VirtualBox

Ticket #15809: ruby-2016-08-17-13-46-00.log

File ruby-2016-08-17-13-46-00.log, 300.5 KB (added by SerhiiNI, 8 years ago)

VboxHardening.log

Line 
11a4c.3294: Log file opened: 5.1.2r108956 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
21a4c.3294: \SystemRoot\System32\ntdll.dll:
31a4c.3294: CreationTime: 2010-11-21T03:23:51.351694200Z
41a4c.3294: LastWriteTime: 2010-11-21T03:23:51.367294200Z
51a4c.3294: ChangeTime: 2016-05-23T06:51:57.148587000Z
61a4c.3294: FileAttributes: 0x20
71a4c.3294: Size: 0x1a6d60
81a4c.3294: NT Headers: 0xe0
91a4c.3294: Timestamp: 0x4ce7c8f9
101a4c.3294: Machine: 0x8664 - amd64
111a4c.3294: Timestamp: 0x4ce7c8f9
121a4c.3294: Image Version: 6.1
131a4c.3294: SizeOfImage: 0x1a9000 (1740800)
141a4c.3294: Resource Dir: 0x151000 LB 0x560d8
151a4c.3294: ProductName: Microsoft® Windows® Operating System
161a4c.3294: ProductVersion: 6.1.7601.17514
171a4c.3294: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
181a4c.3294: FileDescription: NT Layer DLL
191a4c.3294: \SystemRoot\System32\kernel32.dll:
201a4c.3294: CreationTime: 2010-11-21T03:24:07.965723400Z
211a4c.3294: LastWriteTime: 2010-11-21T03:24:07.981323400Z
221a4c.3294: ChangeTime: 2016-05-23T06:51:30.394540300Z
231a4c.3294: FileAttributes: 0x20
241a4c.3294: Size: 0x11b800
251a4c.3294: NT Headers: 0xe8
261a4c.3294: Timestamp: 0x4ce7c78b
271a4c.3294: Machine: 0x8664 - amd64
281a4c.3294: Timestamp: 0x4ce7c78b
291a4c.3294: Image Version: 6.1
301a4c.3294: SizeOfImage: 0x11f000 (1175552)
311a4c.3294: Resource Dir: 0x116000 LB 0x528
321a4c.3294: ProductName: Microsoft® Windows® Operating System
331a4c.3294: ProductVersion: 6.1.7601.17514
341a4c.3294: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
351a4c.3294: FileDescription: Windows NT BASE API Client DLL
361a4c.3294: \SystemRoot\System32\KernelBase.dll:
371a4c.3294: CreationTime: 2010-11-21T03:24:26.217755400Z
381a4c.3294: LastWriteTime: 2010-11-21T03:24:26.248955500Z
391a4c.3294: ChangeTime: 2016-05-23T06:51:30.441340400Z
401a4c.3294: FileAttributes: 0x20
411a4c.3294: Size: 0x66800
421a4c.3294: NT Headers: 0xf0
431a4c.3294: Timestamp: 0x4ce7c78c
441a4c.3294: Machine: 0x8664 - amd64
451a4c.3294: Timestamp: 0x4ce7c78c
461a4c.3294: Image Version: 6.1
471a4c.3294: SizeOfImage: 0x6b000 (438272)
481a4c.3294: Resource Dir: 0x69000 LB 0x530
491a4c.3294: ProductName: Microsoft® Windows® Operating System
501a4c.3294: ProductVersion: 6.1.7601.17514
511a4c.3294: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
521a4c.3294: FileDescription: Windows NT BASE API Client DLL
531a4c.3294: \SystemRoot\System32\apisetschema.dll:
541a4c.3294: CreationTime: 2009-07-13T23:18:54.866423200Z
551a4c.3294: LastWriteTime: 2009-07-14T01:24:53.779000000Z
561a4c.3294: ChangeTime: 2016-05-23T06:51:11.955308200Z
571a4c.3294: FileAttributes: 0x20
581a4c.3294: Size: 0x1a00
591a4c.3294: NT Headers: 0xc0
601a4c.3294: Timestamp: 0x4a5bdeab
611a4c.3294: Machine: 0x8664 - amd64
621a4c.3294: Timestamp: 0x4a5bdeab
631a4c.3294: Image Version: 6.1
641a4c.3294: SizeOfImage: 0x50000 (327680)
651a4c.3294: Resource Dir: 0x30000 LB 0x3f0
661a4c.3294: ProductName: Microsoft® Windows® Operating System
671a4c.3294: ProductVersion: 6.1.7600.16385
681a4c.3294: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
691a4c.3294: FileDescription: ApiSet Schema DLL
701a4c.3294: supR3HardenedWinFindAdversaries: 0x0
711a4c.3294: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
721a4c.3294: Calling main()
731a4c.3294: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
741a4c.3294: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
751a4c.3294: SUPR3HardenedMain: Respawn #1
761a4c.3294: System32: \Device\HarddiskVolume2\Windows\System32
771a4c.3294: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
781a4c.3294: KnownDllPath: C:\Windows\system32
791a4c.3294: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
801a4c.3294: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
811a4c.3294: supR3HardNtEnableThreadCreation:
821a4c.3294: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077c4c320 pvNtTerminateThread=0000000077c71840
831a4c.3294: supR3HardenedWinDoReSpawn(1): New child 3114.e94 [kernel32].
841a4c.3294: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd6000 cbPeb=0x380
851a4c.3294: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077c20000 uNtDllChildAddr=0000000077c20000
861a4c.3294: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077c4c320
871a4c.3294: supR3HardenedWinSetupChildInit: Start child.
881a4c.3294: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
891a4c.3294: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 33 sleeps
901a4c.3294: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
911a4c.3294: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
921a4c.3294: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
931a4c.3294: *0000000000030000-fffffffffff33fff 0x0000/0x0004 0x0020000
941a4c.3294: 000000000012c000-0000000000129fff 0x0104/0x0004 0x0020000
951a4c.3294: 000000000012e000-000000000012bfff 0x0004/0x0004 0x0020000
961a4c.3294: *0000000000130000-000000000012bfff 0x0002/0x0002 0x0040000
971a4c.3294: 0000000000134000-0000000000127fff 0x0001/0x0000 0x0000000
981a4c.3294: *0000000000140000-000000000013efff 0x0004/0x0004 0x0020000
991a4c.3294: 0000000000141000-ffffffff88661fff 0x0001/0x0000 0x0000000
1001a4c.3294: *0000000077c20000-0000000077c20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1011a4c.3294: 0000000077c21000-0000000077d22fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1021a4c.3294: 0000000077d23000-0000000077d51fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1031a4c.3294: 0000000077d52000-0000000077d5dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1041a4c.3294: 0000000077d5e000-0000000077dc8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1051a4c.3294: 0000000077dc9000-0000000070bb1fff 0x0001/0x0000 0x0000000
1061a4c.3294: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
1071a4c.3294: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
1081a4c.3294: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
1091a4c.3294: 000000007fff0000-ffffffffc0aaffff 0x0001/0x0000 0x0000000
1101a4c.3294: *000000013f530000-000000013f530fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1111a4c.3294: 000000013f531000-000000013f59ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1121a4c.3294: 000000013f5a0000-000000013f5a0fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1131a4c.3294: 000000013f5a1000-000000013f5e4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1141a4c.3294: 000000013f5e5000-000000013f5e5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1151a4c.3294: 000000013f5e6000-000000013f5e6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1161a4c.3294: 000000013f5e7000-000000013f5ebfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1171a4c.3294: 000000013f5ec000-000000013f5ecfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1181a4c.3294: 000000013f5ed000-000000013f5edfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1191a4c.3294: 000000013f5ee000-000000013f5f1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1201a4c.3294: 000000013f5f2000-000000013f639fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1211a4c.3294: 000000013f63a000-fffff8037ed33fff 0x0001/0x0000 0x0000000
1221a4c.3294: *000007fefff40000-000007fefff40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
1231a4c.3294: 000007fefff41000-000007fdffed1fff 0x0001/0x0000 0x0000000
1241a4c.3294: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
1251a4c.3294: 000007fffffd3000-000007fffffcffff 0x0001/0x0000 0x0000000
1261a4c.3294: *000007fffffd6000-000007fffffd4fff 0x0004/0x0004 0x0020000
1271a4c.3294: 000007fffffd7000-000007fffffcffff 0x0001/0x0000 0x0000000
1281a4c.3294: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
1291a4c.3294: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
1301a4c.3294: apisetschema.dll: timestamp 0x4a5bdeab (rc=VINF_SUCCESS)
1311a4c.3294: VirtualBox.exe: timestamp 0x5790f053 (rc=VINF_SUCCESS)
1321a4c.3294: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1331a4c.3294: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
1341a4c.3294: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
1351a4c.3294: supR3HardNtChildPurify: Done after 297 ms and 0 fixes (loop #0).
1363114.e94: Log file opened: 5.1.2r108956 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
1373114.e94: supR3HardenedVmProcessInit: uNtDllAddr=0000000077c20000 g_uNtVerCombined=0x611db100
1383114.e94: ntdll.dll: timestamp 0x4ce7c8f9 (rc=VINF_SUCCESS)
1393114.e94: New simple heap: #1 0000000000250000 LB 0x400000 (for 1740800 allocation)
1401a4c.3294: supR3HardNtEnableThreadCreation:
1413114.e94: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1423114.e94: System32: \Device\HarddiskVolume2\Windows\System32
1433114.e94: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
1443114.e94: KnownDllPath: C:\Windows\system32
1453114.e94: supR3HardenedVmProcessInit: Opening vboxdrv stub...
1463114.e94: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1473114.e94: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1483114.e94: Registered Dll notification callback with NTDLL.
1493114.e94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
1503114.e94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1513114.e94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
1523114.e94: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1533114.e94: supR3HardenedDllNotificationCallback: load 0000000077b00000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
1543114.e94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1553114.e94: supR3HardenedDllNotificationCallback: load 000007fefdc60000 LB 0x0006b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
1563114.e94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
1573114.e94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1583114.e94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077b00000 'C:\Windows\system32\kernel32.dll'
1593114.e94: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077c4c320 pvNtTerminateThread=0000000077c71840
1601a4c.3294: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 39 ms.
1613114.e94: \SystemRoot\System32\ntdll.dll:
1623114.e94: CreationTime: 2010-11-21T03:23:51.351694200Z
1633114.e94: LastWriteTime: 2010-11-21T03:23:51.367294200Z
1643114.e94: ChangeTime: 2016-05-23T06:51:57.148587000Z
1653114.e94: FileAttributes: 0x20
1663114.e94: Size: 0x1a6d60
1673114.e94: NT Headers: 0xe0
1683114.e94: Timestamp: 0x4ce7c8f9
1693114.e94: Machine: 0x8664 - amd64
1703114.e94: Timestamp: 0x4ce7c8f9
1713114.e94: Image Version: 6.1
1723114.e94: SizeOfImage: 0x1a9000 (1740800)
1733114.e94: Resource Dir: 0x151000 LB 0x560d8
1743114.e94: ProductName: Microsoft® Windows® Operating System
1753114.e94: ProductVersion: 6.1.7601.17514
1763114.e94: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
1773114.e94: FileDescription: NT Layer DLL
1783114.e94: \SystemRoot\System32\kernel32.dll:
1793114.e94: CreationTime: 2010-11-21T03:24:07.965723400Z
1803114.e94: LastWriteTime: 2010-11-21T03:24:07.981323400Z
1813114.e94: ChangeTime: 2016-05-23T06:51:30.394540300Z
1823114.e94: FileAttributes: 0x20
1833114.e94: Size: 0x11b800
1843114.e94: NT Headers: 0xe8
1853114.e94: Timestamp: 0x4ce7c78b
1863114.e94: Machine: 0x8664 - amd64
1873114.e94: Timestamp: 0x4ce7c78b
1883114.e94: Image Version: 6.1
1893114.e94: SizeOfImage: 0x11f000 (1175552)
1903114.e94: Resource Dir: 0x116000 LB 0x528
1913114.e94: ProductName: Microsoft® Windows® Operating System
1923114.e94: ProductVersion: 6.1.7601.17514
1933114.e94: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
1943114.e94: FileDescription: Windows NT BASE API Client DLL
1953114.e94: \SystemRoot\System32\KernelBase.dll:
1963114.e94: CreationTime: 2010-11-21T03:24:26.217755400Z
1973114.e94: LastWriteTime: 2010-11-21T03:24:26.248955500Z
1983114.e94: ChangeTime: 2016-05-23T06:51:30.441340400Z
1993114.e94: FileAttributes: 0x20
2003114.e94: Size: 0x66800
2013114.e94: NT Headers: 0xf0
2023114.e94: Timestamp: 0x4ce7c78c
2033114.e94: Machine: 0x8664 - amd64
2043114.e94: Timestamp: 0x4ce7c78c
2053114.e94: Image Version: 6.1
2063114.e94: SizeOfImage: 0x6b000 (438272)
2073114.e94: Resource Dir: 0x69000 LB 0x530
2083114.e94: ProductName: Microsoft® Windows® Operating System
2093114.e94: ProductVersion: 6.1.7601.17514
2103114.e94: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
2113114.e94: FileDescription: Windows NT BASE API Client DLL
2123114.e94: \SystemRoot\System32\apisetschema.dll:
2133114.e94: CreationTime: 2009-07-13T23:18:54.866423200Z
2143114.e94: LastWriteTime: 2009-07-14T01:24:53.779000000Z
2153114.e94: ChangeTime: 2016-05-23T06:51:11.955308200Z
2163114.e94: FileAttributes: 0x20
2173114.e94: Size: 0x1a00
2183114.e94: NT Headers: 0xc0
2193114.e94: Timestamp: 0x4a5bdeab
2203114.e94: Machine: 0x8664 - amd64
2213114.e94: Timestamp: 0x4a5bdeab
2223114.e94: Image Version: 6.1
2233114.e94: SizeOfImage: 0x50000 (327680)
2243114.e94: Resource Dir: 0x30000 LB 0x3f0
2253114.e94: ProductName: Microsoft® Windows® Operating System
2263114.e94: ProductVersion: 6.1.7600.16385
2273114.e94: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
2283114.e94: FileDescription: ApiSet Schema DLL
2293114.e94: supR3HardenedWinFindAdversaries: 0x0
2303114.e94: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2313114.e94: Calling main()
2323114.e94: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
2333114.e94: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2343114.e94: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2353114.e94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2363114.e94: SUPR3HardenedMain: Respawn #2
2373114.e94: supR3HardNtEnableThreadCreation:
2383114.e94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
2393114.e94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
2403114.e94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
2413114.e94: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
2423114.e94: supR3HardenedDllNotificationCallback: load 000007fefda40000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
2433114.e94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
2443114.e94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda40000 'C:\Windows\system32\apphelp.dll'
2453114.e94: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077c4c320 pvNtTerminateThread=0000000077c71840
2463114.e94: supR3HardenedWinDoReSpawn(2): New child 2100.3084 [kernel32].
2473114.e94: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
2483114.e94: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077c20000 uNtDllChildAddr=0000000077c20000
2493114.e94: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077c4c320
2503114.e94: supR3HardenedWinSetupChildInit: Start child.
2513114.e94: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
2523114.e94: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 33 sleeps
2533114.e94: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2543114.e94: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
2553114.e94: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
2563114.e94: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
2573114.e94: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
2583114.e94: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
2593114.e94: 0000000000041000-fffffffffff11fff 0x0001/0x0000 0x0000000
2603114.e94: *0000000000170000-0000000000073fff 0x0000/0x0004 0x0020000
2613114.e94: 000000000026c000-0000000000269fff 0x0104/0x0004 0x0020000
2623114.e94: 000000000026e000-000000000026bfff 0x0004/0x0004 0x0020000
2633114.e94: 0000000000270000-ffffffff888bffff 0x0001/0x0000 0x0000000
2643114.e94: *0000000077c20000-0000000077c20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2653114.e94: 0000000077c21000-0000000077d22fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2663114.e94: 0000000077d23000-0000000077d51fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2673114.e94: 0000000077d52000-0000000077d5dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2683114.e94: 0000000077d5e000-0000000077dc8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2693114.e94: 0000000077dc9000-0000000070bb1fff 0x0001/0x0000 0x0000000
2703114.e94: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
2713114.e94: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
2723114.e94: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
2733114.e94: 000000007fff0000-ffffffffc0aaffff 0x0001/0x0000 0x0000000
2743114.e94: *000000013f530000-000000013f530fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2753114.e94: 000000013f531000-000000013f59ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2763114.e94: 000000013f5a0000-000000013f5a0fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2773114.e94: 000000013f5a1000-000000013f5e4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2783114.e94: 000000013f5e5000-000000013f5e5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2793114.e94: 000000013f5e6000-000000013f5e6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2803114.e94: 000000013f5e7000-000000013f5ebfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2813114.e94: 000000013f5ec000-000000013f5ecfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2823114.e94: 000000013f5ed000-000000013f5edfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2833114.e94: 000000013f5ee000-000000013f5f1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2843114.e94: 000000013f5f2000-000000013f639fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2853114.e94: 000000013f63a000-fffff8037ed33fff 0x0001/0x0000 0x0000000
2863114.e94: *000007fefff40000-000007fefff40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
2873114.e94: 000007fefff41000-000007fdffed1fff 0x0001/0x0000 0x0000000
2883114.e94: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
2893114.e94: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000
2903114.e94: *000007fffffdd000-000007fffffdafff 0x0004/0x0004 0x0020000
2913114.e94: *000007fffffdf000-000007fffffddfff 0x0004/0x0004 0x0020000
2923114.e94: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
2933114.e94: apisetschema.dll: timestamp 0x4a5bdeab (rc=VINF_SUCCESS)
2943114.e94: VirtualBox.exe: timestamp 0x5790f053 (rc=VINF_SUCCESS)
2953114.e94: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2963114.e94: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
2973114.e94: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
2983114.e94: supR3HardNtChildPurify: Done after 297 ms and 0 fixes (loop #0).
2992100.3084: Log file opened: 5.1.2r108956 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
3003114.e94: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000250000 LB 0x400000)
3012100.3084: supR3HardenedVmProcessInit: uNtDllAddr=0000000077c20000 g_uNtVerCombined=0x611db100
3023114.e94: supR3HardNtEnableThreadCreation:
3032100.3084: ntdll.dll: timestamp 0x4ce7c8f9 (rc=VINF_SUCCESS)
3042100.3084: New simple heap: #1 0000000000270000 LB 0x400000 (for 1740800 allocation)
3052100.3084: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3062100.3084: System32: \Device\HarddiskVolume2\Windows\System32
3072100.3084: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
3082100.3084: KnownDllPath: C:\Windows\system32
3092100.3084: supR3HardenedVmProcessInit: Opening vboxdrv...
3102100.3084: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3112100.3084: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3122100.3084: Registered Dll notification callback with NTDLL.
3132100.3084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
3142100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
3152100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
3162100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3172100.3084: supR3HardenedDllNotificationCallback: load 0000000077b00000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
3182100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3192100.3084: supR3HardenedDllNotificationCallback: load 000007fefdc60000 LB 0x0006b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
3202100.3084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
3212100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
3222100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077b00000 'C:\Windows\system32\kernel32.dll'
3232100.3084: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077c4c320 pvNtTerminateThread=0000000077c71840
3243114.e94: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 48 ms.
3252100.3084: \SystemRoot\System32\ntdll.dll:
3262100.3084: CreationTime: 2010-11-21T03:23:51.351694200Z
3272100.3084: LastWriteTime: 2010-11-21T03:23:51.367294200Z
3282100.3084: ChangeTime: 2016-05-23T06:51:57.148587000Z
3292100.3084: FileAttributes: 0x20
3302100.3084: Size: 0x1a6d60
3312100.3084: NT Headers: 0xe0
3322100.3084: Timestamp: 0x4ce7c8f9
3332100.3084: Machine: 0x8664 - amd64
3342100.3084: Timestamp: 0x4ce7c8f9
3352100.3084: Image Version: 6.1
3362100.3084: SizeOfImage: 0x1a9000 (1740800)
3372100.3084: Resource Dir: 0x151000 LB 0x560d8
3382100.3084: ProductName: Microsoft® Windows® Operating System
3392100.3084: ProductVersion: 6.1.7601.17514
3402100.3084: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
3412100.3084: FileDescription: NT Layer DLL
3422100.3084: \SystemRoot\System32\kernel32.dll:
3432100.3084: CreationTime: 2010-11-21T03:24:07.965723400Z
3442100.3084: LastWriteTime: 2010-11-21T03:24:07.981323400Z
3452100.3084: ChangeTime: 2016-05-23T06:51:30.394540300Z
3462100.3084: FileAttributes: 0x20
3472100.3084: Size: 0x11b800
3482100.3084: NT Headers: 0xe8
3492100.3084: Timestamp: 0x4ce7c78b
3502100.3084: Machine: 0x8664 - amd64
3512100.3084: Timestamp: 0x4ce7c78b
3522100.3084: Image Version: 6.1
3532100.3084: SizeOfImage: 0x11f000 (1175552)
3542100.3084: Resource Dir: 0x116000 LB 0x528
3552100.3084: ProductName: Microsoft® Windows® Operating System
3562100.3084: ProductVersion: 6.1.7601.17514
3572100.3084: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
3582100.3084: FileDescription: Windows NT BASE API Client DLL
3592100.3084: \SystemRoot\System32\KernelBase.dll:
3602100.3084: CreationTime: 2010-11-21T03:24:26.217755400Z
3612100.3084: LastWriteTime: 2010-11-21T03:24:26.248955500Z
3622100.3084: ChangeTime: 2016-05-23T06:51:30.441340400Z
3632100.3084: FileAttributes: 0x20
3642100.3084: Size: 0x66800
3652100.3084: NT Headers: 0xf0
3662100.3084: Timestamp: 0x4ce7c78c
3672100.3084: Machine: 0x8664 - amd64
3682100.3084: Timestamp: 0x4ce7c78c
3692100.3084: Image Version: 6.1
3702100.3084: SizeOfImage: 0x6b000 (438272)
3712100.3084: Resource Dir: 0x69000 LB 0x530
3722100.3084: ProductName: Microsoft® Windows® Operating System
3732100.3084: ProductVersion: 6.1.7601.17514
3742100.3084: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
3752100.3084: FileDescription: Windows NT BASE API Client DLL
3762100.3084: \SystemRoot\System32\apisetschema.dll:
3772100.3084: CreationTime: 2009-07-13T23:18:54.866423200Z
3782100.3084: LastWriteTime: 2009-07-14T01:24:53.779000000Z
3792100.3084: ChangeTime: 2016-05-23T06:51:11.955308200Z
3802100.3084: FileAttributes: 0x20
3812100.3084: Size: 0x1a00
3822100.3084: NT Headers: 0xc0
3832100.3084: Timestamp: 0x4a5bdeab
3842100.3084: Machine: 0x8664 - amd64
3852100.3084: Timestamp: 0x4a5bdeab
3862100.3084: Image Version: 6.1
3872100.3084: SizeOfImage: 0x50000 (327680)
3882100.3084: Resource Dir: 0x30000 LB 0x3f0
3892100.3084: ProductName: Microsoft® Windows® Operating System
3902100.3084: ProductVersion: 6.1.7600.16385
3912100.3084: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
3922100.3084: FileDescription: ApiSet Schema DLL
3932100.3084: supR3HardenedWinFindAdversaries: 0x0
3942100.3084: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3952100.3084: Calling main()
3962100.3084: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
3972100.3084: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3982100.3084: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3992100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
4002100.3084: SUPR3HardenedMain: Final process, opening VBoxDrv...
4012100.3084: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000270000 LB 0x400000)
4022100.3084: supR3HardNtEnableThreadCreation:
4032100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
4042100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
4052100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
4062100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4072100.3084: supR3HardenedDllNotificationCallback: load 000007fef7bb0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
4082100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4092100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4102100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
4112100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7bb0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4122100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4132100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
4142100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7bb0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4152100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7bb0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4162100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4172100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
4182100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
4192100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
4202100.3084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
4212100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
4222100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4232100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4242100.3084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
4252100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
4262100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4272100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4282100.3084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
4292100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
4302100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
4312100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
4322100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4332100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
4342100.3084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
4352100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
4362100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4372100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4382100.3084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
4392100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
4402100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4412100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4422100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
4432100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4442100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4452100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4462100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
4472100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4482100.3084: supR3HardenedDllNotificationCallback: load 000007fefdc20000 LB 0x0003a000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
4492100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4502100.3084: supR3HardenedDllNotificationCallback: load 000007feff570000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
4512100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4522100.3084: supR3HardenedDllNotificationCallback: load 000007fefdcd0000 LB 0x00167000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
4532100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
4542100.3084: supR3HardenedDllNotificationCallback: load 000007fefdc10000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
4552100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
4562100.3084: supR3HardenedDllNotificationCallback: load 000007feffab0000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
4572100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4582100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc20000 'C:\Windows\system32\Wintrust.dll'
4592100.3084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
4602100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
4612100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
4622100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
4632100.3084: supR3HardenedDllNotificationCallback: load 000007fefd570000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
4642100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
4652100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd570000 'C:\Windows\system32\bcrypt.dll'
4662100.3084: bcrypt.dll loaded at 000007fefd570000, BCryptOpenAlgorithmProvider at 000007fefd572640, preloading providers:
4672100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
4682100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
4692100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
4702100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
4712100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
4722100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
4732100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
4742100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
4752100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
4762100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4772100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
4782100.3084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
4792100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
4802100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4812100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4822100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4832100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4842100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4852100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4862100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
4872100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
4882100.3084: supR3HardenedDllNotificationCallback: load 000007fefd060000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
4892100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
4902100.3084: supR3HardenedDllNotificationCallback: load 000007fefed50000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
4912100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
4922100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
4932100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
4942100.3084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
4952100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
4962100.3084: supR3HardenedDllNotificationCallback: load 000007feff470000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
4972100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
4982100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd060000 'C:\Windows\system32\bcryptprimitives.dll'
4992100.3084: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000076ad90)
5002100.3084: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000076dc50)
5012100.3084: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000076dd70)
5022100.3084: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000076df80)
5032100.3084: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000076e0a0)
5042100.3084: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000076e1c0)
5052100.3084: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=000000000076e400)
5062100.3084: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=000000000076e520)
5072100.3084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
5082100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
5092100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5102100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5112100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5122100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5132100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5142100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5152100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
5162100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
5172100.3084: supR3HardenedDllNotificationCallback: load 000007fefd630000 LB 0x00017000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
5182100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
5192100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd630000 'C:\Windows\system32\CRYPTSP.dll'
5202100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5212100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
5222100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
5232100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5242100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5252100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5262100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
5272100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5282100.3084: supR3HardenedDllNotificationCallback: load 000007fefd120000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
5292100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5302100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd120000 'C:\Windows\system32\rsaenh.dll'
5312100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
5322100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
5332100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed50000 'C:\Windows\system32\ADVAPI32.dll'
5342100.3084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
5352100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
5362100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
5372100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
5382100.3084: supR3HardenedDllNotificationCallback: load 000007fefdaa0000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
5392100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
5402100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdaa0000 'C:\Windows\system32\CRYPTBASE.dll'
5412100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5422100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
5432100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077b00000 'C:\Windows\system32\kernel32.dll'
5442100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5452100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
5462100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc20000 'C:\Windows\system32\WINTRUST.DLL'
5472100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5482100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
5492100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdcd0000 'C:\Windows\system32\CRYPT32.dll'
5502100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5512100.3084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
5522100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
5532100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5542100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5552100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5562100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
5572100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
5582100.3084: supR3HardenedDllNotificationCallback: load 000007feffbe0000 LB 0x00017000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
5592100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
5602100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffbe0000 'C:\Windows\system32\imagehlp.dll'
5612100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
5622100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
5632100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd630000 'C:\Windows\system32\CRYPTSP.dll'
5642100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
5652100.3084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
5662100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
5672100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
5682100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
5692100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
5702100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
5712100.3084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
5722100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
5732100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
5742100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
5752100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
5762100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
5772100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
5782100.3084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
5792100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
5802100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
5812100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
5822100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
5832100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
5842100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
5852100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5862100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
5872100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
5882100.3084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
5892100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
5902100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
5912100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
5922100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
5932100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
5942100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
5952100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
5962100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
5972100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
5982100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
5992100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6002100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6012100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
6022100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6032100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6042100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6052100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
6062100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
6072100.3084: supR3HardenedDllNotificationCallback: load 0000000077a00000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
6082100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
6092100.3084: supR3HardenedDllNotificationCallback: load 000007feff4a0000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
6102100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
6112100.3084: supR3HardenedDllNotificationCallback: load 000007feff490000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
6122100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
6132100.3084: supR3HardenedDllNotificationCallback: load 000007fefef10000 LB 0x000c9000 C:\Windows\system32\USP10.dll [fFlags=0x0]
6142100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
6152100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
6162100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
6172100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4a0000 'C:\Windows\system32\gdi32.dll'
6182100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
6192100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
6202100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
6212100.3084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
6222100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
6232100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
6242100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
6252100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6262100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
6272100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
6282100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
6292100.3084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
6302100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
6312100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
6322100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
6332100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
6342100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6352100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6362100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
6372100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
6382100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
6392100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
6402100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
6412100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
6422100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
6432100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6442100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6452100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
6462100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6472100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6482100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6492100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
6502100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
6512100.3084: supR3HardenedDllNotificationCallback: load 000007feffa80000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
6522100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
6532100.3084: supR3HardenedDllNotificationCallback: load 000007feff610000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
6542100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
6552100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa80000 'C:\Windows\system32\IMM32.DLL'
6562100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077a00000 'C:\Windows\system32\USER32.dll'
6572100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
6582100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
6592100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
6602100.3084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
6612100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
6622100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
6632100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
6642100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
6652100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6662100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6672100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6682100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
6692100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
6702100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6712100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
6722100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
6732100.3084: supR3HardenedDllNotificationCallback: load 000007fefd5a0000 LB 0x0004e000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
6742100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
6752100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\ncrypt.dll'
6762100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6772100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
6782100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd570000 'C:\Windows\system32\bcrypt.dll'
6792100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6802100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
6812100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
6822100.3084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
6832100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
6842100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
6852100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
6862100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6872100.3084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
6882100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
6892100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6902100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6912100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6922100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6932100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6942100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6952100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6962100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6972100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6982100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
6992100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
7002100.3084: supR3HardenedDllNotificationCallback: load 000007fefceb0000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
7012100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
7022100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
7032100.3084: supR3HardenedDllNotificationCallback: load 000007fefdb70000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
7042100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
7052100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefceb0000 'C:\Windows\system32\USERENV.dll'
7062100.3084: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
7072100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff470000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
7082100.3084: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
7092100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff470000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
7102100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7112100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
7122100.3084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
7132100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
7142100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7152100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7162100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7172100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7182100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7192100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7202100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
7212100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
7222100.3084: supR3HardenedDllNotificationCallback: load 000007fefce90000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
7232100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
7242100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce90000 'C:\Windows\system32\GPAPI.dll'
7252100.3084: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
7262100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff470000 'API-MS-WIN-Service-Management-L1-1-0.dll'
7272100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7282100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
7292100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffab0000 'C:\Windows\system32\rpcrt4.dll'
7302100.3084: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
7312100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff470000 'API-MS-WIN-Service-Management-L2-1-0.dll'
7322100.3084: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
7332100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff470000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
7342100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7352100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'crypt32.dll'.
7362100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'wldap32.dll'.
7372100.3084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
7382100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
7392100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
7402100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
7412100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7422100.3084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
7432100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
7442100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
7452100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
7462100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7472100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7482100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7492100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7502100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7512100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7522100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7532100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
7542100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7552100.3084: supR3HardenedDllNotificationCallback: load 000007feec950000 LB 0x00026000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
7562100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7572100.3084: supR3HardenedDllNotificationCallback: load 000007feff980000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
7582100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
7592100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7602100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
7612100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec950000 'C:\Windows\system32\cryptnet.dll'
7622100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7632100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
7642100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec950000 'C:\Windows\system32\cryptnet.dll'
7652100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7662100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
7672100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec950000 'C:\Windows\system32\cryptnet.dll'
7682100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7692100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
7702100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec950000 'C:\Windows\system32\cryptnet.dll'
7712100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7722100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
7732100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec950000 'C:\Windows\system32\cryptnet.dll'
7742100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7752100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
7762100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec950000 'C:\Windows\system32\cryptnet.dll'
7772100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7782100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec950000 'C:\Windows\system32\cryptnet.dll'
7792100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7802100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec950000 'C:\Windows\system32\cryptnet.dll'
7812100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7822100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec950000 'C:\Windows\system32\cryptnet.dll'
7832100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7842100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec950000 'C:\Windows\system32\cryptnet.dll'
7852100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7862100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec950000 'C:\Windows\system32\cryptnet.dll'
7872100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec950000 'C:\Windows\system32\cryptnet.dll'
7882100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
7892100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
7902100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
7912100.3084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
7922100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
7932100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7942100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7952100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7962100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
7972100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7982100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
7992100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
8002100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
8012100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
8022100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
8032100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
8042100.3084: supR3HardenedDllNotificationCallback: load 000007fefdf40000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
8052100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
8062100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf40000 'C:\Windows\system32\SHLWAPI.dll'
8072100.3084: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
8082100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff470000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
8092100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
8102100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
8112100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb70000 'C:\Windows\system32\profapi.dll'
8122100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
8132100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
8142100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
8152100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
8162100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
8172100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
8182100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
8192100.3084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll)
8202100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
8212100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
8222100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
8232100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8242100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
8252100.3084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devobj.dll)
8262100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
8272100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
8282100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
8292100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
8302100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
8312100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
8322100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
8332100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
8342100.3084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll)
8352100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
8362100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
8372100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
8382100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
8392100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8402100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8412100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8422100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
8432100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
8442100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
8452100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8462100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8472100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8482100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
8492100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
8502100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8512100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
8522100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
8532100.3084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
8542100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
8552100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
8562100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
8572100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
8582100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8592100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8602100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8612100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8622100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8632100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8642100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
8652100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
8662100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
8672100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
8682100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
8692100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
8702100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8712100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8722100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8732100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8742100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8752100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8762100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
8772100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
8782100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8792100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
8802100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
8812100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
8822100.3084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ole32.dll)
8832100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
8842100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
8852100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
8862100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
8872100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8882100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8892100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8902100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8912100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8922100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8932100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
8942100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
8952100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
8962100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
8972100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
8982100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
8992100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9002100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9012100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9022100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\setupapi.dll (Input=setupapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
9032100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [lacks WinVerifyTrust]
9042100.3084: supR3HardenedDllNotificationCallback: load 000007feff290000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
9052100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [lacks WinVerifyTrust]
9062100.3084: supR3HardenedDllNotificationCallback: load 000007fefde40000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
9072100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
9082100.3084: supR3HardenedDllNotificationCallback: load 000007fefee30000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
9092100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll [lacks WinVerifyTrust]
9102100.3084: supR3HardenedDllNotificationCallback: load 000007fefefe0000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
9112100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ole32.dll [lacks WinVerifyTrust]
9122100.3084: supR3HardenedDllNotificationCallback: load 000007fefde80000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
9132100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [lacks WinVerifyTrust]
9142100.3084: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
9152100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077b00000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
9162100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff290000 'C:\Windows\system32\setupapi.dll'
9172100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9182100.3084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cabinet.dll)
9192100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cabinet.dll
9202100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9212100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9222100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9232100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Cabinet.dll (Input=Cabinet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
9242100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cabinet.dll [lacks WinVerifyTrust]
9252100.3084: supR3HardenedDllNotificationCallback: load 000007fef7240000 LB 0x0001b000 C:\Windows\system32\Cabinet.dll [fFlags=0x0]
9262100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cabinet.dll [lacks WinVerifyTrust]
9272100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7240000 'C:\Windows\system32\Cabinet.dll'
9282100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9292100.3084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
9302100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
9312100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9322100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9332100.3084: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9342100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DEVRTL.dll (Input=DEVRTL.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
9352100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [lacks WinVerifyTrust]
9362100.3084: supR3HardenedDllNotificationCallback: load 000007fefced0000 LB 0x00012000 C:\Windows\system32\DEVRTL.dll [fFlags=0x0]
9372100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [lacks WinVerifyTrust]
9382100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefced0000 'C:\Windows\system32\DEVRTL.dll'
9392100.3084: supR3HardenedDllNotificationCallback: Unload 000007feff290000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [flags=0x0]
9402100.3084: supR3HardenedDllNotificationCallback: Unload 000007fefde80000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
9412100.3084: supR3HardenedDllNotificationCallback: Unload 000007fefee30000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
9422100.3084: supR3HardenedDllNotificationCallback: Unload 000007fefefe0000 LB 0x00203000 C:\Windows\system32\ole32.dll [flags=0x0]
9432100.3084: supR3HardenedDllNotificationCallback: Unload 000007fefde40000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [flags=0x0]
9442100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9452100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec950000 'C:\Windows\system32\cryptnet.dll'
9462100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
9472100.3084: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007658c0
9482100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
9492100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6463B603CF12442718467D754A1EDC45CE1D6E7E
9502100.3084: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
9512100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff470000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
9522100.3084: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
9532100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff470000 'API-MS-WIN-Service-Management-L1-1-0.dll'
9542100.3084: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
9552100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff470000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
9562100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
9572100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
9582100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed50000 'C:\Windows\system32\ADVAPI32.dll'
9592100.3084: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
9602100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff470000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
9612100.3084: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
9622100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff470000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
9632100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\SystemRoot\System32\ntdll.dll'
9642100.3084: g_pfnWinVerifyTrust=000007fefdc21010
9652100.3084: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
9662100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
9672100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
9682100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
9692100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=766DAE0DAEDFFD0DB96611658C619DD5922D2FEC
9702100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
9712100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9722100.3084: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
9732100.3084: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
9742100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
9752100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
9762100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
9772100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E8D9B442D9CC38B2D0501106E104A42A4EE0B238
9782100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
9792100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9802100.3084: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
9812100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003f4 pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
9822100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
9832100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
9842100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=445E5B0E9F43B5D56A5B9C4BC3369E3D076ACA1A
9852100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
9862100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9872100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
9882100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003e8 pwszName=\Device\HarddiskVolume2\Windows\System32\cabinet.dll
9892100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
9902100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
9912100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5D1555851298EA005A2E9FEA027F5898BC240083
9922100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cabinet.dll'
9932100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9942100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cabinet.dll'
9952100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003ac pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
9962100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
9972100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
9982100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E64AE329BD5124592BC8CB0B327AA3B95DC65B7
9992100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
10002100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10012100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ole32.dll'
10022100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003a8 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
10032100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
10042100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
10052100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
10062100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
10072100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10082100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
10092100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003a4 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
10102100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
10112100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
10122100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=26A5C3FE898CBD66951D3BC65E742E0BE561E69B
10132100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
10142100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10152100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
10162100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003a0 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
10172100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
10182100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
10192100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
10202100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
10212100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10222100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devobj.dll'
10232100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000039c pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
10242100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
10252100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
10262100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
10272100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
10282100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10292100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
10302100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000390 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
10312100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
10322100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
10332100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
10342100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
10352100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10362100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
10372100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000384 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
10382100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
10392100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
10402100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
10412100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
10422100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10432100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
10442100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000380 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
10452100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
10462100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
10472100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CA2FE16E05087DA5C24DC5EB2EE8053CDA5DE9A9
10482100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
10492100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10502100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
10512100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000025c pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
10522100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
10532100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
10542100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
10552100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
10562100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10572100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
10582100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c8 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
10592100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
10602100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
10612100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
10622100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
10632100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10642100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
10652100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c4 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
10662100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
10672100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
10682100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
10692100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
10702100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10712100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
10722100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b0 pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
10732100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
10742100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
10752100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3D482C50075646C922DC6A66C97956C5060C361B
10762100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
10772100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10782100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
10792100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
10802100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
10812100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
10822100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=803AF52F95A9EFDFDA06C595023831EE36ACD3A8
10832100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
10842100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10852100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
10862100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
10872100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
10882100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
10892100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
10902100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
10912100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10922100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
10932100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
10942100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
10952100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
10962100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=97AE9B5B40144F2794F30A891013393C80D631A1
10972100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
10982100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10992100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
11002100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
11012100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
11022100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
11032100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A42DFBB8A3A26D2178D79D34DA1CE275E2A0BE37
11042100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
11052100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11062100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
11072100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
11082100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
11092100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
11102100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C8F7179D2AEB0FEB168A01D182223AC2D7B8F331
11112100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
11122100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11132100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
11142100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
11152100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
11162100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
11172100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B723D1B8AD72750B0CF5F6BEC66171B1254ED879
11182100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
11192100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11202100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
11212100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
11222100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
11232100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
11242100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AFE89CF1060867A10BD3963894BCDB4D3058F804
11252100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
11262100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11272100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
11282100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
11292100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
11302100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
11312100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A965CC5DB13A5FB23BBB1B6B5FA6D400DC49462F
11322100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
11332100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11342100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
11352100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
11362100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000012c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
11372100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
11382100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
11392100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=40667EDBA9045D4A4BE1D4844665D3B88F8CD0E0
11402100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
11412100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11422100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
11432100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
11442100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
11452100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
11462100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323
11472100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
11482100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11492100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
11502100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
11512100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
11522100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
11532100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DBCDF817D89920EE3139FB7E090744EB36A4A21B
11542100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
11552100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11562100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
11572100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
11582100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
11592100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
11602100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
11612100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
11622100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
11632100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11642100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
11652100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
11662100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
11672100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
11682100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DBEAC8C0FA88C88B540ACFE0683B1810C077AA53
11692100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
11702100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11712100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
11722100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
11732100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
11742100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
11752100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
11762100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
11772100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11782100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
11792100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
11802100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
11812100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
11822100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BC4D9E909DFDD2EE8BA1A5C857D73D49EBE7952C
11832100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
11842100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11852100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
11862100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
11872100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
11882100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
11892100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
11902100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=06FEC3C858DB28D2F4BFBDA99AF14D4747A8C5D4
11912100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
11922100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11932100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
11942100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
11952100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
11962100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
11972100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D7AE634A00F24BBD4AE27DEA9BCCCE222DE9897B
11982100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
11992100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12002100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
12012100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
12022100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
12032100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdcd0000 'C:\Windows\system32\crypt32.dll'
12042100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
12052100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
12062100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
12072100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
12082100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
12092100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
12102100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
12112100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
12122100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
12132100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
12142100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
12152100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
12162100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
12172100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
12182100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
12192100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
12202100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
12212100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
12222100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
12232100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
12242100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
12252100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
12262100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
12272100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
12282100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
12292100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
12302100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
12312100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
12322100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
12332100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
12342100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
12352100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
12362100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
12372100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
12382100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
12392100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
12402100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0x2d433873a5249d43 CN=HQLUTCM01, OU=Kontinium, O=Kontinium, L=Lutsk, ST=Lutsk, C=UA
12412100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0xeb35475d833be200 C=UA, ST=Kiev, L=Kieb, O=WOG, OU=WOG, CN=10.254.4.28, Email=admin@10.254.4.28
12422100.3084: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=US, ST=N/A, O=Zimbra Collaboration Server, OU=Zimbra Collaboration Server, CN=mail.continium.net
12432100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0xc205a823d83fe600 C=UA, O=Continium Corp., OU=Information Systems, CN=Continium Root Certification Authority
12442100.3084: supR3HardenedWinIsDesiredRootCA: Adding 0xb8c56f5a5b14b900 CN=wb.continium.net
12452100.3084: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=40
12462100.3084: SUPR3HardenedMain: Load Runtime...
12472100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
12482100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
12492100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
12502100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
12512100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
12522100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12532100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12542100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12552100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
12562100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
12572100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003e0 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
12582100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
12592100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
12602100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
12612100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
12622100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12632100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12642100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
12652100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
12662100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
12672100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
12682100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
12692100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
12702100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
12712100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
12722100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
12732100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12742100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12752100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
12762100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
12772100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12782100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12792100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
12802100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
12812100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
12822100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003f0 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
12832100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
12842100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
12852100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
12862100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
12872100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12882100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
12892100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
12902100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12912100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12922100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12932100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12942100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
12952100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12962100.3084: supR3HardenedDllNotificationCallback: load 000007fee6c40000 LB 0x00519000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
12972100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12982100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
12992100.3084: supR3HardenedDllNotificationCallback: load 0000000070f80000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
13002100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
13012100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
13022100.3084: supR3HardenedDllNotificationCallback: load 0000000071cd0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
13032100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
13042100.3084: supR3HardenedDllNotificationCallback: load 000007feff510000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
13052100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
13062100.3084: supR3HardenedDllNotificationCallback: load 000007feff560000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
13072100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
13082100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13092100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
13102100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13112100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13122100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
13132100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13142100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13152100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
13162100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13172100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13182100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
13192100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13202100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13212100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
13222100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13232100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13242100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
13252100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13262100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13272100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13282100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13292100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13302100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13312100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13322100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13332100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13342100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
13352100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13362100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13372100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13382100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13392100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13402100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13412100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13422100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13432100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13442100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13452100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13462100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13472100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13482100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13492100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13502100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13512100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13522100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007246a0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
13532100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13542100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13552100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13562100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6c40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13572100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
13582100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007919b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
13592100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc20000 'C:\Windows\system32\Wintrust.dll'
13602100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
13612100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007919b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
13622100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdcd0000 'C:\Windows\system32\crypt32.dll'
13632100.3084: SUPR3HardenedMain: Load TrustedMain...
13642100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
13652100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
13662100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
13672100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
13682100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
13692100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
13702100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
13712100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
13722100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
13732100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
13742100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
13752100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
13762100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
13772100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
13782100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
13792100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
13802100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
13812100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
13822100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
13832100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000438 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
13842100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
13852100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
13862100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
13872100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
13882100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13892100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
13902100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
13912100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
13922100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
13932100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
13942100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
13952100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
13962100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
13972100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
13982100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
13992100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
14002100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
14012100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000418 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
14022100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
14032100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
14042100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FCF00DB9BBECF4126AB4076577BBA73C0F94BDF9
14052100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
14062100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14072100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14082100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
14092100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
14102100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
14112100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
14122100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
14132100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14142100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14152100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
14162100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14172100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14182100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
14192100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
14202100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
14212100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
14222100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
14232100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
14242100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
14252100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
14262100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
14272100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
14282100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
14292100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
14302100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
14312100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
14322100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
14332100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
14342100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
14352100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
14362100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
14372100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
14382100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
14392100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
14402100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
14412100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
14422100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
14432100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
14442100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
14452100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
14462100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
14472100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
14482100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
14492100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
14502100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
14512100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
14522100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
14532100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
14542100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcp100.dll'.
14552100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
14562100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust
14572100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
14582100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14592100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14602100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
14612100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
14622100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
14632100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
14642100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
14652100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
14662100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
14672100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
14682100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) WinVerifyTrust
14692100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
14702100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14712100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14722100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
14732100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14742100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14752100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
14762100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
14772100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
14782100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
14792100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
14802100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000440 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
14812100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
14822100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
14832100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
14842100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
14852100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14862100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14872100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
14882100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
14892100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
14902100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
14912100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
14922100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
14932100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
14942100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14952100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14962100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
14972100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
14982100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000444 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
14992100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
15002100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
15012100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
15022100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
15032100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15042100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15052100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
15062100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
15072100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
15082100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
15092100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
15102100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
15112100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
15122100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
15132100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
15142100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000458 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
15152100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
15162100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
15172100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
15182100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
15192100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15202100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15212100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
15222100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
15232100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
15242100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
15252100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15262100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15272100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15282100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15292100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
15302100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15312100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15322100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15332100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15342100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
15352100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15362100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15372100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
15382100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
15392100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
15402100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000468 pwszName=\Device\HarddiskVolume2\Windows\System32\mpr.dll
15412100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
15422100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
15432100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F84FE9BA047B24E7694C9E0C349B48B9FD5F925B
15442100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\mpr.dll'
15452100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15462100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll) WinVerifyTrust
15472100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
15482100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
15492100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
15502100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
15512100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15522100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15532100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
15542100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
15552100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
15562100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
15572100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
15582100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
15592100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
15602100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15612100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15622100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15632100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15642100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
15652100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15662100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15672100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
15682100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15692100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15702100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
15712100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15722100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15732100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15742100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15752100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
15762100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
15772100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
15782100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15792100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15802100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
15812100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
15822100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
15832100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
15842100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15852100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15862100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
15872100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
15882100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
15892100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
15902100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15912100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15922100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
15932100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15942100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15952100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15962100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15972100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
15982100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
15992100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
16002100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000474 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
16012100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
16022100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
16032100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
16042100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
16052100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16062100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16072100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
16082100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
16092100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
16102100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
16112100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
16122100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
16132100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
16142100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
16152100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
16162100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000478 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
16172100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
16182100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
16192100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
16202100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
16212100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16222100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16232100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
16242100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
16252100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust
16262100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
16272100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16282100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16292100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16302100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
16312100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
16322100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16332100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
16342100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
16352100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
16362100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16372100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16382100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16392100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16402100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16412100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16422100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16432100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16442100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16452100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
16462100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
16472100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16482100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
16492100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
16502100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
16512100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16522100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16532100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16542100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16552100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
16562100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
16572100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
16582100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16592100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16602100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16612100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16622100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16632100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16642100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16652100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16662100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16672100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16682100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
16692100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16702100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16712100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
16722100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
16732100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
16742100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
16752100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
16762100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000046c pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
16772100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
16782100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
16792100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4D3B2DA266DE92D9E1311E30C810160CDC5BD5AA
16802100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
16812100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16822100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
16832100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
16842100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
16852100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
16862100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
16872100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16882100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16892100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16902100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16912100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
16922100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
16932100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
16942100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16952100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16962100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16972100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16982100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
16992100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
17002100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
17012100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17022100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17032100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
17042100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
17052100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000470 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
17062100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
17072100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
17082100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B79EE7B5AD74EF51A849809202E043183A2C727E
17092100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
17102100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17112100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17122100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
17132100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
17142100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
17152100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
17162100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
17172100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
17182100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
17192100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17202100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17212100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
17222100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
17232100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000448 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
17242100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
17252100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
17262100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3FEC714D729F7CAEB9B7A25E2012B6A6E9007F5
17272100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
17282100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17292100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17302100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
17312100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
17322100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
17332100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
17342100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17352100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17362100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17372100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17382100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17392100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17402100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17412100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17422100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17432100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17442100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17452100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17462100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17472100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17482100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17492100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17502100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
17512100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17522100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17532100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17542100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17552100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17562100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17572100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
17582100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007919b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
17592100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
17602100.3084: supR3HardenedDllNotificationCallback: load 000007fee4ec0000 LB 0x008de000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
17612100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
17622100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
17632100.3084: supR3HardenedDllNotificationCallback: load 000007fef7110000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
17642100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
17652100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
17662100.3084: supR3HardenedDllNotificationCallback: load 000007fef79c0000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
17672100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
17682100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
17692100.3084: supR3HardenedDllNotificationCallback: load 000007fef7010000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
17702100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
17712100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
17722100.3084: supR3HardenedDllNotificationCallback: load 000007fef79b0000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
17732100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
17742100.3084: supR3HardenedDllNotificationCallback: load 000007feff290000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
17752100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
17762100.3084: supR3HardenedDllNotificationCallback: load 000007fefde40000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
17772100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
17782100.3084: supR3HardenedDllNotificationCallback: load 000007fefee30000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
17792100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
17802100.3084: supR3HardenedDllNotificationCallback: load 000007fefefe0000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
17812100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
17822100.3084: supR3HardenedDllNotificationCallback: load 000007fefde80000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
17832100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
17842100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
17852100.3084: supR3HardenedDllNotificationCallback: load 000007fefbef0000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
17862100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
17872100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
17882100.3084: supR3HardenedDllNotificationCallback: load 00000000681c0000 LB 0x00553000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
17892100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
17902100.3084: supR3HardenedDllNotificationCallback: load 000007fefdfc0000 LB 0x00d88000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
17912100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
17922100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
17932100.3084: supR3HardenedDllNotificationCallback: load 000007fef88e0000 LB 0x00018000 C:\Windows\system32\MPR.dll [fFlags=0x0]
17942100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
17952100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
17962100.3084: supR3HardenedDllNotificationCallback: load 000007fee6690000 LB 0x005a1000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
17972100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
17982100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
17992100.3084: supR3HardenedDllNotificationCallback: load 0000000068e50000 LB 0x0054f000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
18002100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
18012100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
18022100.3084: supR3HardenedDllNotificationCallback: load 000007feecbc0000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
18032100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
18042100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
18052100.3084: supR3HardenedDllNotificationCallback: load 000007fef8fa0000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
18062100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
18072100.3084: supR3HardenedDllNotificationCallback: load 000007feff1f0000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
18082100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
18092100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
18102100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
18112100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
18122100.3084: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll)
18132100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
18142100.3084: supR3HardenedDllNotificationCallback: load 000007fef8580000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\COMCTL32.dll [fFlags=0x0]
18152100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll [avoiding WinVerifyTrust]
18162100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
18172100.3084: supR3HardenedDllNotificationCallback: load 00000000728b0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
18182100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
18192100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
18202100.3084: supR3HardenedDllNotificationCallback: load 000007fefb7c0000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
18212100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
18222100.3084: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll'.
18232100.3084: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll' [rescheduled]
18242100.3084: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007919b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
18252100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077b00000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
18262100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
18272100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18282100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18292100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18302100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18312100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18322100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18332100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007919b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
18342100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa80000 'C:\Windows\system32\imm32.dll'
18352100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed50000 'C:\Windows\system32\ADVAPI32.DLL'
18362100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
18372100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
18382100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdaa0000 'C:\Windows\system32\cryptbase.dll'
18392100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4ec0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
18402100.3084: SUPR3HardenedMain: Calling TrustedMain (000007fee4ec15f0)...
18412100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
18422100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007919b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
18432100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefefe0000 'C:\Windows\system32\ole32.dll'
18442100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed50000 'C:\Windows\system32\ADVAPI32.dll'
18452100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
18462100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007919b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
18472100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdfc0000 'C:\Windows\system32\shell32.dll'
18482100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
18492100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'imm32.dll'.
18502100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'winmm.dll'.
18512100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
18522100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
18532100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
18542100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
18552100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
18562100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
18572100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
18582100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
18592100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
18602100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
18612100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18622100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18632100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
18642100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
18652100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
18662100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
18672100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
18682100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
18692100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18702100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18712100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18722100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18732100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18742100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18752100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
18762100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
18772100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
18782100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18792100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18802100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
18812100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
18822100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
18832100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
18842100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
18852100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
18862100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
18872100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18882100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
18892100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
18902100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007919b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
18912100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
18922100.3084: supR3HardenedDllNotificationCallback: load 000007fee98f0000 LB 0x00127000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
18932100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
18942100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee98f0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
18952100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000514 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
18962100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
18972100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
18982100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
18992100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
19002100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19012100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19022100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
19032100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
19042100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
19052100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19062100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19072100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19082100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19092100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19102100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19112100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19122100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000819ba0:C:\Windows\system32;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
19132100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19142100.3084: supR3HardenedDllNotificationCallback: load 000007fefc460000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
19152100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19162100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc460000 'C:\Windows\system32\uxtheme.dll'
19172100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19182100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000819ba0:C:\Windows\system32;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
19192100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc460000 'C:\Windows\system32\uxtheme.dll'
19202100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19212100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000819ba0:C:\Windows\system32;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
19222100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc460000 'C:\Windows\system32\uxtheme.dll'
19232100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19242100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000819ba0:C:\Windows\system32;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
19252100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc460000 'C:\Windows\system32\uxtheme.dll'
19262100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
19272100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007919b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
19282100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdaa0000 'C:\Windows\system32\CRYPTBASE.dll'
19292100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077a00000 'C:\Windows\system32\user32.dll'
19302100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
19312100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007919b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
19322100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdfc0000 'C:\Windows\system32\shell32.dll'
19332100.3084: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
19342100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007919b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
19352100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
19362100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
19372100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007919b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
19382100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbef0000 'C:\Windows\system32\dwmapi.dll'
19392100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
19402100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007919b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
19412100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb7c0000 'C:\Windows\system32\winmm.dll'
19422100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
19432100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007919b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
19442100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb7c0000 'C:\Windows\system32\winmm.dll'
19452100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
19462100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007919b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
19472100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdfc0000 'C:\Windows\system32\shell32.dll'
19482100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19492100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007919b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
19502100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc460000 'C:\Windows\system32\uxtheme.dll'
19512100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed50000 'C:\Windows\system32\advapi32.dll'
19522100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
19532100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007919b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
19542100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefceb0000 'C:\Windows\system32\userenv.dll'
19552100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
19562100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007919b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
19572100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077b00000 'C:\Windows\system32\kernel32.dll'
19582100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000544 pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
19592100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
19602100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
19612100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
19622100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
19632100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19642100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19652100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
19662100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
19672100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
19682100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
19692100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
19702100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) WinVerifyTrust
19712100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
19722100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19732100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19742100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
19752100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
19762100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
19772100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19782100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19792100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19802100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19812100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19822100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19832100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
19842100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19852100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19862100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007919b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
19872100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
19882100.3084: supR3HardenedDllNotificationCallback: load 000007feff9e0000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
19892100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
19902100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff9e0000 'C:\Windows\system32\CLBCatQ.DLL'
19912100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed50000 'C:\Windows\system32\ADVAPI32.dll'
19922100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
19932100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007919b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
19942100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd630000 'C:\Windows\system32\CRYPTSP.dll'
19952100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000560 pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
19962100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
19972100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
19982100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
19992100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
20002100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20012100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
20022100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
20032100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
20042100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20052100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20062100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007919b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
20072100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
20082100.3084: supR3HardenedDllNotificationCallback: load 000007fefdb50000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
20092100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
20102100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb50000 'C:\Windows\system32\RpcRtRemote.dll'
20112100.30b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
20122100.30b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
20132100.30b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
20142100.30b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
20152100.30b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
20162100.30b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
20172100.30b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
20182100.30b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
20192100.30b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
20202100.30b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
20212100.30b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20222100.30b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20232100.30b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20242100.30b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
20252100.30b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20262100.30b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20272100.30b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
20282100.30b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20292100.30b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
20302100.30b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
20312100.30b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
20322100.30b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
20332100.30b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20342100.30b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20352100.30b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007919b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
20362100.30b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
20372100.30b8: supR3HardenedDllNotificationCallback: load 000007fee7a10000 LB 0x00501000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
20382100.30b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
20392100.30b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7a10000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
20402100.30b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
20412100.30b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
20422100.30b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
20432100.30b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
20442100.30b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
20452100.30b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
20462100.30b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
20472100.30b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
20482100.30b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
20492100.30b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20502100.30b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20512100.30b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
20522100.30b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
20532100.30b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20542100.30b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20552100.30b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20562100.30b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
20572100.30b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
20582100.30b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
20592100.30b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20602100.30b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20612100.30b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20622100.30b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
20632100.30b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20642100.30b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20652100.30b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007919b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
20662100.30b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
20672100.30b8: supR3HardenedDllNotificationCallback: load 000007fee9830000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
20682100.30b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
20692100.30b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee9830000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
20702100.30b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20712100.30b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003107f90:C:\Windows\system32;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
20722100.30b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee30000 'C:\Windows\system32\oleaut32.dll'
20732100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed50000 'C:\Windows\system32\ADVAPI32.dll'
20742100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4a0000 'C:\Windows\system32\gdi32.dll'
20752100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdfc0000 'C:\Windows\system32\shell32.dll'
20762100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed50000 'C:\Windows\system32\ADVAPI32.dll'
20772100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefefe0000 'C:\Windows\system32\ole32.dll'
20782100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefefe0000 'C:\Windows\system32\ole32.dll'
20792100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
20802100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003188190:C:\Windows\system32;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
20812100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff610000 'C:\Windows\system32\MSCTF.dll'
20822100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdfc0000 'C:\Windows\system32\shell32.dll'
20832100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdfc0000 'C:\Windows\system32\shell32.dll'
20842100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefefe0000 'C:\Windows\system32\ole32.dll'
20852100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee30000 'C:\Windows\system32\OLEAUT32.dll'
20862100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000008b0 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
20872100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
20882100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
20892100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
20902100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
20912100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20922100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20932100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
20942100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
20952100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
20962100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
20972100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
20982100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
20992100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
21002100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
21012100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
21022100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
21032100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21042100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21052100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21062100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21072100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21082100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21092100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
21102100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
21112100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000008b4 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
21122100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
21132100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
21142100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
21152100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
21162100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21172100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21182100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
21192100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
21202100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
21212100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
21222100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
21232100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
21242100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21252100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21262100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
21272100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
21282100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
21292100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21302100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21312100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
21322100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21332100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21342100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21352100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21362100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21372100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21382100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003189360:C:\Windows\system32\wbem;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
21392100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
21402100.3084: supR3HardenedDllNotificationCallback: load 000007fefa5d0000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
21412100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
21422100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
21432100.3084: supR3HardenedDllNotificationCallback: load 000007fefa270000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
21442100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
21452100.3084: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007919b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
21462100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077b00000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
21472100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5d0000 'C:\Windows\system32\wbem\wbemprox.dll'
21482100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000008dc pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
21492100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
21502100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
21512100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
21522100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
21532100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21542100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21552100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
21562100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
21572100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
21582100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21592100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21602100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
21612100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21622100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21632100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000318a210:C:\Windows\system32\wbem;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
21642100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
21652100.3084: supR3HardenedDllNotificationCallback: load 000007fef9970000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
21662100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
21672100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9970000 'C:\Windows\system32\wbem\wbemsvc.dll'
21682100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000008e0 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
21692100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
21702100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
21712100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
21722100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
21732100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21742100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21752100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
21762100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
21772100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
21782100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
21792100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
21802100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
21812100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
21822100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
21832100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
21842100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000008c0 pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
21852100.3084: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007658c0
21862100.3084: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007658c0
21872100.3084: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
21882100.3084: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll'
21892100.3084: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21902100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21912100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
21922100.3084: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
21932100.3084: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll) WinVerifyTrust
21942100.3084: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
21952100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21962100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21972100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21982100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21992100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22002100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22012100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
22022100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
22032100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
22042100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22052100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22062100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
22072100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
22082100.3084: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
22092100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22102100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22112100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22122100.3084: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22132100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000318a4e0:C:\Windows\system32\wbem;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
22142100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
22152100.3084: supR3HardenedDllNotificationCallback: load 000007fef9de0000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
22162100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
22172100.3084: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
22182100.3084: supR3HardenedDllNotificationCallback: load 000007fef9db0000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
22192100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
22202100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9de0000 'C:\Windows\system32\wbem\fastprox.dll'
22212100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee30000 'C:\Windows\system32\OLEAUT32.dll'
22222100.3318: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee30000 'C:\Windows\system32\OLEAUT32.dll'
22232100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee30000 'C:\Windows\system32\OLEAUT32.DLL'
22242100.3084: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
22252100.3084: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007919b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files\ImageMagick-7.0.2-Q16;C:\RailsInstaller\Git\cmd;C:\RailsInstaller\Ruby2.2.0\bin;C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Skype\Phone\;C:\Program Files\nodejs\;C:\Users\Sergey.Numergitskiy\AppData\Roaming\npm [calling]
22262100.3084: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb7c0000 'C:\Windows\system32\WINMM.dll'
22272100.3084: supR3HardenedDllNotificationCallback: Unload 000007fef9de0000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [flags=0x0]
22282100.3084: supR3HardenedDllNotificationCallback: Unload 000007fef9db0000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [flags=0x0]
22292100.3084: supR3HardenedDllNotificationCallback: Unload 000007fef9970000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [flags=0x0]
22302100.3084: supR3HardenedDllNotificationCallback: Unload 000007fefa5d0000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [flags=0x0]
22312100.3084: supR3HardenedDllNotificationCallback: Unload 000007fefa270000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [flags=0x0]
22322100.3084: supR3HardenedDllNotificationCallback: Unload 000007fee9830000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
22332100.3084: supR3HardenedDllNotificationCallback: Unload 000007fee7a10000 LB 0x00501000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
22342100.3084: Terminating the normal way: rcExit=0
22353114.e94: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2868 ms, the end);
22361a4c.3294: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 3239 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy