984.1214: Log file opened: 5.1.6r110634 g_hStartupLog=000000fc g_uNtVerCombined=0x611db110 984.1214: \SystemRoot\System32\ntdll.dll: 984.1214: CreationTime: 2016-09-04T06:14:46.672774900Z 984.1214: LastWriteTime: 2016-09-04T06:14:46.677775100Z 984.1214: ChangeTime: 2016-09-04T11:18:16.453577700Z 984.1214: FileAttributes: 0x20 984.1214: Size: 0x13ab88 984.1214: NT Headers: 0xd0 984.1214: Timestamp: 0x521ea91c 984.1214: Machine: 0x14c - i386 984.1214: Timestamp: 0x521ea91c 984.1214: Image Version: 6.1 984.1214: SizeOfImage: 0x13c000 (1294336) 984.1214: Resource Dir: 0xe0000 LB 0x560d8 984.1214: ProductName: Microsoft® Windows® Operating System 984.1214: ProductVersion: 6.1.7601.18247 984.1214: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532) 984.1214: FileDescription: NT Layer DLL 984.1214: \SystemRoot\System32\kernel32.dll: 984.1214: CreationTime: 2016-09-04T06:12:47.120793300Z 984.1214: LastWriteTime: 2016-09-04T06:12:47.120793300Z 984.1214: ChangeTime: 2016-09-04T11:18:14.581574500Z 984.1214: FileAttributes: 0x20 984.1214: Size: 0xd4000 984.1214: NT Headers: 0xf0 984.1214: Timestamp: 0x503275b9 984.1214: Machine: 0x14c - i386 984.1214: Timestamp: 0x503275b9 984.1214: Image Version: 6.1 984.1214: SizeOfImage: 0xd4000 (868352) 984.1214: Resource Dir: 0xc7000 LB 0x528 984.1214: ProductName: Microsoft® Windows® Operating System 984.1214: ProductVersion: 6.1.7601.17932 984.1214: FileVersion: 6.1.7601.17932 (win7sp1_gdr.120820-0419) 984.1214: FileDescription: Windows NT BASE API Client DLL 984.1214: \SystemRoot\System32\KernelBase.dll: 984.1214: CreationTime: 2016-09-04T06:12:47.120793300Z 984.1214: LastWriteTime: 2016-09-04T06:12:47.120793300Z 984.1214: ChangeTime: 2016-09-04T11:18:14.643974600Z 984.1214: FileAttributes: 0x20 984.1214: Size: 0x47a00 984.1214: NT Headers: 0xe0 984.1214: Timestamp: 0x503275ba 984.1214: Machine: 0x14c - i386 984.1214: Timestamp: 0x503275ba 984.1214: Image Version: 6.1 984.1214: SizeOfImage: 0x4b000 (307200) 984.1214: Resource Dir: 0x47000 LB 0x530 984.1214: ProductName: Microsoft® Windows® Operating System 984.1214: ProductVersion: 6.1.7601.17932 984.1214: FileVersion: 6.1.7601.17932 (win7sp1_gdr.120820-0419) 984.1214: FileDescription: Windows NT BASE API Client DLL 984.1214: \SystemRoot\System32\apisetschema.dll: 984.1214: CreationTime: 2009-07-13T23:10:57.463372600Z 984.1214: LastWriteTime: 2009-07-14T01:03:49.551000000Z 984.1214: ChangeTime: 2016-09-03T11:31:35.226366800Z 984.1214: FileAttributes: 0x20 984.1214: Size: 0x1a00 984.1214: NT Headers: 0xc0 984.1214: Timestamp: 0x4a5bd9b5 984.1214: Machine: 0x14c - i386 984.1214: Timestamp: 0x4a5bd9b5 984.1214: Image Version: 6.1 984.1214: SizeOfImage: 0x50000 (327680) 984.1214: Resource Dir: 0x30000 LB 0x3f0 984.1214: ProductName: Microsoft® Windows® Operating System 984.1214: ProductVersion: 6.1.7600.16385 984.1214: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255) 984.1214: FileDescription: ApiSet Schema DLL 984.1214: supR3HardenedWinFindAdversaries: 0x80 984.1214: \SystemRoot\System32\drivers\MBAMSwissArmy.sys: 984.1214: CreationTime: 2016-08-29T10:06:47.906149200Z 984.1214: LastWriteTime: 2016-10-12T11:35:25.774634500Z 984.1214: ChangeTime: 2016-10-12T11:35:25.774634500Z 984.1214: FileAttributes: 0x20 984.1214: Size: 0x298d8 984.1214: NT Headers: 0xd0 984.1214: Timestamp: 0x55b855c7 984.1214: Machine: 0x14c - i386 984.1214: Timestamp: 0x55b855c7 984.1214: Image Version: 6.1 984.1214: SizeOfImage: 0x2d000 (184320) 984.1214: Resource Dir: 0x2a000 LB 0x3b8 984.1214: ProductName: Malwarebytes Anti-Malware 984.1214: ProductVersion: 0.3.0.0 984.1214: FileVersion: 0.3.0.0 984.1214: FileDescription: Malwarebytes Anti-Malware 984.1214: \SystemRoot\System32\drivers\mwac.sys: 984.1214: CreationTime: 2016-08-29T10:06:09.598866400Z 984.1214: LastWriteTime: 2016-03-10T07:09:04.000000000Z 984.1214: ChangeTime: 2016-08-29T10:06:09.614466400Z 984.1214: FileAttributes: 0x20 984.1214: Size: 0xcf80 984.1214: NT Headers: 0xe0 984.1214: Timestamp: 0x53a0f41c 984.1214: Machine: 0x14c - i386 984.1214: Timestamp: 0x53a0f41c 984.1214: Image Version: 6.2 984.1214: SizeOfImage: 0xf000 (61440) 984.1214: Resource Dir: 0xd000 LB 0x3e0 984.1214: ProductName: Malwarebytes Web Access Control 984.1214: ProductVersion: 1.0.6.0 984.1214: FileVersion: 1.0.6.0 984.1214: FileDescription: Malwarebytes Web Access Control 984.1214: \SystemRoot\System32\drivers\mbamchameleon.sys: 984.1214: CreationTime: 2016-08-29T10:06:09.614466400Z 984.1214: LastWriteTime: 2016-03-10T07:08:56.000000000Z 984.1214: ChangeTime: 2016-08-29T10:06:09.645666400Z 984.1214: FileAttributes: 0x20 984.1214: Size: 0x1ed80 984.1214: NT Headers: 0xd0 984.1214: Timestamp: 0x56a9574c 984.1214: Machine: 0x14c - i386 984.1214: Timestamp: 0x56a9574c 984.1214: Image Version: 6.1 984.1214: SizeOfImage: 0x22000 (139264) 984.1214: Resource Dir: 0x1f000 LB 0xba8 984.1214: ProductName: Malwarebytes Chameleon 984.1214: ProductVersion: 1.1.22.0 984.1214: FileVersion: 1.1.22.0 984.1214: FileDescription: Malwarebytes Chameleon Protection Driver 984.1214: \SystemRoot\System32\drivers\mbam.sys: 984.1214: CreationTime: 2016-08-29T10:06:09.583266300Z 984.1214: LastWriteTime: 2016-03-10T07:08:52.000000000Z 984.1214: ChangeTime: 2016-08-29T10:06:09.583266300Z 984.1214: FileAttributes: 0x20 984.1214: Size: 0x5f80 984.1214: NT Headers: 0xd8 984.1214: Timestamp: 0x55ca3252 984.1214: Machine: 0x14c - i386 984.1214: Timestamp: 0x55ca3252 984.1214: Image Version: 6.1 984.1214: SizeOfImage: 0x9000 (36864) 984.1214: Resource Dir: 0x7000 LB 0x3a0 984.1214: ProductName: Malwarebytes Anti-Malware 984.1214: ProductVersion: 0.1.16.0 984.1214: FileVersion: 0.1.16.0 984.1214: FileDescription: Malwarebytes Anti-Malware 984.1214: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 984.1214: Calling main() 984.1214: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 984.1214: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 984.1214: SUPR3HardenedMain: Respawn #1 984.1214: System32: \Device\HarddiskVolume2\Windows\System32 984.1214: WinSxS: \Device\HarddiskVolume2\Windows\winsxs 984.1214: KnownDllPath: C:\Windows\system32 984.1214: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 984.1214: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 984.1214: supR3HardNtEnableThreadCreation: 984.1214: supR3HardNtDisableThreadCreation: pvLdrInitThunk=76f33649 pvNtTerminateThread=76f16918 984.1214: supR3HardenedWinDoReSpawn(1): New child 1584.11ac [kernel32]. 984.1214: supR3HardNtChildGatherData: PebBaseAddress=7ffd7000 cbPeb=0x248 984.1214: supR3HardNtPuChFindNtdll: uNtDllParentAddr=76ed0000 uNtDllChildAddr=76ed0000 984.1214: supR3HardenedWinSetupChildInit: uLdrInitThunk=76f33649 984.1214: supR3HardenedWinSetupChildInit: Start child. 984.1214: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 262 ms. 984.1214: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 0 sleeps 984.1214: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 984.1214: *00000000-fffeffff 0x0001/0x0000 0x0000000 984.1214: *00010000-fffeffff 0x0004/0x0004 0x0020000 984.1214: *00030000-0002bfff 0x0002/0x0002 0x0040000 984.1214: 00034000-00027fff 0x0001/0x0000 0x0000000 984.1214: *00040000-0003efff 0x0004/0x0004 0x0020000 984.1214: 00041000-00031fff 0x0001/0x0000 0x0000000 984.1214: *00050000-0004efff 0x0004/0x0004 0x0020000 984.1214: 00051000-ffec1fff 0x0001/0x0000 0x0000000 984.1214: *001e0000-000e2fff 0x0000/0x0004 0x0020000 984.1214: 002dd000-002dbfff 0x0104/0x0004 0x0020000 984.1214: 002de000-002dbfff 0x0004/0x0004 0x0020000 984.1214: 002e0000-ff5bffff 0x0001/0x0000 0x0000000 984.1214: *01000000-01000fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 984.1214: 01001000-01065fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 984.1214: 01066000-01066fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 984.1214: 01067000-0109ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 984.1214: 010a0000-010a0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 984.1214: 010a1000-010a1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 984.1214: 010a2000-010a2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 984.1214: 010a3000-010a3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 984.1214: 010a4000-010a8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 984.1214: 010a9000-010abfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 984.1214: 010ac000-010effff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 984.1214: 010f0000-8b30ffff 0x0001/0x0000 0x0000000 984.1214: *76ed0000-76ed0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 984.1214: 76ed1000-76fa6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 984.1214: 76fa7000-76facfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 984.1214: 76fad000-76fadfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 984.1214: 76fae000-76faffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 984.1214: 76fb0000-7700bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 984.1214: 7700c000-76f07fff 0x0001/0x0000 0x0000000 984.1214: *77110000-77110fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll 984.1214: 77111000-6e271fff 0x0001/0x0000 0x0000000 984.1214: *7ffb0000-7ff8cfff 0x0002/0x0002 0x0040000 984.1214: 7ffd3000-7ffcefff 0x0001/0x0000 0x0000000 984.1214: *7ffd7000-7ffd5fff 0x0004/0x0004 0x0020000 984.1214: 7ffd8000-7ffd0fff 0x0001/0x0000 0x0000000 984.1214: *7ffdf000-7ffddfff 0x0004/0x0004 0x0020000 984.1214: *7ffe0000-7ffdefff 0x0002/0x0002 0x0020000 984.1214: 7ffe1000-7ffd1fff 0x0001/0x0002 0x0020000 984.1214: apisetschema.dll: timestamp 0x4a5bd9b5 (rc=VINF_SUCCESS) 984.1214: VirtualBox.exe: timestamp 0x57d6d9bf (rc=VINF_SUCCESS) 984.1214: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 984.1214: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports 984.1214: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 984.1214: supR3HardNtChildPurify: Done after 595 ms and 0 fixes (loop #0). 1584.11ac: Log file opened: 5.1.6r110634 g_hStartupLog=00000004 g_uNtVerCombined=0x611db100 1584.11ac: supR3HardenedVmProcessInit: uNtDllAddr=76ed0000 g_uNtVerCombined=0x611db100 984.1214: supR3HardNtEnableThreadCreation: 1584.11ac: ntdll.dll: timestamp 0x521ea91c (rc=VINF_SUCCESS) 1584.11ac: New simple heap: #1 002e0000 LB 0x400000 (for 1294336 allocation) 1584.11ac: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 1584.11ac: System32: \Device\HarddiskVolume2\Windows\System32 1584.11ac: WinSxS: \Device\HarddiskVolume2\Windows\winsxs 1584.11ac: KnownDllPath: C:\Windows\system32 1584.11ac: supR3HardenedVmProcessInit: Opening vboxdrv stub... 1584.11ac: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 1584.11ac: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 1584.11ac: Registered Dll notification callback with NTDLL. 1584.11ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) 1584.11ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll 1584.11ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000: [calling] 1584.11ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1584.11ac: supR3HardenedDllNotificationCallback: load 76b00000 LB 0x000d4000 C:\Windows\system32\kernel32.dll [fFlags=0x0] 1584.11ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1584.11ac: supR3HardenedDllNotificationCallback: load 75180000 LB 0x0004b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] 1584.11ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) 1584.11ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 1584.11ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76b00000 'C:\Windows\system32\kernel32.dll' 984.1214: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 95 ms. 1584.11ac: supR3HardNtDisableThreadCreation: pvLdrInitThunk=76f33649 pvNtTerminateThread=76f16918 1584.11ac: \SystemRoot\System32\ntdll.dll: 1584.11ac: CreationTime: 2016-09-04T06:14:46.672774900Z 1584.11ac: LastWriteTime: 2016-09-04T06:14:46.677775100Z 1584.11ac: ChangeTime: 2016-09-04T11:18:16.453577700Z 1584.11ac: FileAttributes: 0x20 1584.11ac: Size: 0x13ab88 1584.11ac: NT Headers: 0xd0 1584.11ac: Timestamp: 0x521ea91c 1584.11ac: Machine: 0x14c - i386 1584.11ac: Timestamp: 0x521ea91c 1584.11ac: Image Version: 6.1 1584.11ac: SizeOfImage: 0x13c000 (1294336) 1584.11ac: Resource Dir: 0xe0000 LB 0x560d8 1584.11ac: ProductName: Microsoft® Windows® Operating System 1584.11ac: ProductVersion: 6.1.7601.18247 1584.11ac: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532) 1584.11ac: FileDescription: NT Layer DLL 1584.11ac: \SystemRoot\System32\kernel32.dll: 1584.11ac: CreationTime: 2016-09-04T06:12:47.120793300Z 1584.11ac: LastWriteTime: 2016-09-04T06:12:47.120793300Z 1584.11ac: ChangeTime: 2016-09-04T11:18:14.581574500Z 1584.11ac: FileAttributes: 0x20 1584.11ac: Size: 0xd4000 1584.11ac: NT Headers: 0xf0 1584.11ac: Timestamp: 0x503275b9 1584.11ac: Machine: 0x14c - i386 1584.11ac: Timestamp: 0x503275b9 1584.11ac: Image Version: 6.1 1584.11ac: SizeOfImage: 0xd4000 (868352) 1584.11ac: Resource Dir: 0xc7000 LB 0x528 1584.11ac: ProductName: Microsoft® Windows® Operating System 1584.11ac: ProductVersion: 6.1.7601.17932 1584.11ac: FileVersion: 6.1.7601.17932 (win7sp1_gdr.120820-0419) 1584.11ac: FileDescription: Windows NT BASE API Client DLL 1584.11ac: \SystemRoot\System32\KernelBase.dll: 1584.11ac: CreationTime: 2016-09-04T06:12:47.120793300Z 1584.11ac: LastWriteTime: 2016-09-04T06:12:47.120793300Z 1584.11ac: ChangeTime: 2016-09-04T11:18:14.643974600Z 1584.11ac: FileAttributes: 0x20 1584.11ac: Size: 0x47a00 1584.11ac: NT Headers: 0xe0 1584.11ac: Timestamp: 0x503275ba 1584.11ac: Machine: 0x14c - i386 1584.11ac: Timestamp: 0x503275ba 1584.11ac: Image Version: 6.1 1584.11ac: SizeOfImage: 0x4b000 (307200) 1584.11ac: Resource Dir: 0x47000 LB 0x530 1584.11ac: ProductName: Microsoft® Windows® Operating System 1584.11ac: ProductVersion: 6.1.7601.17932 1584.11ac: FileVersion: 6.1.7601.17932 (win7sp1_gdr.120820-0419) 1584.11ac: FileDescription: Windows NT BASE API Client DLL 1584.11ac: \SystemRoot\System32\apisetschema.dll: 1584.11ac: CreationTime: 2009-07-13T23:10:57.463372600Z 1584.11ac: LastWriteTime: 2009-07-14T01:03:49.551000000Z 1584.11ac: ChangeTime: 2016-09-03T11:31:35.226366800Z 1584.11ac: FileAttributes: 0x20 1584.11ac: Size: 0x1a00 1584.11ac: NT Headers: 0xc0 1584.11ac: Timestamp: 0x4a5bd9b5 1584.11ac: Machine: 0x14c - i386 1584.11ac: Timestamp: 0x4a5bd9b5 1584.11ac: Image Version: 6.1 1584.11ac: SizeOfImage: 0x50000 (327680) 1584.11ac: Resource Dir: 0x30000 LB 0x3f0 1584.11ac: ProductName: Microsoft® Windows® Operating System 1584.11ac: ProductVersion: 6.1.7600.16385 1584.11ac: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255) 1584.11ac: FileDescription: ApiSet Schema DLL 1584.11ac: supR3HardenedWinFindAdversaries: 0x80 1584.11ac: \SystemRoot\System32\drivers\MBAMSwissArmy.sys: 1584.11ac: CreationTime: 2016-08-29T10:06:47.906149200Z 1584.11ac: LastWriteTime: 2016-10-12T11:35:25.774634500Z 1584.11ac: ChangeTime: 2016-10-12T11:35:25.774634500Z 1584.11ac: FileAttributes: 0x20 1584.11ac: Size: 0x298d8 1584.11ac: NT Headers: 0xd0 1584.11ac: Timestamp: 0x55b855c7 1584.11ac: Machine: 0x14c - i386 1584.11ac: Timestamp: 0x55b855c7 1584.11ac: Image Version: 6.1 1584.11ac: SizeOfImage: 0x2d000 (184320) 1584.11ac: Resource Dir: 0x2a000 LB 0x3b8 1584.11ac: ProductName: Malwarebytes Anti-Malware 1584.11ac: ProductVersion: 0.3.0.0 1584.11ac: FileVersion: 0.3.0.0 1584.11ac: FileDescription: Malwarebytes Anti-Malware 1584.11ac: \SystemRoot\System32\drivers\mwac.sys: 1584.11ac: CreationTime: 2016-08-29T10:06:09.598866400Z 1584.11ac: LastWriteTime: 2016-03-10T07:09:04.000000000Z 1584.11ac: ChangeTime: 2016-08-29T10:06:09.614466400Z 1584.11ac: FileAttributes: 0x20 1584.11ac: Size: 0xcf80 1584.11ac: NT Headers: 0xe0 1584.11ac: Timestamp: 0x53a0f41c 1584.11ac: Machine: 0x14c - i386 1584.11ac: Timestamp: 0x53a0f41c 1584.11ac: Image Version: 6.2 1584.11ac: SizeOfImage: 0xf000 (61440) 1584.11ac: Resource Dir: 0xd000 LB 0x3e0 1584.11ac: ProductName: Malwarebytes Web Access Control 1584.11ac: ProductVersion: 1.0.6.0 1584.11ac: FileVersion: 1.0.6.0 1584.11ac: FileDescription: Malwarebytes Web Access Control 1584.11ac: \SystemRoot\System32\drivers\mbamchameleon.sys: 1584.11ac: CreationTime: 2016-08-29T10:06:09.614466400Z 1584.11ac: LastWriteTime: 2016-03-10T07:08:56.000000000Z 1584.11ac: ChangeTime: 2016-08-29T10:06:09.645666400Z 1584.11ac: FileAttributes: 0x20 1584.11ac: Size: 0x1ed80 1584.11ac: NT Headers: 0xd0 1584.11ac: Timestamp: 0x56a9574c 1584.11ac: Machine: 0x14c - i386 1584.11ac: Timestamp: 0x56a9574c 1584.11ac: Image Version: 6.1 1584.11ac: SizeOfImage: 0x22000 (139264) 1584.11ac: Resource Dir: 0x1f000 LB 0xba8 1584.11ac: ProductName: Malwarebytes Chameleon 1584.11ac: ProductVersion: 1.1.22.0 1584.11ac: FileVersion: 1.1.22.0 1584.11ac: FileDescription: Malwarebytes Chameleon Protection Driver 1584.11ac: \SystemRoot\System32\drivers\mbam.sys: 1584.11ac: CreationTime: 2016-08-29T10:06:09.583266300Z 1584.11ac: LastWriteTime: 2016-03-10T07:08:52.000000000Z 1584.11ac: ChangeTime: 2016-08-29T10:06:09.583266300Z 1584.11ac: FileAttributes: 0x20 1584.11ac: Size: 0x5f80 1584.11ac: NT Headers: 0xd8 1584.11ac: Timestamp: 0x55ca3252 1584.11ac: Machine: 0x14c - i386 1584.11ac: Timestamp: 0x55ca3252 1584.11ac: Image Version: 6.1 1584.11ac: SizeOfImage: 0x9000 (36864) 1584.11ac: Resource Dir: 0x7000 LB 0x3a0 1584.11ac: ProductName: Malwarebytes Anti-Malware 1584.11ac: ProductVersion: 0.1.16.0 1584.11ac: FileVersion: 0.1.16.0 1584.11ac: FileDescription: Malwarebytes Anti-Malware 1584.11ac: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 1584.11ac: Calling main() 1584.11ac: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 1584.11ac: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 1584.11ac: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1584.11ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 1584.11ac: SUPR3HardenedMain: Respawn #2 1584.11ac: supR3HardNtEnableThreadCreation: 1584.11ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll) 1584.11ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll 1584.11ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000: [calling] 1584.11ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 1584.11ac: supR3HardenedDllNotificationCallback: load 74d60000 LB 0x0004c000 C:\Windows\system32\apphelp.dll [fFlags=0x0] 1584.11ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 1584.11ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74d60000 'C:\Windows\system32\apphelp.dll' 1584.11ac: supR3HardNtDisableThreadCreation: pvLdrInitThunk=76f33649 pvNtTerminateThread=76f16918 1584.11ac: supR3HardenedWinDoReSpawn(2): New child 1370.e60 [kernel32]. 1584.11ac: supR3HardNtChildGatherData: PebBaseAddress=7ffd4000 cbPeb=0x248 1584.11ac: supR3HardNtPuChFindNtdll: uNtDllParentAddr=76ed0000 uNtDllChildAddr=76ed0000 1584.11ac: supR3HardenedWinSetupChildInit: uLdrInitThunk=76f33649 1584.11ac: supR3HardenedWinSetupChildInit: Start child. 1584.11ac: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 315 ms. 1584.11ac: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 0 sleeps 1584.11ac: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 1584.11ac: *00000000-fffeffff 0x0001/0x0000 0x0000000 1584.11ac: *00010000-fffeffff 0x0004/0x0004 0x0020000 1584.11ac: *00030000-0002bfff 0x0002/0x0002 0x0040000 1584.11ac: 00034000-00027fff 0x0001/0x0000 0x0000000 1584.11ac: *00040000-0003efff 0x0004/0x0004 0x0020000 1584.11ac: 00041000-00031fff 0x0001/0x0000 0x0000000 1584.11ac: *00050000-0004efff 0x0004/0x0004 0x0020000 1584.11ac: 00051000-fff61fff 0x0001/0x0000 0x0000000 1584.11ac: *00140000-00042fff 0x0000/0x0004 0x0020000 1584.11ac: 0023d000-0023bfff 0x0104/0x0004 0x0020000 1584.11ac: 0023e000-0023bfff 0x0004/0x0004 0x0020000 1584.11ac: 00240000-ff47ffff 0x0001/0x0000 0x0000000 1584.11ac: *01000000-01000fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1584.11ac: 01001000-01065fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1584.11ac: 01066000-01066fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1584.11ac: 01067000-0109ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1584.11ac: 010a0000-010a0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1584.11ac: 010a1000-010a1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1584.11ac: 010a2000-010a2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1584.11ac: 010a3000-010a3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1584.11ac: 010a4000-010a8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1584.11ac: 010a9000-010abfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1584.11ac: 010ac000-010effff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1584.11ac: 010f0000-8b30ffff 0x0001/0x0000 0x0000000 1584.11ac: *76ed0000-76ed0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1584.11ac: 76ed1000-76fa6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1584.11ac: 76fa7000-76facfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1584.11ac: 76fad000-76fadfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1584.11ac: 76fae000-76faffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1584.11ac: 76fb0000-7700bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1584.11ac: 7700c000-76f07fff 0x0001/0x0000 0x0000000 1584.11ac: *77110000-77110fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll 1584.11ac: 77111000-6e271fff 0x0001/0x0000 0x0000000 1584.11ac: *7ffb0000-7ff8cfff 0x0002/0x0002 0x0040000 1584.11ac: 7ffd3000-7ffd1fff 0x0001/0x0000 0x0000000 1584.11ac: *7ffd4000-7ffd2fff 0x0004/0x0004 0x0020000 1584.11ac: 7ffd5000-7ffcafff 0x0001/0x0000 0x0000000 1584.11ac: *7ffdf000-7ffddfff 0x0004/0x0004 0x0020000 1584.11ac: *7ffe0000-7ffdefff 0x0002/0x0002 0x0020000 1584.11ac: 7ffe1000-7ffd1fff 0x0001/0x0002 0x0020000 1584.11ac: apisetschema.dll: timestamp 0x4a5bd9b5 (rc=VINF_SUCCESS) 1584.11ac: VirtualBox.exe: timestamp 0x57d6d9bf (rc=VINF_SUCCESS) 1584.11ac: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1584.11ac: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports 1584.11ac: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 1584.11ac: supR3HardNtChildPurify: Done after 595 ms and 0 fixes (loop #0). 1370.e60: Log file opened: 5.1.6r110634 g_hStartupLog=00000004 g_uNtVerCombined=0x611db100 1370.e60: supR3HardenedVmProcessInit: uNtDllAddr=76ed0000 g_uNtVerCombined=0x611db100 1370.e60: ntdll.dll: timestamp 0x521ea91c (rc=VINF_SUCCESS) 1370.e60: New simple heap: #1 00340000 LB 0x400000 (for 1294336 allocation) 1584.11ac: supR3HardenedEarlyCompact: Removed heap 1 (0x2e0000 LB 0x400000) 1584.11ac: supR3HardNtEnableThreadCreation: 1370.e60: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 1370.e60: System32: \Device\HarddiskVolume2\Windows\System32 1370.e60: WinSxS: \Device\HarddiskVolume2\Windows\winsxs 1370.e60: KnownDllPath: C:\Windows\system32 1370.e60: supR3HardenedVmProcessInit: Opening vboxdrv... 1370.e60: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 1370.e60: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 1370.e60: Registered Dll notification callback with NTDLL. 1370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000: [calling] 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 76b00000 LB 0x000d4000 C:\Windows\system32\kernel32.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 75180000 LB 0x0004b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] 1370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76b00000 'C:\Windows\system32\kernel32.dll' 1370.e60: supR3HardNtDisableThreadCreation: pvLdrInitThunk=76f33649 pvNtTerminateThread=76f16918 1370.e60: \SystemRoot\System32\ntdll.dll: 1370.e60: CreationTime: 2016-09-04T06:14:46.672774900Z 1370.e60: LastWriteTime: 2016-09-04T06:14:46.677775100Z 1370.e60: ChangeTime: 2016-09-04T11:18:16.453577700Z 1370.e60: FileAttributes: 0x20 1370.e60: Size: 0x13ab88 1370.e60: NT Headers: 0xd0 1370.e60: Timestamp: 0x521ea91c 1370.e60: Machine: 0x14c - i386 1370.e60: Timestamp: 0x521ea91c 1370.e60: Image Version: 6.1 1370.e60: SizeOfImage: 0x13c000 (1294336) 1370.e60: Resource Dir: 0xe0000 LB 0x560d8 1370.e60: ProductName: Microsoft® Windows® Operating System 1370.e60: ProductVersion: 6.1.7601.18247 1370.e60: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532) 1370.e60: FileDescription: NT Layer DLL 1370.e60: \SystemRoot\System32\kernel32.dll: 1370.e60: CreationTime: 2016-09-04T06:12:47.120793300Z 1370.e60: LastWriteTime: 2016-09-04T06:12:47.120793300Z 1370.e60: ChangeTime: 2016-09-04T11:18:14.581574500Z 1370.e60: FileAttributes: 0x20 1370.e60: Size: 0xd4000 1370.e60: NT Headers: 0xf0 1370.e60: Timestamp: 0x503275b9 1370.e60: Machine: 0x14c - i386 1370.e60: Timestamp: 0x503275b9 1370.e60: Image Version: 6.1 1370.e60: SizeOfImage: 0xd4000 (868352) 1370.e60: Resource Dir: 0xc7000 LB 0x528 1370.e60: ProductName: Microsoft® Windows® Operating System 1370.e60: ProductVersion: 6.1.7601.17932 1370.e60: FileVersion: 6.1.7601.17932 (win7sp1_gdr.120820-0419) 1584.11ac: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 100 ms. 1370.e60: FileDescription: Windows NT BASE API Client DLL 1370.e60: \SystemRoot\System32\KernelBase.dll: 1370.e60: CreationTime: 2016-09-04T06:12:47.120793300Z 1370.e60: LastWriteTime: 2016-09-04T06:12:47.120793300Z 1370.e60: ChangeTime: 2016-09-04T11:18:14.643974600Z 1370.e60: FileAttributes: 0x20 1370.e60: Size: 0x47a00 1370.e60: NT Headers: 0xe0 1370.e60: Timestamp: 0x503275ba 1370.e60: Machine: 0x14c - i386 1370.e60: Timestamp: 0x503275ba 1370.e60: Image Version: 6.1 1370.e60: SizeOfImage: 0x4b000 (307200) 1370.e60: Resource Dir: 0x47000 LB 0x530 1370.e60: ProductName: Microsoft® Windows® Operating System 1370.e60: ProductVersion: 6.1.7601.17932 1370.e60: FileVersion: 6.1.7601.17932 (win7sp1_gdr.120820-0419) 1370.e60: FileDescription: Windows NT BASE API Client DLL 1370.e60: \SystemRoot\System32\apisetschema.dll: 1370.e60: CreationTime: 2009-07-13T23:10:57.463372600Z 1370.e60: LastWriteTime: 2009-07-14T01:03:49.551000000Z 1370.e60: ChangeTime: 2016-09-03T11:31:35.226366800Z 1370.e60: FileAttributes: 0x20 1370.e60: Size: 0x1a00 1370.e60: NT Headers: 0xc0 1370.e60: Timestamp: 0x4a5bd9b5 1370.e60: Machine: 0x14c - i386 1370.e60: Timestamp: 0x4a5bd9b5 1370.e60: Image Version: 6.1 1370.e60: SizeOfImage: 0x50000 (327680) 1370.e60: Resource Dir: 0x30000 LB 0x3f0 1370.e60: ProductName: Microsoft® Windows® Operating System 1370.e60: ProductVersion: 6.1.7600.16385 1370.e60: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255) 1370.e60: FileDescription: ApiSet Schema DLL 1370.e60: supR3HardenedWinFindAdversaries: 0x80 1370.e60: \SystemRoot\System32\drivers\MBAMSwissArmy.sys: 1370.e60: CreationTime: 2016-08-29T10:06:47.906149200Z 1370.e60: LastWriteTime: 2016-10-12T11:35:25.774634500Z 1370.e60: ChangeTime: 2016-10-12T11:35:25.774634500Z 1370.e60: FileAttributes: 0x20 1370.e60: Size: 0x298d8 1370.e60: NT Headers: 0xd0 1370.e60: Timestamp: 0x55b855c7 1370.e60: Machine: 0x14c - i386 1370.e60: Timestamp: 0x55b855c7 1370.e60: Image Version: 6.1 1370.e60: SizeOfImage: 0x2d000 (184320) 1370.e60: Resource Dir: 0x2a000 LB 0x3b8 1370.e60: ProductName: Malwarebytes Anti-Malware 1370.e60: ProductVersion: 0.3.0.0 1370.e60: FileVersion: 0.3.0.0 1370.e60: FileDescription: Malwarebytes Anti-Malware 1370.e60: \SystemRoot\System32\drivers\mwac.sys: 1370.e60: CreationTime: 2016-08-29T10:06:09.598866400Z 1370.e60: LastWriteTime: 2016-03-10T07:09:04.000000000Z 1370.e60: ChangeTime: 2016-08-29T10:06:09.614466400Z 1370.e60: FileAttributes: 0x20 1370.e60: Size: 0xcf80 1370.e60: NT Headers: 0xe0 1370.e60: Timestamp: 0x53a0f41c 1370.e60: Machine: 0x14c - i386 1370.e60: Timestamp: 0x53a0f41c 1370.e60: Image Version: 6.2 1370.e60: SizeOfImage: 0xf000 (61440) 1370.e60: Resource Dir: 0xd000 LB 0x3e0 1370.e60: ProductName: Malwarebytes Web Access Control 1370.e60: ProductVersion: 1.0.6.0 1370.e60: FileVersion: 1.0.6.0 1370.e60: FileDescription: Malwarebytes Web Access Control 1370.e60: \SystemRoot\System32\drivers\mbamchameleon.sys: 1370.e60: CreationTime: 2016-08-29T10:06:09.614466400Z 1370.e60: LastWriteTime: 2016-03-10T07:08:56.000000000Z 1370.e60: ChangeTime: 2016-08-29T10:06:09.645666400Z 1370.e60: FileAttributes: 0x20 1370.e60: Size: 0x1ed80 1370.e60: NT Headers: 0xd0 1370.e60: Timestamp: 0x56a9574c 1370.e60: Machine: 0x14c - i386 1370.e60: Timestamp: 0x56a9574c 1370.e60: Image Version: 6.1 1370.e60: SizeOfImage: 0x22000 (139264) 1370.e60: Resource Dir: 0x1f000 LB 0xba8 1370.e60: ProductName: Malwarebytes Chameleon 1370.e60: ProductVersion: 1.1.22.0 1370.e60: FileVersion: 1.1.22.0 1370.e60: FileDescription: Malwarebytes Chameleon Protection Driver 1370.e60: \SystemRoot\System32\drivers\mbam.sys: 1370.e60: CreationTime: 2016-08-29T10:06:09.583266300Z 1370.e60: LastWriteTime: 2016-03-10T07:08:52.000000000Z 1370.e60: ChangeTime: 2016-08-29T10:06:09.583266300Z 1370.e60: FileAttributes: 0x20 1370.e60: Size: 0x5f80 1370.e60: NT Headers: 0xd8 1370.e60: Timestamp: 0x55ca3252 1370.e60: Machine: 0x14c - i386 1370.e60: Timestamp: 0x55ca3252 1370.e60: Image Version: 6.1 1370.e60: SizeOfImage: 0x9000 (36864) 1370.e60: Resource Dir: 0x7000 LB 0x3a0 1370.e60: ProductName: Malwarebytes Anti-Malware 1370.e60: ProductVersion: 0.1.16.0 1370.e60: FileVersion: 0.1.16.0 1370.e60: FileDescription: Malwarebytes Anti-Malware 1370.e60: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 1370.e60: Calling main() 1370.e60: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 1370.e60: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 1370.e60: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 1370.e60: SUPR3HardenedMain: Final process, opening VBoxDrv... 1370.e60: supR3HardenedEarlyCompact: Removed heap 1 (0x340000 LB 0x400000) 1370.e60: supR3HardNtEnableThreadCreation: 1370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2a4c:C:\Windows\system32 [calling] 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 69320000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=69320000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=69320000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=69320000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 1370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2a4c:C:\Windows\system32 [calling] 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 75000000 LB 0x0002d000 C:\Windows\system32\Wintrust.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 75a00000 LB 0x000ac000 C:\Windows\system32\msvcrt.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 75060000 LB 0x0011d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 74ed0000 LB 0x0000c000 C:\Windows\system32\MSASN1.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 76860000 LB 0x000a1000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75000000 'C:\Windows\system32\Wintrust.dll' 1370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2a4c:C:\Windows\system32 [calling] 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 749f0000 LB 0x00017000 C:\Windows\system32\bcrypt.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=749f0000 'C:\Windows\system32\bcrypt.dll' 1370.e60: bcrypt.dll loaded at 749f0000, BCryptOpenAlgorithmProvider at 749f2cda, preloading providers: 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 74610000 LB 0x0003d000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 751e0000 LB 0x000a0000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll 1370.e60: supR3HardenedDllNotificationCallback: load 75280000 LB 0x00019000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74610000 'C:\Windows\system32\bcryptprimitives.dll' 1370.e60: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=008c0678) 1370.e60: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=008c0bc8) 1370.e60: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=008c0c68) 1370.e60: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=008c05d0) 1370.e60: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=008c1b80) 1370.e60: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=008c1c20) 1370.e60: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=008c1cc0) 1370.e60: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=008c1d60) 1370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 748e0000 LB 0x00016000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=748e0000 'C:\Windows\system32\CRYPTSP.dll' 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 74650000 LB 0x0003b000 C:\Windows\system32\rsaenh.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74650000 'C:\Windows\system32\rsaenh.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=751e0000 'C:\Windows\system32\ADVAPI32.dll' 1370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 74db0000 LB 0x0000c000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74db0000 'C:\Windows\system32\CRYPTBASE.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76b00000 'C:\Windows\system32\kernel32.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75000000 'C:\Windows\system32\WINTRUST.DLL' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75060000 'C:\Windows\system32\CRYPT32.dll' 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 76760000 LB 0x0002a000 C:\Windows\system32\imagehlp.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76760000 'C:\Windows\system32\imagehlp.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=748e0000 'C:\Windows\system32\CRYPTSP.dll' 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 76790000 LB 0x000c9000 C:\Windows\system32\USER32.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 77020000 LB 0x0004e000 C:\Windows\system32\GDI32.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 755f0000 LB 0x0000a000 C:\Windows\system32\LPK.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 75550000 LB 0x0009d000 C:\Windows\system32\USP10.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77020000 'C:\Windows\system32\gdi32.dll' 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 75af0000 LB 0x0001f000 C:\Windows\system32\IMM32.DLL [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 753c0000 LB 0x000cc000 C:\Windows\system32\MSCTF.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75af0000 'C:\Windows\system32\IMM32.DLL' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76790000 'C:\Windows\system32\USER32.dll' 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 74a10000 LB 0x00038000 C:\Windows\system32\ncrypt.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74a10000 'C:\Windows\system32\ncrypt.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=749f0000 'C:\Windows\system32\bcrypt.dll' 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'profapi.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 74fd0000 LB 0x00017000 C:\Windows\system32\USERENV.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 74ec0000 LB 0x0000b000 C:\Windows\system32\profapi.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74fd0000 'C:\Windows\system32\USERENV.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75280000 'API-MS-Win-Security-SDDL-L1-1-0.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75280000 'API-MS-Win-Security-SDDL-L1-1-0.dll' 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 744b0000 LB 0x00016000 C:\Windows\system32\GPAPI.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=744b0000 'C:\Windows\system32\GPAPI.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75280000 'API-MS-WIN-Service-Management-L1-1-0.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76860000 'C:\Windows\system32\rpcrt4.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75280000 'API-MS-WIN-Service-Management-L2-1-0.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75280000 'API-MS-Win-Security-SDDL-L1-1-0.dll' 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'wldap32.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 718e0000 LB 0x0001c000 C:\Windows\system32\cryptnet.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 75770000 LB 0x00045000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718e0000 'C:\Windows\system32\cryptnet.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718e0000 'C:\Windows\system32\cryptnet.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718e0000 'C:\Windows\system32\cryptnet.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718e0000 'C:\Windows\system32\cryptnet.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718e0000 'C:\Windows\system32\cryptnet.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718e0000 'C:\Windows\system32\cryptnet.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718e0000 'C:\Windows\system32\cryptnet.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718e0000 'C:\Windows\system32\cryptnet.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718e0000 'C:\Windows\system32\cryptnet.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718e0000 'C:\Windows\system32\cryptnet.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718e0000 'C:\Windows\system32\cryptnet.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718e0000 'C:\Windows\system32\cryptnet.dll' 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 75490000 LB 0x00057000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75490000 'C:\Windows\system32\SHLWAPI.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75280000 'API-MS-Win-Security-SDDL-L1-1-0.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74ec0000 'C:\Windows\system32\profapi.dll' 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'cfgmgr32.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'gdi32.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\setupapi.dll (Input=setupapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 76d30000 LB 0x0019d000 C:\Windows\system32\setupapi.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 74ee0000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 75330000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 75600000 LB 0x0015c000 C:\Windows\system32\ole32.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ole32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 75040000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76b00000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76d30000 'C:\Windows\system32\setupapi.dll' 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cabinet.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cabinet.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Cabinet.dll (Input=Cabinet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cabinet.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 718c0000 LB 0x00015000 C:\Windows\system32\Cabinet.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cabinet.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718c0000 'C:\Windows\system32\Cabinet.dll' 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DEVRTL.dll (Input=DEVRTL.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedDllNotificationCallback: load 746a0000 LB 0x0000e000 C:\Windows\system32\DEVRTL.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=746a0000 'C:\Windows\system32\DEVRTL.dll' 1370.e60: supR3HardenedDllNotificationCallback: Unload 76d30000 LB 0x0019d000 C:\Windows\system32\setupapi.dll [flags=0x0] 1370.e60: supR3HardenedDllNotificationCallback: Unload 75040000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [flags=0x0] 1370.e60: supR3HardenedDllNotificationCallback: Unload 75330000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [flags=0x0] 1370.e60: supR3HardenedDllNotificationCallback: Unload 75600000 LB 0x0015c000 C:\Windows\system32\ole32.dll [flags=0x0] 1370.e60: supR3HardenedDllNotificationCallback: Unload 74ee0000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [flags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=718e0000 'C:\Windows\system32\cryptnet.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000 pwszName=\SystemRoot\System32\ntdll.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: New context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=50929F41C33F16E8BA869CF91E6D0F8A98EBFD16 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75280000 'API-MS-Win-Security-SDDL-L1-1-0.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75280000 'API-MS-WIN-Service-Management-L1-1-0.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75280000 'API-MS-WIN-Service-winsvc-L1-1-0.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=751e0000 'C:\Windows\system32\ADVAPI32.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75280000 'API-MS-Win-Security-LSALookup-L1-1-0.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75280000 'API-MS-Win-Security-LSALookup-L1-1-0.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2882822~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\SystemRoot\System32\ntdll.dll' 1370.e60: g_pfnWinVerifyTrust=75002674 1370.e60: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust] 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A7A2A8BA225636E41D4A990A4D527D2BC1993AB7 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' 1370.e60: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust] 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AAFC6FF018C72268F70F327089713FA62B6A6CAC 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000003dc pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CD89866352298A7134AB5603177CD257C074D584 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000003d0 pwszName=\Device\HarddiskVolume2\Windows\System32\cabinet.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=86A3214FF22CE214819131AA9D9FD5145ACECD0C 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cabinet.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cabinet.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000398 pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=07C15DE99041924EC7DED2E27632443249973ECA 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ole32.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000394 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A2D26C675A9F5FB0ABA919E9F71726151CB174F1 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000390 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=670D97F5DC29234BF188E6E1EBC8A3A9D4EDA114 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000038c pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EE1631BE6E86D9131380E981EC05320E6DF3FD3A 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devobj.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000388 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=07B90F6FCFF3E079727E8F6884115307C6E5BA41 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000037c pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A97620B38393821964747185BD0CFB4FF244F0A 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000370 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4274E678F4A09F0955B304F45CFA0547B0F86BC7 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000036c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C52865414241F58CAC9EEBC4EC3F3B16CC08EAEE 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000258 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BD66D8D7C0A43466AD80C34E81C083C3C69E195B 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001c4 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D9A4C90615FC5B5674208A5401C018FEA2A04A4B 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001c0 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=21925C895DA97CB66CCC5FBA910D9ABD265AA276 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001ac pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CE0ECE66FA0266873DB2E9FEEF903A73BDC5376 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000194 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=64F08BBBD276BF0D30DC1EB035E557AB0D981A25 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000190 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB8862BB29C3F539B9BF3A9E49EBC509A515AC5C 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000018c pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A2FDEE6777EE1392CEB3E98C6B38CE7EA30C9F31 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000188 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3AB0DC60D51A0053E75090F639D8517BE8BC74AD 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000184 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41DED5EF02BD22C4EC0CA99DF7F18E78EE9F1CB1 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000180 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=46D722AD9F66278A8EBC0D192855961CE6A21050 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000178 pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3E987531CA5DDB46DA0288B32D60D692350E2A63 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000134 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7E0CBD7D0C7F18B4CDC624EAFFFE29E8644EB2D5 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll' 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCDD93573F63B6F37F01E3BC42D7CB8A7C6AD119 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000124 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=78E9ABD813B4175EBA8EBD16ACB465E0E2FBF7F8 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000120 pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0126923AE273E77D7677F69E1B331A63871D998A 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2882822~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000108 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F0BAB1EFD5C685AC53B020519B5A6984B19E5071 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000e8 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F316018CBA12E77998A5FA21A14EB469FA6A1904 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7068F2E1634BBD478D1FBCF4C463626913EA7285 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3D25D5DCD0ECE76AD56254FBC21654977069634D 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000024 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B8A16C6D142809F326F4D54E56BF3C184D273000 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_38_for_KB2731771~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000001c pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A3FC7F66FFD5575D4BA6A43EF031388F26ADAD23 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_38_for_KB2731771~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008eaebc:C:\Windows\system32 [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75060000 'C:\Windows\system32\crypt32.dll' 1370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority 1370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA 1370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority 1370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011 1370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority 1370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010 1370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp. 1370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. 1370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3 1370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object 1370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA 1370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3 1370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root 1370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority 1370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA 1370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority 1370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA 1370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root 1370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA 1370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2 1370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority 1370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com 1370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA 1370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA 1370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 1370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2 1370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x30669a4e82fa800 C=US, O=America Online Inc., CN=America Online Root Certification Authority 1 1370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority 1370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0xe66b56ffc86e50a4 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, Email=server-certs@thawte.com 1370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA 1370.e60: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root 1370.e60: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=31 1370.e60: SUPR3HardenedMain: Load Runtime... 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000003c0 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2535224DB54945234E1A0C452639FCBB02F5F364 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'nsi.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000003f0 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B5C25EDD170A1CAACC3D49C508AB6F58BD6DE6E2 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008cd014:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1370.e60: supR3HardenedDllNotificationCallback: load 614c0000 LB 0x0042b000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 1370.e60: supR3HardenedDllNotificationCallback: load 67760000 LB 0x000bf000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 1370.e60: supR3HardenedDllNotificationCallback: load 68450000 LB 0x00069000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 1370.e60: supR3HardenedDllNotificationCallback: load 75ab0000 LB 0x00035000 C:\Windows\system32\WS2_32.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 1370.e60: supR3HardenedDllNotificationCallback: load 752a0000 LB 0x00006000 C:\Windows\system32\NSI.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008a2dcc:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Python27\Scripts;C:\Python27;C:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\RogueKiller; [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=614c0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008eaebc:C:\Windows\system32 [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75000000 'C:\Windows\system32\Wintrust.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008eaebc:C:\Windows\system32 [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75060000 'C:\Windows\system32\crypt32.dll' 1370.e60: SUPR3HardenedMain: Load TrustedMain... 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5printsupportvbox.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5openglvbox.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'user32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'advapi32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'shell32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'ole32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000430 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0907A64D7756C59C69C1DFBD06460EC89D3A8FBD 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000410 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8BEFE2D8EC7EF34FCC6A62BE11D1AAE6597F4884 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcp100.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) WinVerifyTrust 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000043c pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4C7570E385B8CF66CB40344231F3E0AA4189574F 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000454 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6D0AC3B30C2D6C734EBBA3E99BF60B93FDF28E33 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000450 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8AAE7D02045ADA954DBE714C716FEAB98D1A54F0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000470 pwszName=\Device\HarddiskVolume2\Windows\System32\mpr.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=59D688F30A17609F526F66E4182B6C29A30402D4 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\mpr.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll) WinVerifyTrust 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000440 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1C456ACB19416C5E733133B4582891146F151614 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008] 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000474 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B39657B6044CE5C98BB9FC443679CBDE0E6BE222 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0] 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000046c pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E96A920E91CC2AD46A67747FA2057790B4771F6B 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000484 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2DD0519DFAD1ED741C9324879C92EC15A9FFB8D0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000434 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1CABD2640C1BC20B2A2C36EAF39DEED33F0F7235 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008ccf8c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll 1370.e60: supR3HardenedDllNotificationCallback: load 60ca0000 LB 0x00811000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll 1370.e60: supR3HardenedDllNotificationCallback: load 6dfe0000 LB 0x000c8000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll 1370.e60: supR3HardenedDllNotificationCallback: load 6dfb0000 LB 0x00022000 C:\Windows\system32\GLU32.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll 1370.e60: supR3HardenedDllNotificationCallback: load 6dec0000 LB 0x000e7000 C:\Windows\system32\DDRAW.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll 1370.e60: supR3HardenedDllNotificationCallback: load 6deb0000 LB 0x00006000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll 1370.e60: supR3HardenedDllNotificationCallback: load 76d30000 LB 0x0019d000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll 1370.e60: supR3HardenedDllNotificationCallback: load 74ee0000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll 1370.e60: supR3HardenedDllNotificationCallback: load 75330000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 1370.e60: supR3HardenedDllNotificationCallback: load 75600000 LB 0x0015c000 C:\Windows\system32\ole32.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 1370.e60: supR3HardenedDllNotificationCallback: load 75040000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll 1370.e60: supR3HardenedDllNotificationCallback: load 73920000 LB 0x00013000 C:\Windows\system32\dwmapi.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 1370.e60: supR3HardenedDllNotificationCallback: load 66260000 LB 0x00243000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll 1370.e60: supR3HardenedDllNotificationCallback: load 69310000 LB 0x00007000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 1370.e60: supR3HardenedDllNotificationCallback: load 603a0000 LB 0x00475000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 1370.e60: supR3HardenedDllNotificationCallback: load 75b10000 LB 0x00c4a000 C:\Windows\system32\SHELL32.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll 1370.e60: supR3HardenedDllNotificationCallback: load 6fdf0000 LB 0x00012000 C:\Windows\system32\MPR.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 1370.e60: supR3HardenedDllNotificationCallback: load 5fa40000 LB 0x004ae000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll 1370.e60: supR3HardenedDllNotificationCallback: load 5ff50000 LB 0x0044d000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll 1370.e60: supR3HardenedDllNotificationCallback: load 686c0000 LB 0x00044000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv 1370.e60: supR3HardenedDllNotificationCallback: load 73340000 LB 0x00051000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv 1370.e60: supR3HardenedDllNotificationCallback: load 752b0000 LB 0x0007b000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll) 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll 1370.e60: supR3HardenedDllNotificationCallback: load 6eb00000 LB 0x00084000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\COMCTL32.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll [avoiding WinVerifyTrust] 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll 1370.e60: supR3HardenedDllNotificationCallback: load 683a0000 LB 0x00046000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll 1370.e60: supR3HardenedDllNotificationCallback: load 73100000 LB 0x00032000 C:\Windows\system32\WINMM.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll 1370.e60: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll'. 1370.e60: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll' [rescheduled] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008cd1ac:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75af0000 'C:\Windows\system32\imm32.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=751e0000 'C:\Windows\system32\ADVAPI32.DLL' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000: [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74db0000 'C:\Windows\system32\cryptbase.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=60ca0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll' 1370.e60: SUPR3HardenedMain: Calling TrustedMain (60ca1560)... 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008ccf8c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75600000 'C:\Windows\system32\ole32.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=751e0000 'C:\Windows\system32\ADVAPI32.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008ccf8c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75b10000 'C:\Windows\system32\shell32.dll' 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'imm32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'winmm.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008ccf8c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll 1370.e60: supR3HardenedDllNotificationCallback: load 671f0000 LB 0x000ee000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=671f0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000510 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BCFB3B3EDEC8C54A3B95DACAFC19DCB9EA6969BD 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=024d9abc:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 1370.e60: supR3HardenedDllNotificationCallback: load 73d60000 LB 0x00040000 C:\Windows\system32\uxtheme.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73d60000 'C:\Windows\system32\uxtheme.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=024d9abc:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73d60000 'C:\Windows\system32\uxtheme.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=024d9abc:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73d60000 'C:\Windows\system32\uxtheme.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=024d9abc:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73d60000 'C:\Windows\system32\uxtheme.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008cc81c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74db0000 'C:\Windows\system32\CRYPTBASE.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76790000 'C:\Windows\system32\user32.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008cc81c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75b10000 'C:\Windows\system32\shell32.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008cc81c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008cc81c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73920000 'C:\Windows\system32\dwmapi.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008cc81c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73100000 'C:\Windows\system32\winmm.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008cc81c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73100000 'C:\Windows\system32\winmm.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008cc81c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75b10000 'C:\Windows\system32\shell32.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008cc81c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73d60000 'C:\Windows\system32\uxtheme.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=751e0000 'C:\Windows\system32\advapi32.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008cc81c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74fd0000 'C:\Windows\system32\userenv.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008cc81c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76b00000 'C:\Windows\system32\kernel32.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000540 pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B560B8A95D275325C41DE5897E348BE60192127E 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) WinVerifyTrust 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008cc81c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll 1370.e60: supR3HardenedDllNotificationCallback: load 77070000 LB 0x00083000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77070000 'C:\Windows\system32\CLBCatQ.DLL' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=751e0000 'C:\Windows\system32\ADVAPI32.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008cd124:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=748e0000 'C:\Windows\system32\CRYPTSP.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000055c pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A397FD418538BAA1CB6D18B348447E74938F66EA 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll' 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1370.e60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'. 1370.e60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll) WinVerifyTrust 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1370.e60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008cce7c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] 1370.e60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll 1370.e60: supR3HardenedDllNotificationCallback: load 74e50000 LB 0x0000e000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0] 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74e50000 'C:\Windows\system32\RpcRtRemote.dll' 1370.e60: \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll: Owner is administrators group. 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000590 pwszName=\Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D5CDF4FDAA815EDACE2632509BAD2A4F705CCFB9 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0) 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: New context 008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008bc1f0 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D5CDF4FDAA815EDACE2632509BAD2A4F705CCFB9 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168) 1370.e60: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900) 1370.e60: supHardenedWinVerifyImageByHandle: -> -22900 (\Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll) WinVerifyTrust 1370.e60: Error (rc=0): 1370.e60: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll: Not signed. 1370.e60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll 1370.e60: Error (rc=0): 1370.e60: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Smadav\SmadHook32.dll' (C:\Program Files\Smadav\SmadHook32.dll): rcNt=0xc0000190 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Smadav\SmadHook32.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll 1370.e60: Error (rc=0): 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll 1370.e60: Error (rc=0): 1370.e60: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Smadav\SmadHook32.dll' (C:\Program Files\Smadav\SmadHook32.dll): rcNt=0xc0000190 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Smadav\SmadHook32.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll 1370.e60: Error (rc=0): 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll 1370.e60: Error (rc=0): 1370.e60: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Smadav\SmadHook32.dll' (C:\Program Files\Smadav\SmadHook32.dll): rcNt=0xc0000190 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Smadav\SmadHook32.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll 1370.e60: Error (rc=0): 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=3 \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll 1370.e60: Error (rc=0): 1370.e60: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Smadav\SmadHook32.dll' (C:\Program Files\Smadav\SmadHook32.dll): rcNt=0xc0000190 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Smadav\SmadHook32.dll' 1370.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1370.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 1370.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'. 1370.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'. 1370.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. 1370.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. 1370.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'. 1370.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust 1370.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll 1370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1370.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 1370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1370.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 1370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1370.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 1370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 1370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 1370.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 1370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 1370.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 1370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1370.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008ef12c:C:\Program Files\Oracle\VirtualBox;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] 1370.15fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll 1370.15fc: supR3HardenedDllNotificationCallback: load 5f5f0000 LB 0x0044d000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0] 1370.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll 1370.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=5f5f0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll' 1370.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1370.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 1370.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 1370.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'. 1370.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'. 1370.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'. 1370.15fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 1370.15fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust 1370.15fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll 1370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1370.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 1370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 1370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 1370.15fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll 1370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1370.15fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1370.15fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008ef12c:C:\Program Files\Oracle\VirtualBox;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] 1370.15fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll 1370.15fc: supR3HardenedDllNotificationCallback: load 676f0000 LB 0x0006e000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0] 1370.15fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll 1370.15fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=676f0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77020000 'C:\Windows\system32\gdi32.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75b10000 'C:\Windows\system32\shell32.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75b10000 'C:\Windows\system32\shell32.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75b10000 'C:\Windows\system32\shell32.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75b10000 'C:\Windows\system32\shell32.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75b10000 'C:\Windows\system32\shell32.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75b10000 'C:\Windows\system32\shell32.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=751e0000 'C:\Windows\system32\ADVAPI32.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75600000 'C:\Windows\system32\ole32.dll' 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75600000 'C:\Windows\system32\ole32.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=024d9abc:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=753c0000 'C:\Windows\system32\MSCTF.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll 1370.e60: Error (rc=0): 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=4 \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll 1370.e60: Error (rc=0): 1370.e60: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Smadav\SmadHook32.dll' (C:\Program Files\Smadav\SmadHook32.dll): rcNt=0xc0000190 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Smadav\SmadHook32.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll 1370.e60: Error (rc=0): 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=5 \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll 1370.e60: Error (rc=0): 1370.e60: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Smadav\SmadHook32.dll' (C:\Program Files\Smadav\SmadHook32.dll): rcNt=0xc0000190 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Smadav\SmadHook32.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll 1370.e60: Error (rc=0): 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=6 \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll 1370.e60: Error (rc=0): 1370.e60: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Smadav\SmadHook32.dll' (C:\Program Files\Smadav\SmadHook32.dll): rcNt=0xc0000190 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Smadav\SmadHook32.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll 1370.e60: Error (rc=0): 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=7 \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll 1370.e60: Error (rc=0): 1370.e60: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Smadav\SmadHook32.dll' (C:\Program Files\Smadav\SmadHook32.dll): rcNt=0xc0000190 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Smadav\SmadHook32.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll 1370.e60: Error (rc=0): 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=8 \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll 1370.e60: Error (rc=0): 1370.e60: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Smadav\SmadHook32.dll' (C:\Program Files\Smadav\SmadHook32.dll): rcNt=0xc0000190 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Smadav\SmadHook32.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll 1370.e60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008ccd6c:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73100000 'C:\Windows\system32\WINMM.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll 1370.e60: Error (rc=0): 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=16 \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll 1370.e60: Error (rc=0): 1370.e60: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Smadav\SmadHook32.dll' (C:\Program Files\Smadav\SmadHook32.dll): rcNt=0xc0000190 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Smadav\SmadHook32.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll 1370.e60: Error (rc=0): 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=32 \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll 1370.e60: Error (rc=0): 1370.e60: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Smadav\SmadHook32.dll' (C:\Program Files\Smadav\SmadHook32.dll): rcNt=0xc0000190 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Smadav\SmadHook32.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll 1370.e60: Error (rc=0): 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=64 \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll 1370.e60: Error (rc=0): 1370.e60: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Smadav\SmadHook32.dll' (C:\Program Files\Smadav\SmadHook32.dll): rcNt=0xc0000190 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Smadav\SmadHook32.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll 1370.e60: Error (rc=0): 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=128 \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll 1370.e60: Error (rc=0): 1370.e60: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Smadav\SmadHook32.dll' (C:\Program Files\Smadav\SmadHook32.dll): rcNt=0xc0000190 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Smadav\SmadHook32.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll 1370.e60: Error (rc=0): 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=256 \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll 1370.e60: Error (rc=0): 1370.e60: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Smadav\SmadHook32.dll' (C:\Program Files\Smadav\SmadHook32.dll): rcNt=0xc0000190 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Smadav\SmadHook32.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll 1370.e60: Error (rc=0): 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=512 \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll 1370.e60: Error (rc=0): 1370.e60: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Smadav\SmadHook32.dll' (C:\Program Files\Smadav\SmadHook32.dll): rcNt=0xc0000190 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Smadav\SmadHook32.dll' 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll 1370.e60: Error (rc=0): 1370.e60: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1024 \Device\HarddiskVolume2\Program Files\SMADAV\SmadHook32.dll 1370.e60: Error (rc=0): 1370.e60: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Smadav\SmadHook32.dll' (C:\Program Files\Smadav\SmadHook32.dll): rcNt=0xc0000190 1370.e60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Smadav\SmadHook32.dll'