c: LastWriteTime: 2010-11-21T03:24:26.248955500Z
39	16c.e9c: ChangeTime: 2016-09-30T16:27:03.077669200Z
40	16c.e9c: FileAttributes: 0x20
41	16c.e9c: Size: 0x66800
42	16c.e9c: NT Headers: 0xf0
43	16c.e9c: Timestamp: 0x4ce7c78c
44	16c.e9c: Machine: 0x8664 - amd64
45	16c.e9c: Timestamp: 0x4ce7c78c
46	16c.e9c: Image Version: 6.1
47	16c.e9c: SizeOfImage: 0x6b000 (438272)
48	16c.e9c: Resource Dir: 0x69000 LB 0x530
49	16c.e9c: ProductName: Microsoft® Windows® Operating System
50	16c.e9c: ProductVersion: 6.1.7601.17514
51	16c.e9c: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
52	16c.e9c: FileDescription: Windows NT BASE API Client DLL
53	16c.e9c: \SystemRoot\System32\apisetschema.dll:
54	16c.e9c: CreationTime: 2009-07-13T23:18:54.866423200Z
55	16c.e9c: LastWriteTime: 2009-07-14T01:24:53.779000000Z
56	16c.e9c: ChangeTime: 2016-09-30T16:26:47.134441200Z
57	16c.e9c: FileAttributes: 0x20
58	16c.e9c: Size: 0x1a00
59	16c.e9c: NT Headers: 0xc0
60	16c.e9c: Timestamp: 0x4a5bdeab
61	16c.e9c: Machine: 0x8664 - amd64
62	16c.e9c: Timestamp: 0x4a5bdeab
63	16c.e9c: Image Version: 6.1
64	16c.e9c: SizeOfImage: 0x50000 (327680)
65	16c.e9c: Resource Dir: 0x30000 LB 0x3f0
66	16c.e9c: ProductName: Microsoft® Windows® Operating System
67	16c.e9c: ProductVersion: 6.1.7600.16385
68	16c.e9c: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
69	16c.e9c: FileDescription: ApiSet Schema DLL
70	16c.e9c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
71	16c.e9c: supR3HardenedWinFindAdversaries: 0x0
72	16c.e9c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
73	16c.e9c: Calling main()
74	16c.e9c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
75	16c.e9c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
76	16c.e9c: SUPR3HardenedMain: Respawn #1
77	16c.e9c: System32: \Device\HarddiskVolume2\Windows\System32
78	16c.e9c: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
79	16c.e9c: KnownDllPath: C:\Windows\system32
80	16c.e9c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
81	16c.e9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
82	16c.e9c: supR3HardNtEnableThreadCreation:
83	16c.e9c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000779cc320 pvNtTerminateThread=00000000779f1840
84	16c.e9c: supR3HardenedWinDoReSpawn(1): New child 500.194 [kernel32].
85	16c.e9c: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd6000 cbPeb=0x380
86	16c.e9c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00000000779a0000 uNtDllChildAddr=00000000779a0000
87	16c.e9c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000779cc320
88	16c.e9c: supR3HardenedWinSetupChildInit: Start child.
89	16c.e9c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
90	16c.e9c: supR3HardNtChildPurify: Startup delay kludge #1/0: 265 ms, 17 sleeps
91	16c.e9c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
92	16c.e9c: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
93	16c.e9c: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
94	16c.e9c: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
95	16c.e9c: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
96	16c.e9c: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
97	16c.e9c: 0000000000041000-fffffffffffd1fff 0x0001/0x0000 0x0000000
98	16c.e9c: *00000000000b0000-fffffffffffb3fff 0x0000/0x0004 0x0020000
99	16c.e9c: 00000000001ac000-00000000001a9fff 0x0104/0x0004 0x0020000
100	16c.e9c: 00000000001ae000-00000000001abfff 0x0004/0x0004 0x0020000
101	16c.e9c: 00000000001b0000-ffffffff889bffff 0x0001/0x0000 0x0000000
102	16c.e9c: *00000000779a0000-00000000779a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
103	16c.e9c: 00000000779a1000-0000000077aa2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
104	16c.e9c: 0000000077aa3000-0000000077ad1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
105	16c.e9c: 0000000077ad2000-0000000077addfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
106	16c.e9c: 0000000077ade000-0000000077b48fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
107	16c.e9c: 0000000077b49000-00000000706b1fff 0x0001/0x0000 0x0000000
108	16c.e9c: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
109	16c.e9c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
110	16c.e9c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
111	16c.e9c: 000000007fff0000-ffffffffc069ffff 0x0001/0x0000 0x0000000
112	16c.e9c: *000000013f940000-000000013f940fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
113	16c.e9c: 000000013f941000-000000013f9affff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
114	16c.e9c: 000000013f9b0000-000000013f9b0fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
115	16c.e9c: 000000013f9b1000-000000013f9f5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
116	16c.e9c: 000000013f9f6000-000000013f9f6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
117	16c.e9c: 000000013f9f7000-000000013f9f7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
118	16c.e9c: 000000013f9f8000-000000013f9fcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
119	16c.e9c: 000000013f9fd000-000000013f9fdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
120	16c.e9c: 000000013f9fe000-000000013f9fefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
121	16c.e9c: 000000013f9ff000-000000013fa02fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
122	16c.e9c: 000000013fa03000-000000013fa4afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
123	16c.e9c: 000000013fa4b000-fffff8037f7d5fff 0x0001/0x0000 0x0000000
124	16c.e9c: *000007feffcc0000-000007feffcc0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
125	16c.e9c: 000007feffcc1000-000007fdff9d1fff 0x0001/0x0000 0x0000000
126	16c.e9c: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
127	16c.e9c: 000007fffffd3000-000007fffffcffff 0x0001/0x0000 0x0000000
128	16c.e9c: *000007fffffd6000-000007fffffd4fff 0x0004/0x0004 0x0020000
129	16c.e9c: 000007fffffd7000-000007fffffcffff 0x0001/0x0000 0x0000000
130	16c.e9c: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
131	16c.e9c: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
132	16c.e9c: apisetschema.dll: timestamp 0x4a5bdeab (rc=VINF_SUCCESS)
133	16c.e9c: VirtualBox.exe: timestamp 0x58332496 (rc=VINF_SUCCESS)
134	16c.e9c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
135	16c.e9c: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
136	16c.e9c: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
137	16c.e9c: supR3HardNtChildPurify: Done after 281 ms and 0 fixes (loop #0).
138	16c.e9c: supR3HardNtEnableThreadCreation:
139	500.194: Log file opened: 5.1.10r112026 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
140	500.194: supR3HardenedVmProcessInit: uNtDllAddr=00000000779a0000 g_uNtVerCombined=0x611db100
141	500.194: ntdll.dll: timestamp 0x4ce7c8f9 (rc=VINF_SUCCESS)
142	500.194: New simple heap: #1 00000000002b0000 LB 0x400000 (for 1740800 allocation)
143	500.194: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
144	500.194: System32: \Device\HarddiskVolume2\Windows\System32
145	500.194: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
146	500.194: KnownDllPath: C:\Windows\system32
147	500.194: supR3HardenedVmProcessInit: Opening vboxdrv stub...
148	500.194: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
149	500.194: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
150	500.194: Registered Dll notification callback with NTDLL.
151	500.194: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
152	500.194: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
153	500.194: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
154	500.194: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
155	500.194: supR3HardenedDllNotificationCallback: load 0000000077880000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
156	500.194: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
157	500.194: supR3HardenedDllNotificationCallback: load 000007fefd9e0000 LB 0x0006b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
158	500.194: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
159	500.194: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
160	500.194: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077880000 'C:\Windows\system32\kernel32.dll'
161	500.194: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000779cc320 pvNtTerminateThread=00000000779f1840
162	16c.e9c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 31 ms.
163	500.194: \SystemRoot\System32\ntdll.dll:
164	500.194: CreationTime: 2010-11-21T03:23:51.351694200Z
165	500.194: LastWriteTime: 2010-11-21T03:23:51.367294200Z
166	500.194: ChangeTime: 2016-09-30T16:27:23.544905100Z
167	500.194: FileAttributes: 0x20
168	500.194: Size: 0x1a6d60
169	500.194: NT Headers: 0xe0
170	500.194: Timestamp: 0x4ce7c8f9
171	500.194: Machine: 0x8664 - amd64
172	500.194: Timestamp: 0x4ce7c8f9
173	500.194: Image Version: 6.1
174	500.194: SizeOfImage: 0x1a9000 (1740800)
175	500.194: Resource Dir: 0x151000 LB 0x560d8
176	500.194: ProductName: Microsoft® Windows® Operating System
177	500.194: ProductVersion: 6.1.7601.17514
178	500.194: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
179	500.194: FileDescription: NT Layer DLL
180	500.194: \SystemRoot\System32\kernel32.dll:
181	500.194: CreationTime: 2010-11-21T03:24:07.965723400Z
182	500.194: LastWriteTime: 2010-11-21T03:24:07.981323400Z
183	500.194: ChangeTime: 2016-09-30T16:27:03.155669300Z
184	500.194: FileAttributes: 0x20
185	500.194: Size: 0x11b800
186	500.194: NT Headers: 0xe8
187	500.194: Timestamp: 0x4ce7c78b
188	500.194: Machine: 0x8664 - amd64
189	500.194: Timestamp: 0x4ce7c78b
190	500.194: Image Version: 6.1
191	500.194: SizeOfImage: 0x11f000 (1175552)
192	500.194: Resource Dir: 0x116000 LB 0x528
193	500.194: ProductName: Microsoft® Windows® Operating System
194	500.194: ProductVersion: 6.1.7601.17514
195	500.194: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
196	500.194: FileDescription: Windows NT BASE API Client DLL
197	500.194: \SystemRoot\System32\KernelBase.dll:
198	500.194: CreationTime: 2010-11-21T03:24:26.217755400Z
199	500.194: LastWriteTime: 2010-11-21T03:24:26.248955500Z
200	500.194: ChangeTime: 2016-09-30T16:27:03.077669200Z
201	500.194: FileAttributes: 0x20
202	500.194: Size: 0x66800
203	500.194: NT Headers: 0xf0
204	500.194: Timestamp: 0x4ce7c78c
205	500.194: Machine: 0x8664 - amd64
206	500.194: Timestamp: 0x4ce7c78c
207	500.194: Image Version: 6.1
208	500.194: SizeOfImage: 0x6b000 (438272)
209	500.194: Resource Dir: 0x69000 LB 0x530
210	500.194: ProductName: Microsoft® Windows® Operating System
211	500.194: ProductVersion: 6.1.7601.17514
212	500.194: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
213	500.194: FileDescription: Windows NT BASE API Client DLL
214	500.194: \SystemRoot\System32\apisetschema.dll:
215	500.194: CreationTime: 2009-07-13T23:18:54.866423200Z
216	500.194: LastWriteTime: 2009-07-14T01:24:53.779000000Z
217	500.194: ChangeTime: 2016-09-30T16:26:47.134441200Z
218	500.194: FileAttributes: 0x20
219	500.194: Size: 0x1a00
220	500.194: NT Headers: 0xc0
221	500.194: Timestamp: 0x4a5bdeab
222	500.194: Machine: 0x8664 - amd64
223	500.194: Timestamp: 0x4a5bdeab
224	500.194: Image Version: 6.1
225	500.194: SizeOfImage: 0x50000 (327680)
226	500.194: Resource Dir: 0x30000 LB 0x3f0
227	500.194: ProductName: Microsoft® Windows® Operating System
228	500.194: ProductVersion: 6.1.7600.16385
229	500.194: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
230	500.194: FileDescription: ApiSet Schema DLL
231	500.194: NtOpenDirectoryObject failed on \Driver: 0xc0000022
232	500.194: supR3HardenedWinFindAdversaries: 0x0
233	500.194: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
234	500.194: Calling main()
235	500.194: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
236	500.194: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
237	500.194: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
238	500.194: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
239	500.194: SUPR3HardenedMain: Respawn #2
240	500.194: supR3HardNtEnableThreadCreation:
241	500.194: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
242	500.194: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
243	500.194: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
244	500.194: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
245	500.194: supR3HardenedDllNotificationCallback: load 000007fefd7c0000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
246	500.194: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
247	500.194: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7c0000 'C:\Windows\system32\apphelp.dll'
248	500.194: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000779cc320 pvNtTerminateThread=00000000779f1840
249	500.194: supR3HardenedWinDoReSpawn(2): New child cd8.c20 [kernel32].
250	500.194: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd5000 cbPeb=0x380
251	500.194: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00000000779a0000 uNtDllChildAddr=00000000779a0000
252	500.194: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000779cc320
253	500.194: supR3HardenedWinSetupChildInit: Start child.
254	500.194: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
255	500.194: supR3HardNtChildPurify: Startup delay kludge #1/0: 265 ms, 17 sleeps
256	500.194: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
257	500.194: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
258	500.194: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
259	500.194: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
260	500.194: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
261	500.194: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
262	500.194: 0000000000041000-ffffffffffea1fff 0x0001/0x0000 0x0000000
263	500.194: *00000000001e0000-00000000000e3fff 0x0000/0x0004 0x0020000
264	500.194: 00000000002dc000-00000000002d9fff 0x0104/0x0004 0x0020000
265	500.194: 00000000002de000-00000000002dbfff 0x0004/0x0004 0x0020000
266	500.194: 00000000002e0000-ffffffff88c1ffff 0x0001/0x0000 0x0000000
267	500.194: *00000000779a0000-00000000779a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
268	500.194: 00000000779a1000-0000000077aa2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
269	500.194: 0000000077aa3000-0000000077ad1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
270	500.194: 0000000077ad2000-0000000077addfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
271	500.194: 0000000077ade000-0000000077b48fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
272	500.194: 0000000077b49000-00000000706b1fff 0x0001/0x0000 0x0000000
273	500.194: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
274	500.194: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
275	500.194: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
276	500.194: 000000007fff0000-ffffffffc069ffff 0x0001/0x0000 0x0000000
277	500.194: *000000013f940000-000000013f940fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
278	500.194: 000000013f941000-000000013f9affff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
279	500.194: 000000013f9b0000-000000013f9b0fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
280	500.194: 000000013f9b1000-000000013f9f5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
281	500.194: 000000013f9f6000-000000013f9f6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
282	500.194: 000000013f9f7000-000000013f9f7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
283	500.194: 000000013f9f8000-000000013f9fcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
284	500.194: 000000013f9fd000-000000013f9fdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
285	500.194: 000000013f9fe000-000000013f9fefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
286	500.194: 000000013f9ff000-000000013fa02fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
287	500.194: 000000013fa03000-000000013fa4afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
288	500.194: 000000013fa4b000-fffff8037f7d5fff 0x0001/0x0000 0x0000000
289	500.194: *000007feffcc0000-000007feffcc0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
290	500.194: 000007feffcc1000-000007fdff9d1fff 0x0001/0x0000 0x0000000
291	500.194: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
292	500.194: 000007fffffd3000-000007fffffd0fff 0x0001/0x0000 0x0000000
293	500.194: *000007fffffd5000-000007fffffd3fff 0x0004/0x0004 0x0020000
294	500.194: 000007fffffd6000-000007fffffcdfff 0x0001/0x0000 0x0000000
295	500.194: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
296	500.194: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
297	500.194: apisetschema.dll: timestamp 0x4a5bdeab (rc=VINF_SUCCESS)
298	500.194: VirtualBox.exe: timestamp 0x58332496 (rc=VINF_SUCCESS)
299	500.194: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
300	500.194: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
301	500.194: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
302	500.194: supR3HardNtChildPurify: Done after 281 ms and 0 fixes (loop #0).
303	500.194: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002b0000 LB 0x400000)
304	500.194: supR3HardNtEnableThreadCreation:
305	cd8.c20: Log file opened: 5.1.10r112026 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
306	cd8.c20: supR3HardenedVmProcessInit: uNtDllAddr=00000000779a0000 g_uNtVerCombined=0x611db100
307	cd8.c20: ntdll.dll: timestamp 0x4ce7c8f9 (rc=VINF_SUCCESS)
308	cd8.c20: New simple heap: #1 00000000002e0000 LB 0x400000 (for 1740800 allocation)
309	cd8.c20: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
310	cd8.c20: System32: \Device\HarddiskVolume2\Windows\System32
311	cd8.c20: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
312	cd8.c20: KnownDllPath: C:\Windows\system32
313	cd8.c20: supR3HardenedVmProcessInit: Opening vboxdrv...
314	cd8.c20: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
315	cd8.c20: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
316	cd8.c20: Registered Dll notification callback with NTDLL.
317	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
318	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
319	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
320	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
321	cd8.c20: supR3HardenedDllNotificationCallback: load 0000000077880000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
322	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
323	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefd9e0000 LB 0x0006b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
324	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
325	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
326	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077880000 'C:\Windows\system32\kernel32.dll'
327	cd8.c20: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000779cc320 pvNtTerminateThread=00000000779f1840
328	500.194: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 31 ms.
329	cd8.c20: \SystemRoot\System32\ntdll.dll:
330	cd8.c20: CreationTime: 2010-11-21T03:23:51.351694200Z
331	cd8.c20: LastWriteTime: 2010-11-21T03:23:51.367294200Z
332	cd8.c20: ChangeTime: 2016-09-30T16:27:23.544905100Z
333	cd8.c20: FileAttributes: 0x20
334	cd8.c20: Size: 0x1a6d60
335	cd8.c20: NT Headers: 0xe0
336	cd8.c20: Timestamp: 0x4ce7c8f9
337	cd8.c20: Machine: 0x8664 - amd64
338	cd8.c20: Timestamp: 0x4ce7c8f9
339	cd8.c20: Image Version: 6.1
340	cd8.c20: SizeOfImage: 0x1a9000 (1740800)
341	cd8.c20: Resource Dir: 0x151000 LB 0x560d8
342	cd8.c20: ProductName: Microsoft® Windows® Operating System
343	cd8.c20: ProductVersion: 6.1.7601.17514
344	cd8.c20: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
345	cd8.c20: FileDescription: NT Layer DLL
346	cd8.c20: \SystemRoot\System32\kernel32.dll:
347	cd8.c20: CreationTime: 2010-11-21T03:24:07.965723400Z
348	cd8.c20: LastWriteTime: 2010-11-21T03:24:07.981323400Z
349	cd8.c20: ChangeTime: 2016-09-30T16:27:03.155669300Z
350	cd8.c20: FileAttributes: 0x20
351	cd8.c20: Size: 0x11b800
352	cd8.c20: NT Headers: 0xe8
353	cd8.c20: Timestamp: 0x4ce7c78b
354	cd8.c20: Machine: 0x8664 - amd64
355	cd8.c20: Timestamp: 0x4ce7c78b
356	cd8.c20: Image Version: 6.1
357	cd8.c20: SizeOfImage: 0x11f000 (1175552)
358	cd8.c20: Resource Dir: 0x116000 LB 0x528
359	cd8.c20: ProductName: Microsoft® Windows® Operating System
360	cd8.c20: ProductVersion: 6.1.7601.17514
361	cd8.c20: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
362	cd8.c20: FileDescription: Windows NT BASE API Client DLL
363	cd8.c20: \SystemRoot\System32\KernelBase.dll:
364	cd8.c20: CreationTime: 2010-11-21T03:24:26.217755400Z
365	cd8.c20: LastWriteTime: 2010-11-21T03:24:26.248955500Z
366	cd8.c20: ChangeTime: 2016-09-30T16:27:03.077669200Z
367	cd8.c20: FileAttributes: 0x20
368	cd8.c20: Size: 0x66800
369	cd8.c20: NT Headers: 0xf0
370	cd8.c20: Timestamp: 0x4ce7c78c
371	cd8.c20: Machine: 0x8664 - amd64
372	cd8.c20: Timestamp: 0x4ce7c78c
373	cd8.c20: Image Version: 6.1
374	cd8.c20: SizeOfImage: 0x6b000 (438272)
375	cd8.c20: Resource Dir: 0x69000 LB 0x530
376	cd8.c20: ProductName: Microsoft® Windows® Operating System
377	cd8.c20: ProductVersion: 6.1.7601.17514
378	cd8.c20: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
379	cd8.c20: FileDescription: Windows NT BASE API Client DLL
380	cd8.c20: \SystemRoot\System32\apisetschema.dll:
381	cd8.c20: CreationTime: 2009-07-13T23:18:54.866423200Z
382	cd8.c20: LastWriteTime: 2009-07-14T01:24:53.779000000Z
383	cd8.c20: ChangeTime: 2016-09-30T16:26:47.134441200Z
384	cd8.c20: FileAttributes: 0x20
385	cd8.c20: Size: 0x1a00
386	cd8.c20: NT Headers: 0xc0
387	cd8.c20: Timestamp: 0x4a5bdeab
388	cd8.c20: Machine: 0x8664 - amd64
389	cd8.c20: Timestamp: 0x4a5bdeab
390	cd8.c20: Image Version: 6.1
391	cd8.c20: SizeOfImage: 0x50000 (327680)
392	cd8.c20: Resource Dir: 0x30000 LB 0x3f0
393	cd8.c20: ProductName: Microsoft® Windows® Operating System
394	cd8.c20: ProductVersion: 6.1.7600.16385
395	cd8.c20: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
396	cd8.c20: FileDescription: ApiSet Schema DLL
397	cd8.c20: NtOpenDirectoryObject failed on \Driver: 0xc0000022
398	cd8.c20: supR3HardenedWinFindAdversaries: 0x0
399	cd8.c20: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
400	cd8.c20: Calling main()
401	cd8.c20: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
402	cd8.c20: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
403	cd8.c20: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
404	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
405	cd8.c20: SUPR3HardenedMain: Final process, opening VBoxDrv...
406	cd8.c20: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002e0000 LB 0x400000)
407	cd8.c20: supR3HardNtEnableThreadCreation:
408	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
409	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
410	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
411	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
412	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefc830000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
413	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
414	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
415	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
416	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc830000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
417	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
418	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
419	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc830000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
420	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc830000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
421	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
422	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
423	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
424	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
425	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
426	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
427	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
428	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
429	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
430	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
431	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
432	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
433	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
434	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
435	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
436	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
437	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
438	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
439	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
440	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
441	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
442	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
443	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
444	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
445	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
446	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
447	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
448	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
449	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
450	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
451	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
452	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
453	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefd9a0000 LB 0x0003a000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
454	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
455	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefdf00000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
456	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
457	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefda50000 LB 0x00167000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
458	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
459	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefd990000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
460	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
461	cd8.c20: supR3HardenedDllNotificationCallback: load 000007feff000000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
462	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
463	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9a0000 'C:\Windows\system32\Wintrust.dll'
464	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
465	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
466	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
467	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
468	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefd310000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
469	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
470	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd310000 'C:\Windows\system32\bcrypt.dll'
471	cd8.c20: bcrypt.dll loaded at 000007fefd310000, BCryptOpenAlgorithmProvider at 000007fefd312640, preloading providers:
472	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
473	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
474	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
475	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
476	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
477	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
478	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
479	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
480	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
481	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
482	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
483	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
484	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
485	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
486	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
487	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
488	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
489	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
490	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
491	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
492	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
493	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefce00000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
494	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
495	cd8.c20: supR3HardenedDllNotificationCallback: load 000007feff9d0000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
496	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
497	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
498	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
499	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
500	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
501	cd8.c20: supR3HardenedDllNotificationCallback: load 000007feff8a0000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
502	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
503	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce00000 'C:\Windows\system32\bcryptprimitives.dll'
504	cd8.c20: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000082a650)
505	cd8.c20: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000082d510)
506	cd8.c20: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000082d630)
507	cd8.c20: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000082d840)
508	cd8.c20: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000082d960)
509	cd8.c20: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000082da80)
510	cd8.c20: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=000000000082dcc0)
511	cd8.c20: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=000000000082dde0)
512	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
513	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
514	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
515	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
516	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
517	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
518	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
519	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
520	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
521	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
522	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefd1c0000 LB 0x00017000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
523	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
524	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd1c0000 'C:\Windows\system32\CRYPTSP.dll'
525	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
526	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
527	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
528	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
529	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
530	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
531	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
532	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
533	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefcec0000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
534	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
535	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcec0000 'C:\Windows\system32\rsaenh.dll'
536	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
537	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
538	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff9d0000 'C:\Windows\system32\ADVAPI32.dll'
539	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
540	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
541	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
542	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
543	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefd820000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
544	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
545	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd820000 'C:\Windows\system32\CRYPTBASE.dll'
546	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
547	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
548	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077880000 'C:\Windows\system32\kernel32.dll'
549	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
550	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
551	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9a0000 'C:\Windows\system32\WINTRUST.DLL'
552	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
553	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
554	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda50000 'C:\Windows\system32\CRYPT32.dll'
555	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
556	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
557	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
558	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
559	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
560	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
561	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
562	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
563	cd8.c20: supR3HardenedDllNotificationCallback: load 000007feff9a0000 LB 0x00017000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
564	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
565	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff9a0000 'C:\Windows\system32\imagehlp.dll'
566	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
567	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
568	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd1c0000 'C:\Windows\system32\CRYPTSP.dll'
569	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
570	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
571	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
572	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
573	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
574	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
575	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
576	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
577	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
578	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
579	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
580	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
581	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
582	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
583	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
584	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
585	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
586	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
587	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
588	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
589	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
590	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
591	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
592	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
593	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
594	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
595	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
596	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
597	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
598	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
599	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
600	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
601	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
602	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
603	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
604	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
605	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
606	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
607	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
608	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
609	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
610	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
611	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
612	cd8.c20: supR3HardenedDllNotificationCallback: load 0000000077780000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
613	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
614	cd8.c20: supR3HardenedDllNotificationCallback: load 000007feff130000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
615	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
616	cd8.c20: supR3HardenedDllNotificationCallback: load 000007feff9c0000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
617	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
618	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefe100000 LB 0x000c9000 C:\Windows\system32\USP10.dll [fFlags=0x0]
619	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
620	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
621	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
622	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff130000 'C:\Windows\system32\gdi32.dll'
623	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
624	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
625	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
626	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
627	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
628	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
629	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
630	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
631	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
632	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
633	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
634	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
635	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
636	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
637	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
638	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
639	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
640	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
641	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
642	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
643	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
644	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
645	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
646	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
647	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
648	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
649	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
650	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
651	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
652	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
653	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
654	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
655	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
656	cd8.c20: supR3HardenedDllNotificationCallback: load 000007feffc80000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
657	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
658	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefdff0000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
659	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
660	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffc80000 'C:\Windows\system32\IMM32.DLL'
661	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'psapi.dll'.
662	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
663	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files (x86)\Sophos\Sophos Anti-Virus\SOPHOS~2.DLL)
664	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files (x86)\Sophos\Sophos Anti-Virus\SOPHOS~2.DLL
665	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
666	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
667	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
668	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
669	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
670	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\psapi.dll)
671	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\psapi.dll
672	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
673	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\Sophos\Sophos Anti-Virus\SOPHOS~2.DLL [lacks WinVerifyTrust]
674	cd8.c20: supR3HardenedDllNotificationCallback: load 0000000075690000 LB 0x00039000 C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL [fFlags=0x0]
675	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files (x86)\Sophos\Sophos Anti-Virus\SOPHOS~2.DLL [lacks WinVerifyTrust]
676	cd8.c20: supR3HardenedDllNotificationCallback: load 0000000077b70000 LB 0x00007000 C:\Windows\system32\PSAPI.DLL [fFlags=0x0]
677	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\psapi.dll [lacks WinVerifyTrust]
678	cd8.c20: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
679	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll)
680	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
681	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
682	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000779a0000 'C:\Windows\system32\ntdll.dll'
683	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000075690000 'C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL'
684	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077780000 'C:\Windows\system32\USER32.dll'
685	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
686	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
687	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
688	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
689	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
690	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
691	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
692	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
693	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
694	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
695	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
696	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
697	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
698	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
699	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
700	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
701	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefd340000 LB 0x0004e000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
702	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
703	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd340000 'C:\Windows\system32\ncrypt.dll'
704	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
705	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
706	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd310000 'C:\Windows\system32\bcrypt.dll'
707	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
708	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
709	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
710	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
711	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
712	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
713	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
714	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
715	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
716	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
717	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
718	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
719	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
720	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
721	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
722	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
723	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
724	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
725	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
726	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
727	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
728	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefcc20000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
729	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
730	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
731	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefd8f0000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
732	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
733	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\Windows\system32\USERENV.dll'
734	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
735	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8a0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
736	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
737	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8a0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
738	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
739	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
740	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
741	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
742	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
743	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
744	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
745	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
746	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
747	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
748	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
749	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
750	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefcc00000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
751	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
752	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc00000 'C:\Windows\system32\GPAPI.dll'
753	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
754	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8a0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
755	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
756	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
757	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff000000 'C:\Windows\system32\rpcrt4.dll'
758	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
759	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8a0000 'API-MS-WIN-Service-Management-L2-1-0.dll'
760	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
761	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8a0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
762	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
763	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'crypt32.dll'.
764	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'wldap32.dll'.
765	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
766	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
767	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
768	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
769	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
770	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
771	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
772	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
773	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
774	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
775	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
776	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
777	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
778	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
779	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
780	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
781	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
782	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
783	cd8.c20: supR3HardenedDllNotificationCallback: load 000007feeefd0000 LB 0x00026000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
784	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
785	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefdea0000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
786	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
787	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
788	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
789	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeefd0000 'C:\Windows\system32\cryptnet.dll'
790	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
791	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
792	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeefd0000 'C:\Windows\system32\cryptnet.dll'
793	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
794	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
795	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeefd0000 'C:\Windows\system32\cryptnet.dll'
796	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
797	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
798	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeefd0000 'C:\Windows\system32\cryptnet.dll'
799	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
800	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
801	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeefd0000 'C:\Windows\system32\cryptnet.dll'
802	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
803	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
804	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeefd0000 'C:\Windows\system32\cryptnet.dll'
805	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
806	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeefd0000 'C:\Windows\system32\cryptnet.dll'
807	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
808	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeefd0000 'C:\Windows\system32\cryptnet.dll'
809	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
810	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeefd0000 'C:\Windows\system32\cryptnet.dll'
811	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
812	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeefd0000 'C:\Windows\system32\cryptnet.dll'
813	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
814	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeefd0000 'C:\Windows\system32\cryptnet.dll'
815	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeefd0000 'C:\Windows\system32\cryptnet.dll'
816	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
817	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
818	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
819	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
820	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
821	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
822	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
823	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
824	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
825	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
826	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
827	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
828	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
829	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
830	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
831	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
832	cd8.c20: supR3HardenedDllNotificationCallback: load 000007feff3a0000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
833	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
834	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff3a0000 'C:\Windows\system32\SHLWAPI.dll'
835	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
836	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8a0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
837	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
838	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
839	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8f0000 'C:\Windows\system32\profapi.dll'
840	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
841	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
842	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
843	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
844	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
845	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
846	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
847	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll)
848	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
849	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
850	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
851	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
852	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
853	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devobj.dll)
854	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
855	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
856	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
857	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
858	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
859	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
860	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
861	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
862	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll)
863	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
864	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
865	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
866	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
867	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
868	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
869	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
870	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
871	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
872	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
873	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
874	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
875	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
876	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
877	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
878	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
879	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
880	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
881	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
882	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
883	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
884	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
885	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
886	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
887	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
888	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
889	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
890	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
891	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
892	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
893	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
894	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
895	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
896	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
897	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
898	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
899	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
900	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
901	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
902	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
903	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
904	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
905	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
906	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
907	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
908	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
909	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
910	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ole32.dll)
911	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
912	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
913	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
914	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
915	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
916	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
917	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
918	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
919	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
920	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
921	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
922	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
923	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
924	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
925	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
926	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
927	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
928	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
929	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
930	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\setupapi.dll (Input=setupapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
931	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [lacks WinVerifyTrust]
932	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefdcc0000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
933	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [lacks WinVerifyTrust]
934	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefdbc0000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
935	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
936	cd8.c20: supR3HardenedDllNotificationCallback: load 000007feff8c0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
937	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll [lacks WinVerifyTrust]
938	cd8.c20: supR3HardenedDllNotificationCallback: load 000007feff680000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
939	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ole32.dll [lacks WinVerifyTrust]
940	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefdca0000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
941	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [lacks WinVerifyTrust]
942	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
943	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077880000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
944	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdcc0000 'C:\Windows\system32\setupapi.dll'
945	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
946	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cabinet.dll)
947	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cabinet.dll
948	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
949	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
950	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
951	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Cabinet.dll (Input=Cabinet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
952	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cabinet.dll [lacks WinVerifyTrust]
953	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefbf50000 LB 0x0001b000 C:\Windows\system32\Cabinet.dll [fFlags=0x0]
954	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cabinet.dll [lacks WinVerifyTrust]
955	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbf50000 'C:\Windows\system32\Cabinet.dll'
956	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
957	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
958	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
959	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
960	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
961	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
962	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DEVRTL.dll (Input=DEVRTL.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
963	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [lacks WinVerifyTrust]
964	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefcc40000 LB 0x00012000 C:\Windows\system32\DEVRTL.dll [fFlags=0x0]
965	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [lacks WinVerifyTrust]
966	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc40000 'C:\Windows\system32\DEVRTL.dll'
967	cd8.c20: supR3HardenedDllNotificationCallback: Unload 000007fefdcc0000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [flags=0x0]
968	cd8.c20: supR3HardenedDllNotificationCallback: Unload 000007fefdca0000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
969	cd8.c20: supR3HardenedDllNotificationCallback: Unload 000007feff8c0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
970	cd8.c20: supR3HardenedDllNotificationCallback: Unload 000007feff680000 LB 0x00203000 C:\Windows\system32\ole32.dll [flags=0x0]
971	cd8.c20: supR3HardenedDllNotificationCallback: Unload 000007fefdbc0000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [flags=0x0]
972	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
973	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeefd0000 'C:\Windows\system32\cryptnet.dll'
974	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
975	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000825280
976	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
977	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6463B603CF12442718467D754A1EDC45CE1D6E7E
978	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
979	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8a0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
980	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
981	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8a0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
982	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
983	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8a0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
984	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
985	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
986	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff9d0000 'C:\Windows\system32\ADVAPI32.dll'
987	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
988	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8a0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
989	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
990	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8a0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
991	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\SystemRoot\System32\ntdll.dll'
992	cd8.c20: g_pfnWinVerifyTrust=000007fefd9a1010
993	cd8.c20: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
994	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
995	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
996	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
997	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=766DAE0DAEDFFD0DB96611658C619DD5922D2FEC
998	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
999	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1000	cd8.c20: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1001	cd8.c20: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
1002	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
1003	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1004	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1005	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E8D9B442D9CC38B2D0501106E104A42A4EE0B238
1006	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1007	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1008	cd8.c20: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1009	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003f8 pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
1010	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1011	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1012	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=445E5B0E9F43B5D56A5B9C4BC3369E3D076ACA1A
1013	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
1014	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1015	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
1016	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003ec pwszName=\Device\HarddiskVolume2\Windows\System32\cabinet.dll
1017	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1018	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1019	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5D1555851298EA005A2E9FEA027F5898BC240083
1020	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cabinet.dll'
1021	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1022	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cabinet.dll'
1023	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b4 pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
1024	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1025	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1026	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E64AE329BD5124592BC8CB0B327AA3B95DC65B7
1027	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
1028	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1029	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ole32.dll'
1030	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b0 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1031	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1032	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1033	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
1034	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
1035	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1036	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
1037	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003ac pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1038	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1039	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1040	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=26A5C3FE898CBD66951D3BC65E742E0BE561E69B
1041	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
1042	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1043	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
1044	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003a8 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
1045	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1046	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1047	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
1048	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
1049	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1050	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devobj.dll'
1051	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003a4 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
1052	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1053	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1054	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
1055	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
1056	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1057	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
1058	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000398 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1059	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1060	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1061	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
1062	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1063	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1064	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1065	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000038c pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
1066	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1067	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1068	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
1069	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1070	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1071	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1072	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000388 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1073	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1074	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1075	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CA2FE16E05087DA5C24DC5EB2EE8053CDA5DE9A9
1076	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1077	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1078	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1079	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000264 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
1080	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1081	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1082	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
1083	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1084	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1085	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1086	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d0 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
1087	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1088	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1089	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
1090	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1091	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1092	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1093	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001cc pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
1094	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1095	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1096	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
1097	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1098	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1099	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1100	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001ac pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
1101	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1102	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1103	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3D482C50075646C922DC6A66C97956C5060C361B
1104	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1105	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1106	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1107	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntdll.dll'
1108	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b4 pwszName=\Device\HarddiskVolume2\Windows\System32\psapi.dll
1109	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1110	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1111	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=561BAAB249C395B66D294444DF251EDB701DB607
1112	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\psapi.dll'
1113	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1114	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\psapi.dll'
1115	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files (x86)\Sophos\Sophos Anti-Virus\SOPHOS~2.DLL'
1116	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
1117	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1118	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1119	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=803AF52F95A9EFDFDA06C595023831EE36ACD3A8
1120	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1121	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1122	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1123	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
1124	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1125	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1126	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
1127	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1128	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1129	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1130	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
1131	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1132	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1133	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=97AE9B5B40144F2794F30A891013393C80D631A1
1134	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1135	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1136	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1137	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
1138	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1139	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1140	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A42DFBB8A3A26D2178D79D34DA1CE275E2A0BE37
1141	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1142	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1143	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1144	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
1145	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1146	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1147	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C8F7179D2AEB0FEB168A01D182223AC2D7B8F331
1148	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1149	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1150	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1151	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
1152	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1153	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1154	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B723D1B8AD72750B0CF5F6BEC66171B1254ED879
1155	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
1156	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1157	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
1158	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
1159	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1160	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1161	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AFE89CF1060867A10BD3963894BCDB4D3058F804
1162	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1163	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1164	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1165	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1166	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1167	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1168	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A965CC5DB13A5FB23BBB1B6B5FA6D400DC49462F
1169	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1170	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1171	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1172	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
1173	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000012c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
1174	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1175	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1176	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=40667EDBA9045D4A4BE1D4844665D3B88F8CD0E0
1177	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1178	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1179	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1180	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
1181	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1182	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1183	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323
1184	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1185	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1186	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1187	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
1188	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1189	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1190	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DBCDF817D89920EE3139FB7E090744EB36A4A21B
1191	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1192	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1193	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1194	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
1195	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
1196	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1197	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1198	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
1199	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1200	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1201	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1202	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1203	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1204	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1205	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DBEAC8C0FA88C88B540ACFE0683B1810C077AA53
1206	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1207	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1208	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1209	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
1210	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1211	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1212	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
1213	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1214	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1215	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1216	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1217	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1218	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1219	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BC4D9E909DFDD2EE8BA1A5C857D73D49EBE7952C
1220	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1221	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1222	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1223	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1224	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1225	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1226	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1227	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=06FEC3C858DB28D2F4BFBDA99AF14D4747A8C5D4
1228	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1229	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1230	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1231	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
1232	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1233	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1234	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D7AE634A00F24BBD4AE27DEA9BCCCE222DE9897B
1235	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1236	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1237	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1238	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1239	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
1240	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda50000 'C:\Windows\system32\crypt32.dll'
1241	cd8.c20: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1242	cd8.c20: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1243	cd8.c20: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1244	cd8.c20: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1245	cd8.c20: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1246	cd8.c20: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1247	cd8.c20: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1248	cd8.c20: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1249	cd8.c20: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1250	cd8.c20: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
1251	cd8.c20: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1252	cd8.c20: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1253	cd8.c20: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
1254	cd8.c20: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1255	cd8.c20: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1256	cd8.c20: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1257	cd8.c20: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1258	cd8.c20: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1259	cd8.c20: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
1260	cd8.c20: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1261	cd8.c20: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1262	cd8.c20: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1263	cd8.c20: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1264	cd8.c20: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1265	cd8.c20: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1266	cd8.c20: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1267	cd8.c20: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1268	cd8.c20: supR3HardenedWinIsDesiredRootCA: Adding 0x4e0837025983be00 CN=IOW intern CA
1269	cd8.c20: supR3HardenedWinIsDesiredRootCA: Adding 0x59f05dce42dfdb00 DC=de, DC=io-warnemuende, CN=IOWinternCA
1270	cd8.c20: supR3HardenedWinIsDesiredRootCA: Adding 0xb9cace4366d5ba00 DC=de, DC=io-warnemuende, CN=IOW intern CA
1271	cd8.c20: supR3HardenedWinIsDesiredRootCA: Adding 0xa5a4965db4f8d300 DC=de, DC=io-warnemuende, CN=IOW intern CA
1272	cd8.c20: supR3HardenedWinIsDesiredRootCA: Adding 0xcab00050368ed700 DC=de, DC=io-warnemuende, CN=Institut fuer Ostseeforschung
1273	cd8.c20: supR3HardenedWinIsDesiredRootCA: Adding 0xf08c181e2d75cb00 DC=de, DC=io-warnemuende, CN=IOW intern CA
1274	cd8.c20: supR3HardenedWinIsDesiredRootCA: Adding 0xb326aa576d94e800 DC=de, DC=io-warnemuende, CN=IOW INTERN CA
1275	cd8.c20: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=34
1276	cd8.c20: SUPR3HardenedMain: Load Runtime...
1277	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1278	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1279	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1280	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1281	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1282	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1283	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1284	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1285	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1286	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1287	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003dc pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1288	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1289	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1290	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
1291	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
1292	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1293	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1294	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1295	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
1296	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
1297	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1298	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1299	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1300	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1301	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1302	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1303	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1304	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1305	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1306	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1307	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1308	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1309	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1310	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1311	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1312	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003d8 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
1313	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1314	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1315	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
1316	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
1317	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1318	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
1319	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
1320	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1321	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1322	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1323	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1324	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
1325	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1326	cd8.c20: supR3HardenedDllNotificationCallback: load 000007feede20000 LB 0x00527000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1327	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1328	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1329	cd8.c20: supR3HardenedDllNotificationCallback: load 0000000070910000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1330	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1331	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1332	cd8.c20: supR3HardenedDllNotificationCallback: load 0000000070870000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1333	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1334	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefdfa0000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
1335	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1336	cd8.c20: supR3HardenedDllNotificationCallback: load 000007feff890000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
1337	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
1338	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1339	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
1340	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1341	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1342	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
1343	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1344	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1345	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
1346	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1347	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1348	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
1349	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1350	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1351	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
1352	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1353	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1354	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
1355	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1356	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1357	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1358	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1359	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1360	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1361	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1362	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1363	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1364	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
1365	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1366	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1367	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1368	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1369	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1370	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1371	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1372	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1373	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1374	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1375	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1376	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1377	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1378	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1379	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1380	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1381	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1382	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
1383	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1384	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1385	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1386	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede20000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1387	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1388	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
1389	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9a0000 'C:\Windows\system32\Wintrust.dll'
1390	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1391	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
1392	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda50000 'C:\Windows\system32\crypt32.dll'
1393	cd8.c20: SUPR3HardenedMain: Load TrustedMain...
1394	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1395	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1396	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1397	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1398	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1399	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
1400	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
1401	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
1402	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
1403	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
1404	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1405	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1406	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1407	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1408	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
1409	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
1410	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1411	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1412	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1413	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000448 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
1414	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1415	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1416	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
1417	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
1418	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1419	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1420	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1421	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
1422	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1423	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1424	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1425	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1426	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1427	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1428	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1429	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1430	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1431	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000430 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
1432	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1433	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1434	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FCF00DB9BBECF4126AB4076577BBA73C0F94BDF9
1435	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
1436	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1437	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1438	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
1439	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1440	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1441	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
1442	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1443	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1444	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1445	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1446	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1447	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1448	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
1449	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
1450	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
1451	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
1452	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1453	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1454	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
1455	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1456	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
1457	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
1458	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1459	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1460	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
1461	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
1462	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1463	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1464	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
1465	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
1466	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
1467	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1468	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1469	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1470	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1471	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1472	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1473	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1474	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1475	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1476	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1477	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
1478	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1479	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1480	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1481	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1482	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1483	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1484	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1485	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1486	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1487	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1488	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust
1489	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1490	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1491	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1492	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1493	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
1494	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
1495	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1496	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1497	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
1498	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
1499	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
1500	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) WinVerifyTrust
1501	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1502	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1503	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1504	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1505	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1506	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1507	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1508	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1509	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1510	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1511	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1512	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000458 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1513	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1514	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1515	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
1516	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1517	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1518	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1519	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1520	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1521	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1522	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1523	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1524	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
1525	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1526	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1527	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1528	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1529	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1530	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000464 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
1531	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1532	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1533	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
1534	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
1535	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1536	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1537	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1538	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1539	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1540	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1541	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1542	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
1543	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1544	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1545	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1546	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000420 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
1547	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1548	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1549	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
1550	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
1551	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1552	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1553	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1554	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1555	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
1556	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1557	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1558	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1559	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1560	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1561	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1562	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1563	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1564	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1565	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1566	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1567	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1568	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1569	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1570	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
1571	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
1572	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000470 pwszName=\Device\HarddiskVolume2\Windows\System32\mpr.dll
1573	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1574	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1575	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F84FE9BA047B24E7694C9E0C349B48B9FD5F925B
1576	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\mpr.dll'
1577	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1578	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll) WinVerifyTrust
1579	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
1580	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1581	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1582	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1583	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1584	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1585	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1586	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1587	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1588	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1589	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1590	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1591	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1592	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1593	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1594	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1595	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1596	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1597	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1598	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1599	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1600	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1601	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1602	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1603	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1604	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1605	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1606	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1607	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1608	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1609	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1610	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1611	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1612	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1613	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1614	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1615	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1616	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1617	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1618	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1619	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1620	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1621	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1622	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1623	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1624	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1625	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1626	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1627	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1628	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1629	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1630	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1631	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1632	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1633	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1634	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1635	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1636	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1637	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1638	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000045c pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1639	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1640	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1641	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
1642	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
1643	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1644	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1645	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1646	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1647	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1648	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1649	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1650	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
1651	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1652	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1653	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1654	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000468 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
1655	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1656	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1657	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
1658	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
1659	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1660	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1661	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1662	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1663	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust
1664	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
1665	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1666	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1667	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1668	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1669	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1670	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1671	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1672	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1673	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1674	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1675	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1676	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1677	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1678	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1679	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1680	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1681	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1682	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1683	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1684	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1685	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1686	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1687	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1688	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1689	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1690	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1691	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1692	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1693	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1694	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1695	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1696	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1697	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1698	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1699	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1700	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1701	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1702	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1703	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1704	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1705	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1706	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1707	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1708	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1709	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1710	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1711	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1712	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1713	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1714	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000488 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
1715	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1716	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1717	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4D3B2DA266DE92D9E1311E30C810160CDC5BD5AA
1718	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
1719	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1720	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1721	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1722	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1723	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
1724	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
1725	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1726	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1727	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1728	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1729	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1730	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1731	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1732	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1733	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1734	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1735	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1736	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1737	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1738	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1739	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1740	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1741	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
1742	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
1743	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000460 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1744	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1745	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1746	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B79EE7B5AD74EF51A849809202E043183A2C727E
1747	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
1748	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1749	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1750	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1751	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1752	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
1753	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1754	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1755	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1756	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1757	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1758	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1759	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1760	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1761	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000044c pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
1762	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1763	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1764	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3FEC714D729F7CAEB9B7A25E2012B6A6E9007F5
1765	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
1766	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1767	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1768	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1769	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1770	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
1771	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1772	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1773	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1774	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1775	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1776	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1777	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1778	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1779	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1780	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1781	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1782	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1783	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1784	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1785	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1786	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1787	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1788	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1789	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1790	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1791	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1792	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1793	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1794	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1795	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1796	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
1797	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1798	cd8.c20: supR3HardenedDllNotificationCallback: load 000007feed530000 LB 0x008e6000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
1799	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1800	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1801	cd8.c20: supR3HardenedDllNotificationCallback: load 000007feee750000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
1802	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1803	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1804	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefc780000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
1805	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1806	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1807	cd8.c20: supR3HardenedDllNotificationCallback: load 000007feee650000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
1808	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1809	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1810	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefc820000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
1811	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1812	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefdcc0000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
1813	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1814	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefdbc0000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1815	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1816	cd8.c20: supR3HardenedDllNotificationCallback: load 000007feff8c0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1817	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1818	cd8.c20: supR3HardenedDllNotificationCallback: load 000007feff680000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1819	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1820	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefdca0000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1821	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
1822	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1823	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefbc40000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
1824	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1825	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1826	cd8.c20: supR3HardenedDllNotificationCallback: load 000000006d2d0000 LB 0x00566000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
1827	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1828	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefe1d0000 LB 0x00d88000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
1829	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1830	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
1831	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fef9d60000 LB 0x00018000 C:\Windows\system32\MPR.dll [fFlags=0x0]
1832	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
1833	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1834	cd8.c20: supR3HardenedDllNotificationCallback: load 000007feecf30000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
1835	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1836	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1837	cd8.c20: supR3HardenedDllNotificationCallback: load 000000006c760000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
1838	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1839	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1840	cd8.c20: supR3HardenedDllNotificationCallback: load 000007feeebf0000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
1841	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1842	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
1843	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fef9ce0000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
1844	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
1845	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefef60000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
1846	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1847	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1848	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1849	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1850	cd8.c20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll)
1851	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
1852	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fef9820000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\COMCTL32.dll [fFlags=0x0]
1853	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll [avoiding WinVerifyTrust]
1854	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1855	cd8.c20: supR3HardenedDllNotificationCallback: load 0000000070810000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
1856	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1857	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1858	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefb580000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
1859	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1860	cd8.c20: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll'.
1861	cd8.c20: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll' [rescheduled]
1862	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
1863	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077880000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
1864	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1865	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1866	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1867	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1868	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1869	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1870	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1871	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
1872	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffc80000 'C:\Windows\system32\imm32.dll'
1873	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff9d0000 'C:\Windows\system32\ADVAPI32.DLL'
1874	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1875	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
1876	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd820000 'C:\Windows\system32\cryptbase.dll'
1877	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed530000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
1878	cd8.c20: SUPR3HardenedMain: Calling TrustedMain (000007feed531610)...
1879	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1880	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
1881	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff680000 'C:\Windows\system32\ole32.dll'
1882	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff9d0000 'C:\Windows\system32\ADVAPI32.dll'
1883	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
1884	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
1885	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8f0000 'C:\Windows\system32\profapi.dll'
1886	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1887	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
1888	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1889	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1890	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1891	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
1892	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1893	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
1894	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
1895	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
1896	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
1897	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
1898	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1899	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1900	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1901	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1902	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1903	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1904	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1905	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1906	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1907	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1908	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1909	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1910	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1911	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1912	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1913	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1914	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1915	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1916	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1917	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1918	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1919	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1920	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1921	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1922	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1923	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1924	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1925	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1926	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1927	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1928	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
1929	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1930	cd8.c20: supR3HardenedDllNotificationCallback: load 000007feece00000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
1931	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1932	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feece00000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
1933	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1934	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
1935	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd820000 'C:\Windows\system32\CRYPTBASE.dll'
1936	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000520 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1937	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1938	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1939	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
1940	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
1941	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1942	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1943	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1944	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
1945	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
1946	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1947	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1948	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1949	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1950	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1951	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1952	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1953	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a03b0:C:\Windows\system32;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
1954	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1955	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefc290000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
1956	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1957	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc290000 'C:\Windows\system32\uxtheme.dll'
1958	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1959	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a03b0:C:\Windows\system32;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
1960	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc290000 'C:\Windows\system32\uxtheme.dll'
1961	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1962	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a03b0:C:\Windows\system32;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
1963	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc290000 'C:\Windows\system32\uxtheme.dll'
1964	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1965	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a03b0:C:\Windows\system32;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
1966	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc290000 'C:\Windows\system32\uxtheme.dll'
1967	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077780000 'C:\Windows\system32\user32.dll'
1968	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1969	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
1970	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe1d0000 'C:\Windows\system32\shell32.dll'
1971	cd8.c20: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
1972	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
1973	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
1974	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1975	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
1976	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbc40000 'C:\Windows\system32\dwmapi.dll'
1977	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1978	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
1979	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb580000 'C:\Windows\system32\winmm.dll'
1980	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1981	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
1982	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb580000 'C:\Windows\system32\winmm.dll'
1983	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1984	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
1985	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe1d0000 'C:\Windows\system32\shell32.dll'
1986	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1987	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
1988	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc290000 'C:\Windows\system32\uxtheme.dll'
1989	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff9d0000 'C:\Windows\system32\advapi32.dll'
1990	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
1991	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
1992	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\Windows\system32\userenv.dll'
1993	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1994	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
1995	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077880000 'C:\Windows\system32\kernel32.dll'
1996	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000538 pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
1997	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
1998	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
1999	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
2000	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
2001	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2002	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2003	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2004	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2005	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2006	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2007	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2008	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) WinVerifyTrust
2009	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2010	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2011	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2012	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2013	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2014	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2015	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2016	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2017	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2018	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2019	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
2020	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2021	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2022	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2023	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2024	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2025	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2026	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2027	cd8.c20: supR3HardenedDllNotificationCallback: load 000007feffbe0000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
2028	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2029	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffbe0000 'C:\Windows\system32\CLBCatQ.DLL'
2030	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff9d0000 'C:\Windows\system32\ADVAPI32.dll'
2031	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
2032	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2033	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd1c0000 'C:\Windows\system32\CRYPTSP.dll'
2034	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000568 pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2035	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
2036	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
2037	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
2038	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
2039	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2040	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
2041	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
2042	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2043	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2044	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2045	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2046	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2047	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefd830000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
2048	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2049	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd830000 'C:\Windows\system32\RpcRtRemote.dll'
2050	cd8.1098: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2051	cd8.1098: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2052	cd8.1098: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2053	cd8.1098: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2054	cd8.1098: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2055	cd8.1098: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2056	cd8.1098: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
2057	cd8.1098: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2058	cd8.1098: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2059	cd8.1098: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2060	cd8.1098: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2061	cd8.1098: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2062	cd8.1098: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2063	cd8.1098: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2064	cd8.1098: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2065	cd8.1098: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2066	cd8.1098: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2067	cd8.1098: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2068	cd8.1098: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2069	cd8.1098: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2070	cd8.1098: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2071	cd8.1098: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2072	cd8.1098: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2073	cd8.1098: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2074	cd8.1098: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2075	cd8.1098: supR3HardenedDllNotificationCallback: load 000007feec900000 LB 0x004f5000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
2076	cd8.1098: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2077	cd8.1098: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec900000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
2078	cd8.1098: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2079	cd8.1098: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2080	cd8.1098: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2081	cd8.1098: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
2082	cd8.1098: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2083	cd8.1098: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2084	cd8.1098: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
2085	cd8.1098: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
2086	cd8.1098: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2087	cd8.1098: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2088	cd8.1098: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2089	cd8.1098: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2090	cd8.1098: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2091	cd8.1098: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2092	cd8.1098: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2093	cd8.1098: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2094	cd8.1098: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2095	cd8.1098: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2096	cd8.1098: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2097	cd8.1098: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2098	cd8.1098: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2099	cd8.1098: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2100	cd8.1098: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2101	cd8.1098: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2102	cd8.1098: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2103	cd8.1098: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2104	cd8.1098: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2105	cd8.1098: supR3HardenedDllNotificationCallback: load 000007feee8d0000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
2106	cd8.1098: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2107	cd8.1098: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee8d0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
2108	cd8.1098: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2109	cd8.1098: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a03b0:C:\Windows\system32;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2110	cd8.1098: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8c0000 'C:\Windows\system32\oleaut32.dll'
2111	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff9d0000 'C:\Windows\system32\ADVAPI32.dll'
2112	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff130000 'C:\Windows\system32\gdi32.dll'
2113	cd8.ed8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2114	cd8.ed8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2115	cd8.ed8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll) WinVerifyTrust
2116	cd8.ed8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
2117	cd8.ed8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2118	cd8.ed8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2119	cd8.ed8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2120	cd8.ed8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2121	cd8.ed8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2122	cd8.ed8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
2123	cd8.ed8: supR3HardenedDllNotificationCallback: load 000007fefc7c0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
2124	cd8.ed8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
2125	cd8.ed8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc7c0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL'
2126	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2127	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2128	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe1d0000 'C:\Windows\system32\shell32.dll'
2129	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe1d0000 'C:\Windows\system32\shell32.dll'
2130	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe1d0000 'C:\Windows\system32\shell32.dll'
2131	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe1d0000 'C:\Windows\system32\shell32.dll'
2132	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe1d0000 'C:\Windows\system32\shell32.dll'
2133	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe1d0000 'C:\Windows\system32\shell32.dll'
2134	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff9d0000 'C:\Windows\system32\ADVAPI32.dll'
2135	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff680000 'C:\Windows\system32\ole32.dll'
2136	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
2137	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008a0dd0:C:\Windows\system32;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2138	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdff0000 'C:\Windows\system32\MSCTF.dll'
2139	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2140	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2141	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb580000 'C:\Windows\system32\WINMM.dll'
2142	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8c0000 'C:\Windows\system32\OLEAUT32.DLL'
2143	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe1d0000 'C:\Windows\system32\shell32.dll'
2144	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe1d0000 'C:\Windows\system32\shell32.dll'
2145	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff680000 'C:\Windows\system32\ole32.dll'
2146	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8c0000 'C:\Windows\system32\OLEAUT32.dll'
2147	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000914 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2148	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
2149	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
2150	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
2151	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
2152	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2153	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2154	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
2155	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2156	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2157	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
2158	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
2159	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
2160	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2161	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2162	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2163	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2164	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2165	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2166	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2167	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2168	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2169	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2170	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2171	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2172	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000918 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2173	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
2174	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
2175	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
2176	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
2177	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2178	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2179	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
2180	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2181	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2182	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
2183	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
2184	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2185	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2186	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2187	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2188	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2189	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2190	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2191	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2192	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2193	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2194	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2195	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2196	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2197	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2198	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002df4c30:C:\Windows\system32\wbem;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2199	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2200	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fef95a0000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
2201	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2202	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2203	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fef9510000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
2204	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2205	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2206	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077880000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
2207	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef95a0000 'C:\Windows\system32\wbem\wbemprox.dll'
2208	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000940 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2209	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
2210	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
2211	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
2212	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
2213	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2214	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2215	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2216	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
2217	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2218	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2219	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2220	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2221	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2222	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2223	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002e3da20:C:\Windows\system32\wbem;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2224	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2225	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fef8c80000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
2226	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2227	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8c80000 'C:\Windows\system32\wbem\wbemsvc.dll'
2228	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000094c pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2229	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
2230	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
2231	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
2232	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
2233	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2234	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2235	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
2236	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
2237	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
2238	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2239	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
2240	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
2241	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2242	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
2243	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
2244	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000934 pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2245	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
2246	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
2247	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
2248	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll'
2249	cd8.c20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2250	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2251	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
2252	cd8.c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
2253	cd8.c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll) WinVerifyTrust
2254	cd8.c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2255	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2256	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2257	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2258	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2259	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2260	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2261	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2262	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2263	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2264	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2265	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2266	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2267	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2268	cd8.c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2269	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2270	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2271	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2272	cd8.c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2273	cd8.c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002e3da20:C:\Windows\system32\wbem;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2274	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2275	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fef9180000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
2276	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2277	cd8.c20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2278	cd8.c20: supR3HardenedDllNotificationCallback: load 000007fefa5a0000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
2279	cd8.c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2280	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9180000 'C:\Windows\system32\wbem\fastprox.dll'
2281	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8c0000 'C:\Windows\system32\OLEAUT32.dll'
2282	cd8.11a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2283	cd8.11a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
2284	cd8.11a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2285	cd8.11a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
2286	cd8.11a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2287	cd8.11a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2288	cd8.11a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2289	cd8.11a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
2290	cd8.11a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
2291	cd8.11a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
2292	cd8.11a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2293	cd8.11a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
2294	cd8.11a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
2295	cd8.11a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2296	cd8.11a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2297	cd8.11a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2298	cd8.11a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2299	cd8.11a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2300	cd8.11a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2301	cd8.11a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2302	cd8.11a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2303	cd8.11a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2304	cd8.11a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2305	cd8.11a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2306	cd8.11a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2307	cd8.11a8: supR3HardenedDllNotificationCallback: load 000007feec4f0000 LB 0x0029d000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
2308	cd8.11a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2309	cd8.11a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2310	cd8.11a8: supR3HardenedDllNotificationCallback: load 000000006d130000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
2311	cd8.11a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2312	cd8.11a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec4f0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2313	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a08 pwszName=\Device\HarddiskVolume2\Windows\System32\netcfgx.dll
2314	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
2315	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
2316	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B2E2834BA132AEF0C1091DED23D983BBB0CDB980
2317	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\netcfgx.dll'
2318	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2319	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shlwapi.dll'.
2320	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2321	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
2322	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2323	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2324	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
2325	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'nsi.dll'.
2326	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'iphlpapi.dll'.
2327	cd8.11b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\netcfgx.dll) WinVerifyTrust
2328	cd8.11b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
2329	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2330	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2331	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a24 pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2332	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
2333	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
2334	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
2335	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
2336	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2337	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2338	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
2339	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
2340	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
2341	cd8.11b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
2342	cd8.11b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2343	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2344	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2345	cd8.11b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2346	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2347	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2348	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2349	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2350	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2351	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2352	cd8.11b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2353	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2354	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2355	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2356	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2357	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2358	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2359	cd8.11b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2360	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2361	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2362	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
2363	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
2364	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009f4 pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll
2365	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
2366	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
2367	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91
2368	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
2369	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2370	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2371	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2372	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
2373	cd8.11b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust
2374	cd8.11b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2375	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2376	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2377	cd8.11b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2378	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2379	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2380	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2381	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2382	cd8.11b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2383	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2384	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2385	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2386	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2387	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\netcfgx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002c75010:C:\Windows\system32;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2388	cd8.11b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
2389	cd8.11b4: supR3HardenedDllNotificationCallback: load 000007fef0580000 LB 0x00084000 C:\Windows\system32\netcfgx.dll [fFlags=0x0]
2390	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
2391	cd8.11b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2392	cd8.11b4: supR3HardenedDllNotificationCallback: load 000007fefc520000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0]
2393	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2394	cd8.11b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2395	cd8.11b4: supR3HardenedDllNotificationCallback: load 000007fefcab0000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0]
2396	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2397	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0580000 'C:\Windows\system32\netcfgx.dll'
2398	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2399	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2400	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdcc0000 'C:\Windows\system32\SETUPAPI.dll'
2401	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2402	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077880000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
2403	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
2404	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.dll (Input=WINTRUST.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2405	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9a0000 'C:\Windows\system32\WINTRUST.dll'
2406	cd8.11bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2407	cd8.11bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2408	cd8.11bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2409	cd8.11bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2410	cd8.11bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
2411	cd8.11bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2412	cd8.11bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2413	cd8.11bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2414	cd8.11bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2415	cd8.11bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2416	cd8.11bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2417	cd8.11bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2418	cd8.11bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2419	cd8.11bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2420	cd8.11bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2421	cd8.11bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2422	cd8.11bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2423	cd8.11bc: supR3HardenedDllNotificationCallback: load 000007fefbf00000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2424	cd8.11bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2425	cd8.11bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbf00000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2426	cd8.11bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077780000 'C:\Windows\system32\User32.dll'
2427	cd8.11c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2428	cd8.11c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2429	cd8.11c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2430	cd8.11c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
2431	cd8.11c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2432	cd8.11c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2433	cd8.11c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2434	cd8.11c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2435	cd8.11c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2436	cd8.11c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2437	cd8.11c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2438	cd8.11c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2439	cd8.11c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
2440	cd8.11c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2441	cd8.11c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2442	cd8.11c8: supR3HardenedDllNotificationCallback: load 000007fefa9f0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2443	cd8.11c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2444	cd8.11c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2445	cd8.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2446	cd8.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2447	cd8.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2448	cd8.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
2449	cd8.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2450	cd8.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2451	cd8.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2452	cd8.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2453	cd8.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2454	cd8.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2455	cd8.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2456	cd8.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2457	cd8.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2458	cd8.10cc: supR3HardenedDllNotificationCallback: load 000007fefa790000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
2459	cd8.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2460	cd8.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa790000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
2461	cd8.10d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2462	cd8.10d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2463	cd8.10d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2464	cd8.10d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
2465	cd8.10d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2466	cd8.10d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2467	cd8.10d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2468	cd8.10d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2469	cd8.10d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2470	cd8.10d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2471	cd8.10d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2472	cd8.10d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2473	cd8.10d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2474	cd8.10d8: supR3HardenedDllNotificationCallback: load 000007fefa780000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
2475	cd8.10d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2476	cd8.10d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa780000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
2477	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2478	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2479	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe1d0000 'C:\Windows\system32\Shell32.dll'
2480	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2481	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8a0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
2482	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2483	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2484	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec4f0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2485	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2486	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2487	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2488	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2489	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2490	cd8.11b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
2491	cd8.11b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2492	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2493	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2494	cd8.11b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2495	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2496	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2497	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2498	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2499	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2500	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2501	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2502	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2503	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2504	cd8.11b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2505	cd8.11b4: supR3HardenedDllNotificationCallback: load 000007fef7470000 LB 0x0002d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2506	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2507	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7470000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
2508	cd8.11b4: supR3HardenedDllNotificationCallback: Unload 000007fef7470000 LB 0x0002d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
2509	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2510	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2511	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2512	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2513	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2514	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2515	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2516	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2517	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2518	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2519	cd8.11b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
2520	cd8.11b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2521	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2522	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2523	cd8.11b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2524	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2525	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2526	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2527	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2528	cd8.11b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2529	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2530	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2531	cd8.11b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2532	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2533	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2534	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2535	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2536	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2537	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2538	cd8.11b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
2539	cd8.11b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2540	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2541	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
2542	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2543	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2544	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2545	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2546	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2547	cd8.11b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
2548	cd8.11b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2549	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2550	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2551	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2552	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2553	cd8.11b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2554	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2555	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2556	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2557	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2558	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2559	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2560	cd8.11b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2561	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2562	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2563	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2564	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2565	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2566	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2567	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2568	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2569	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2570	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2571	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2572	cd8.11b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2573	cd8.11b4: supR3HardenedDllNotificationCallback: load 000007fee9d40000 LB 0x008c5000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
2574	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2575	cd8.11b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2576	cd8.11b4: supR3HardenedDllNotificationCallback: load 000007feef060000 LB 0x00057000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
2577	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2578	cd8.11b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2579	cd8.11b4: supR3HardenedDllNotificationCallback: load 000007fef7440000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
2580	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2581	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee9d40000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
2582	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2583	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2584	cd8.11b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2585	cd8.11b4: supR3HardenedDllNotificationCallback: load 000007fef5ca0000 LB 0x0002d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2586	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2587	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5ca0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
2588	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2589	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2590	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec900000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
2591	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2592	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2593	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7440000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
2594	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2595	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2596	cd8.11b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
2597	cd8.11b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2598	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2599	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2600	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2601	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2602	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2603	cd8.11b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2604	cd8.11b4: supR3HardenedDllNotificationCallback: load 000007fefa760000 LB 0x0001e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
2605	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2606	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa760000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
2607	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2608	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2609	cd8.11b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
2610	cd8.11b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2611	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2612	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2613	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2614	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2615	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2616	cd8.11b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2617	cd8.11b4: supR3HardenedDllNotificationCallback: load 000007fef7420000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
2618	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2619	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7420000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
2620	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2621	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2622	cd8.11b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
2623	cd8.11b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2624	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2625	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2626	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2627	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2628	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2629	cd8.11b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2630	cd8.11b4: supR3HardenedDllNotificationCallback: load 000007fef5c50000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
2631	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2632	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5c50000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
2633	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2634	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2635	cd8.11b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
2636	cd8.11b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2637	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2638	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2639	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2640	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2641	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2642	cd8.11b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2643	cd8.11b4: supR3HardenedDllNotificationCallback: load 000007fef5c30000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
2644	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2645	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5c30000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
2646	cd8.1128: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2647	cd8.1128: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2648	cd8.1128: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2649	cd8.1128: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
2650	cd8.1128: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2651	cd8.1128: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2652	cd8.1128: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2653	cd8.1128: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2654	cd8.1128: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2655	cd8.1128: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2656	cd8.1128: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2657	cd8.1128: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2658	cd8.1128: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2659	cd8.1128: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2660	cd8.1128: supR3HardenedDllNotificationCallback: load 000007fef7f50000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
2661	cd8.1128: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2662	cd8.1128: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7f50000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
2663	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2664	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2665	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2666	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2667	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
2668	cd8.11b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
2669	cd8.11b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2670	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2671	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2672	cd8.11b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2673	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2674	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2675	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2676	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2677	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2678	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2679	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2680	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2681	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2682	cd8.11b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2683	cd8.11b4: supR3HardenedDllNotificationCallback: load 000007feec810000 LB 0x000e5000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
2684	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
2685	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec810000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
2686	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ca8 pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
2687	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
2688	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
2689	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6C3E3D9F8B48D816E52C31576FFFD4AF86AB813
2690	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
2691	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2692	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2693	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
2694	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2695	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2696	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
2697	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
2698	cd8.11b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
2699	cd8.11b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
2700	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
2701	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
2702	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cac pwszName=\Device\HarddiskVolume2\Windows\System32\powrprof.dll
2703	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
2704	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
2705	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0B7DE18787DB24DAD3580634869A9A8FF4AB48F
2706	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\powrprof.dll'
2707	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2708	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2709	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2710	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2711	cd8.11b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll) WinVerifyTrust
2712	cd8.11b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
2713	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2714	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2715	cd8.11b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2716	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2717	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2718	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2719	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2720	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2721	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2722	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2723	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2724	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2725	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2726	cd8.11b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2727	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2728	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2729	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2730	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2731	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000092301a0:C:\Windows\System32;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2732	cd8.11b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2733	cd8.11b4: supR3HardenedDllNotificationCallback: load 000007feeb510000 LB 0x00088000 C:\Windows\System32\dsound.dll [fFlags=0x0]
2734	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2735	cd8.11b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
2736	cd8.11b4: supR3HardenedDllNotificationCallback: load 000007fefbc70000 LB 0x0002c000 C:\Windows\System32\POWRPROF.dll [fFlags=0x0]
2737	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
2738	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2739	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2740	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb510000 'C:\Windows\System32\dsound.dll'
2741	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb510000 'C:\Windows\System32\dsound.dll'
2742	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2743	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2744	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb510000 'C:\Windows\system32\dsound.dll'
2745	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cb0 pwszName=\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2746	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
2747	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
2748	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=704F97298D44B8146C54067788F597E0BF365197
2749	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll'
2750	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2751	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2752	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2753	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2754	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
2755	cd8.11b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
2756	cd8.11b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2757	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
2758	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
2759	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cd4 pwszName=\Device\HarddiskVolume2\Windows\System32\propsys.dll
2760	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
2761	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
2762	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A1594E841359779EF7EA7EBCF775D89F55388D3
2763	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\propsys.dll'
2764	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2765	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2766	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
2767	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
2768	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2769	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2770	cd8.11b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
2771	cd8.11b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
2772	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2773	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2774	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2775	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2776	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2777	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2778	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2779	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2780	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2781	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2782	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2783	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2784	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2785	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2786	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2787	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2788	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000092301a0:C:\Windows\System32;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2789	cd8.11b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2790	cd8.11b4: supR3HardenedDllNotificationCallback: load 000007fefbe80000 LB 0x0004b000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
2791	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2792	cd8.11b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
2793	cd8.11b4: supR3HardenedDllNotificationCallback: load 000007fefbd50000 LB 0x0012c000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0]
2794	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
2795	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff9d0000 'C:\Windows\system32\ADVAPI32.dll'
2796	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe80000 'C:\Windows\System32\MMDevApi.dll'
2797	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff680000 'C:\Windows\system32\ole32.dll'
2798	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdcc0000 'C:\Windows\system32\SETUPAPI.dll'
2799	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2800	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2801	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff3a0000 'C:\Windows\system32\SHLWAPI.dll'
2802	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2803	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2804	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe80000 'C:\Windows\system32\MMDEVAPI.DLL'
2805	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff680000 'C:\Windows\system32\ole32.dll'
2806	cd8.115c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2807	cd8.115c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2808	cd8.115c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdbc0000 'C:\Windows\system32\CFGMGR32.dll'
2809	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2810	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2811	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb580000 'C:\Windows\system32\winmm.dll'
2812	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2813	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8a0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
2814	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2815	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8a0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
2816	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff000000 'C:\Windows\system32\RPCRT4.dll'
2817	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2818	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2819	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe80000 'C:\Windows\system32\MMDevAPI.DLL'
2820	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cfc pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2821	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
2822	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
2823	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4B64306F5558D2DEC53CF11AAF17F02438929FDD
2824	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
2825	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2826	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2827	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2828	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2829	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2830	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
2831	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ksuser.dll'.
2832	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
2833	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'avrt.dll'.
2834	cd8.11b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
2835	cd8.11b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2836	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
2837	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
2838	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d00 pwszName=\Device\HarddiskVolume2\Windows\System32\avrt.dll
2839	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
2840	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
2841	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1362C343929DD08AB918B38DE195D1A11B1D1365
2842	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\avrt.dll'
2843	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2844	cd8.11b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
2845	cd8.11b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
2846	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
2847	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
2848	cd8.11b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2849	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
2850	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
2851	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d1c pwszName=\Device\HarddiskVolume2\Windows\System32\ksuser.dll
2852	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
2853	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
2854	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EC3873F9ACBE279185D3540F02128F42D21D0856
2855	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ksuser.dll'
2856	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2857	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2858	cd8.11b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
2859	cd8.11b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
2860	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2861	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2862	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2863	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2864	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2865	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2866	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2867	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2868	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2869	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2870	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2871	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2872	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2873	cd8.11b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2874	cd8.11b4: supR3HardenedDllNotificationCallback: load 000007fefbfd0000 LB 0x0003b000 C:\Windows\system32\wdmaud.drv [fFlags=0x0]
2875	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2876	cd8.11b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
2877	cd8.11b4: supR3HardenedDllNotificationCallback: load 0000000075670000 LB 0x00006000 C:\Windows\system32\ksuser.dll [fFlags=0x0]
2878	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
2879	cd8.11b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
2880	cd8.11b4: supR3HardenedDllNotificationCallback: load 000007fefbc60000 LB 0x00009000 C:\Windows\system32\AVRT.dll [fFlags=0x0]
2881	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
2882	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfd0000 'C:\Windows\system32\wdmaud.drv'
2883	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2884	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2885	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfd0000 'C:\Windows\system32\wdmaud.drv'
2886	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2887	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2888	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfd0000 'C:\Windows\system32\wdmaud.drv'
2889	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2890	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2891	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfd0000 'C:\Windows\system32\wdmaud.drv'
2892	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2893	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2894	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfd0000 'C:\Windows\system32\wdmaud.drv'
2895	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d34 pwszName=\Device\HarddiskVolume2\Windows\System32\AudioSes.dll
2896	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
2897	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
2898	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1B5BCEE9F60F75E176D19C778D9B6CD5DBEB84BB
2899	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\AudioSes.dll'
2900	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2901	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2902	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2903	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2904	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2905	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2906	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
2907	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
2908	cd8.11b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
2909	cd8.11b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
2910	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
2911	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
2912	cd8.11b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2913	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2914	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2915	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2916	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2917	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2918	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2919	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2920	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2921	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2922	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2923	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2924	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2925	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2926	cd8.11b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
2927	cd8.11b4: supR3HardenedDllNotificationCallback: load 000007fefb460000 LB 0x0004f000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0]
2928	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
2929	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb460000 'C:\Windows\system32\AUDIOSES.DLL'
2930	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2931	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2932	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfd0000 'C:\Windows\system32\wdmaud.drv'
2933	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2934	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2935	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfd0000 'C:\Windows\system32\wdmaud.drv'
2936	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfd0000 'C:\Windows\system32\wdmaud.drv'
2937	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfd0000 'C:\Windows\system32\wdmaud.drv'
2938	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfd0000 'C:\Windows\system32\wdmaud.drv'
2939	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfd0000 'C:\Windows\system32\wdmaud.drv'
2940	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d24 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
2941	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
2942	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
2943	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=522563F5384AD4C93CF5CF4EEA899D3267552328
2944	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
2945	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2946	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2947	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
2948	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
2949	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
2950	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
2951	cd8.11b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
2952	cd8.11b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2953	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
2954	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
2955	cd8.11b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2956	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
2957	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
2958	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d40 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.dll
2959	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
2960	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
2961	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCA0A8AEE81B82C402AA72A300B2C8D2DC17C1DA
2962	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.dll'
2963	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2964	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2965	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2966	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2967	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
2968	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
2969	cd8.11b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
2970	cd8.11b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
2971	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2972	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2973	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2974	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2975	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2976	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2977	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2978	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2979	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2980	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2981	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2982	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2983	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2984	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2985	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2986	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2987	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2988	cd8.11b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2989	cd8.11b4: supR3HardenedDllNotificationCallback: load 000007fefbfc0000 LB 0x0000a000 C:\Windows\system32\msacm32.drv [fFlags=0x0]
2990	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2991	cd8.11b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
2992	cd8.11b4: supR3HardenedDllNotificationCallback: load 000007fefbfa0000 LB 0x00018000 C:\Windows\system32\MSACM32.dll [fFlags=0x0]
2993	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
2994	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfc0000 'C:\Windows\system32\msacm32.drv'
2995	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2996	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
2997	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfc0000 'C:\Windows\system32\msacm32.drv'
2998	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2999	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
3000	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfc0000 'C:\Windows\system32\msacm32.drv'
3001	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3002	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
3003	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfc0000 'C:\Windows\system32\msacm32.drv'
3004	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3005	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
3006	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfc0000 'C:\Windows\system32\msacm32.drv'
3007	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3008	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
3009	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfc0000 'C:\Windows\system32\msacm32.drv'
3010	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3011	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
3012	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfc0000 'C:\Windows\system32\msacm32.drv'
3013	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfc0000 'C:\Windows\system32\msacm32.drv'
3014	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfc0000 'C:\Windows\system32\msacm32.drv'
3015	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbfc0000 'C:\Windows\system32\msacm32.drv'
3016	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cf4 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
3017	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000825280
3018	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000825280
3019	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43116C5C719A4751DA70B12932084D73D7AACEA3
3020	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
3021	cd8.11b4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3022	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3023	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
3024	cd8.11b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
3025	cd8.11b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
3026	cd8.11b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
3027	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3028	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3029	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3030	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3031	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3032	cd8.11b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3033	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
3034	cd8.11b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3035	cd8.11b4: supR3HardenedDllNotificationCallback: load 000007fefbf90000 LB 0x00009000 C:\Windows\system32\midimap.dll [fFlags=0x0]
3036	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3037	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbf90000 'C:\Windows\system32\midimap.dll'
3038	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3039	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
3040	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbf90000 'C:\Windows\system32\midimap.dll'
3041	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3042	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
3043	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbf90000 'C:\Windows\system32\midimap.dll'
3044	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3045	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
3046	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbf90000 'C:\Windows\system32\midimap.dll'
3047	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb580000 'C:\Windows\system32\winmm.dll'
3048	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3049	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
3050	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb510000 'C:\Windows\system32\dsound.dll'
3051	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb580000 'C:\Windows\system32\winmm.dll'
3052	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3053	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
3054	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb510000 'C:\Windows\system32\dsound.dll'
3055	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb580000 'C:\Windows\system32\winmm.dll'
3056	cd8.11b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
3057	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007e3f70:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\PuTTY\ [calling]
3058	cd8.11b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec4f0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
3059	cd8.11a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8c0000 'C:\Windows\system32\OLEAUT32.dll'
3060	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe1d0000 'C:\Windows\system32\shell32.dll'
3061	cd8.c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe1d0000 'C:\Windows\system32\shell32.dll'
3062	cd8.1214: supR3HardenedDllNotificationCallback: Unload 000007fef0580000 LB 0x00084000 C:\Windows\system32\netcfgx.dll [flags=0x0]

Download in other formats:

Original Format