e54.10c: Log file opened: 4.3.16r95972 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110 e54.10c: Calling main() e54.10c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 e54.10c: SUPR3HardenedMain: Respawn #1 e54.10c: System32: \Device\HarddiskVolume2\Windows\System32 e54.10c: WinSxS: \Device\HarddiskVolume2\Windows\winsxs e54.10c: ProgDir: \Device\HarddiskVolume2\Program Files e54.10c: ComDir: \Device\HarddiskVolume2\Program Files\Common Files e54.10c: ProgDir32: \Device\HarddiskVolume2\Program Files (x86) e54.10c: ComDir32: \Device\HarddiskVolume2\Program Files (x86)\Common Files e54.10c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports e54.10c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) e54.10c: supR3HardNtEnableThreadCreation: e54.10c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007776bfa0 pvNtTerminateThread=0000000077791360 e54.10c: supR3HardenedWinDoReSpawn(1): New child 1900.1b10 [kernel32]. e54.10c: supR3HardenedWinPurifyChild: PebBaseAddress=000007fffffd9000 cbPeb=0x380 e54.10c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077740000 uNtDllChildAddr=0000000077740000 e54.10c: supR3HardNtPuChTriggerInitialImageEvents: uLdrInitThunk=000000007776bfa0 uNtTerminateThread=0000000077791360 e54.10c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007776bfa0 pvNtTerminateThread=0000000077791360 e54.10c: supR3HardNtPuChTriggerInitialImageEvents: mapping view of ntdll.dll[2nd] e54.10c: supR3HardNtPuChTriggerInitialImageEvents: ntdll.dll[2nd] mapped at 00000000002e0000 LB 0x1ab000 e54.10c: supR3HardNtPuChTriggerInitialImageEvents: mapping view of kernel32.dll e54.10c: supR3HardNtPuChTriggerInitialImageEvents: kernel32.dll mapped at 0000000077520000 LB 0x11f000 e54.10c: supR3HardNtPuChTriggerInitialImageEvents: mapping view of KernelBase.dll e54.10c: supR3HardNtPuChTriggerInitialImageEvents: KernelBase.dll mapped at 000007fefdee0000 LB 0x6b000 e54.10c: supR3HardNtPuChTriggerInitialImageEvents: Startup delay kludge #1: 15 ms e54.10c: supR3HardNtEnableThreadCreation: e54.10c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION e54.10c: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000 e54.10c: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000 e54.10c: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000 e54.10c: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000 e54.10c: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000 e54.10c: 0000000000041000-ffffffffffea1fff 0x0001/0x0000 0x0000000 e54.10c: *00000000001e0000-00000000000e3fff 0x0000/0x0004 0x0020000 e54.10c: 00000000002dc000-00000000002d8fff 0x0104/0x0004 0x0020000 e54.10c: 00000000002df000-00000000002ddfff 0x0004/0x0004 0x0020000 e54.10c: 00000000002e0000-ffffffff88e7ffff 0x0001/0x0000 0x0000000 e54.10c: *0000000077740000-000000007773efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll e54.10c: 0000000077741000-000000007763efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll e54.10c: 0000000077843000-0000000077813fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll e54.10c: 0000000077872000-0000000077863fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll e54.10c: 0000000077880000-0000000077814fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll e54.10c: 00000000778eb000-00000000701f5fff 0x0001/0x0000 0x0000000 e54.10c: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000 e54.10c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 e54.10c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 e54.10c: 000000007fff0000-ffffffffc0aeffff 0x0001/0x0000 0x0000000 e54.10c: *000000013f4f0000-000000013f4eefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe e54.10c: 000000013f4f1000-000000013f471fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe e54.10c: 000000013f570000-000000013f56efff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe e54.10c: 000000013f571000-000000013f539fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe e54.10c: 000000013f5a8000-000000013f59efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe e54.10c: 000000013f5b1000-000000013f577fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe e54.10c: 000000013f5ea000-fffff8037f173fff 0x0001/0x0000 0x0000000 e54.10c: *000007feffa60000-000007feffa5efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll e54.10c: 000007feffa61000-000007fdff511fff 0x0001/0x0000 0x0000000 e54.10c: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000 e54.10c: 000007fffffd3000-000007fffffccfff 0x0001/0x0000 0x0000000 e54.10c: *000007fffffd9000-000007fffffd7fff 0x0004/0x0004 0x0020000 e54.10c: 000007fffffda000-000007fffffd5fff 0x0001/0x0000 0x0000000 e54.10c: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000 e54.10c: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000 e54.10c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports e54.10c: \Device\HarddiskVolume2\Windows\System32\apisetschema.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) e54.10c: \Device\HarddiskVolume2\Windows\System32\apisetschema.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). e54.10c: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports e54.10c: \Device\HarddiskVolume2\Windows\System32\ntdll.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) e54.10c: \Device\HarddiskVolume2\Windows\System32\ntdll.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). e54.10c: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 1900.1b10: Log file opened: 4.3.16r95972 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110 1900.1b10: Calling main() 1900.1b10: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 1900.1b10: System32: \Device\HarddiskVolume2\Windows\System32 1900.1b10: WinSxS: \Device\HarddiskVolume2\Windows\winsxs 1900.1b10: ProgDir: \Device\HarddiskVolume2\Program Files 1900.1b10: ComDir: \Device\HarddiskVolume2\Program Files\Common Files 1900.1b10: ProgDir32: \Device\HarddiskVolume2\Program Files (x86) 1900.1b10: ComDir32: \Device\HarddiskVolume2\Program Files (x86)\Common Files 1900.1b10: supR3HardenedWinInit: Startup delay kludge #2/0: 94 ms, 11 sleeps 1900.1b10: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION 1900.1b10: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000 1900.1b10: *0000000000010000-ffffffffffffffff 0x0004/0x0004 0x0040000 1900.1b10: 0000000000020000-000000000000ffff 0x0001/0x0000 0x0000000 1900.1b10: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000 1900.1b10: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000 1900.1b10: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000 1900.1b10: 0000000000041000-0000000000011fff 0x0001/0x0000 0x0000000 1900.1b10: *0000000000070000-fffffffffffeefff 0x0004/0x0004 0x0020000 1900.1b10: 00000000000f1000-0000000000071fff 0x0000/0x0004 0x0020000 1900.1b10: *0000000000170000-0000000000108fff 0x0002/0x0002 0x0040000 1900.1b10: 00000000001d7000-00000000001cdfff 0x0001/0x0000 0x0000000 1900.1b10: *00000000001e0000-00000000000e4fff 0x0000/0x0004 0x0020000 1900.1b10: 00000000002db000-00000000002d8fff 0x0104/0x0004 0x0020000 1900.1b10: 00000000002dd000-00000000002d9fff 0x0004/0x0004 0x0020000 1900.1b10: *00000000002e0000-0000000000133fff 0x0004/0x0004 0x0020000 1900.1b10: 000000000048c000-ffffffff893f7fff 0x0001/0x0000 0x0000000 1900.1b10: *0000000077520000-000000007751efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll 1900.1b10: 0000000077521000-0000000077485fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll 1900.1b10: 00000000775bc000-000000007754dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll 1900.1b10: 000000007762a000-0000000077627fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll 1900.1b10: 000000007762c000-0000000077618fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll 1900.1b10: 000000007763f000-000000007753dfff 0x0001/0x0000 0x0000000 1900.1b10: *0000000077740000-000000007773efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1900.1b10: 0000000077741000-000000007763efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1900.1b10: 0000000077843000-0000000077813fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1900.1b10: 0000000077872000-0000000077870fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1900.1b10: 0000000077873000-0000000077871fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1900.1b10: 0000000077874000-0000000077872fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1900.1b10: 0000000077875000-0000000077872fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1900.1b10: 0000000077877000-0000000077875fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1900.1b10: 0000000077878000-0000000077874fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1900.1b10: 000000007787b000-0000000077878fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1900.1b10: 000000007787d000-000000007787bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1900.1b10: 000000007787e000-000000007787bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1900.1b10: 0000000077880000-0000000077814fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1900.1b10: 00000000778eb000-00000000701f5fff 0x0001/0x0000 0x0000000 1900.1b10: *000000007efe0000-000000007efdafff 0x0002/0x0002 0x0040000 1900.1b10: 000000007efe5000-000000007eee9fff 0x0000/0x0002 0x0040000 1900.1b10: *000000007f0e0000-000000007e1dffff 0x0000/0x0002 0x0020000 1900.1b10: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 1900.1b10: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 1900.1b10: 000000007fff0000-ffffffffc0aeffff 0x0001/0x0000 0x0000000 1900.1b10: *000000013f4f0000-000000013f4eefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1900.1b10: 000000013f4f1000-000000013f471fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1900.1b10: 000000013f570000-000000013f56efff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1900.1b10: 000000013f571000-000000013f539fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1900.1b10: 000000013f5a8000-000000013f59efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1900.1b10: 000000013f5b1000-000000013f577fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1900.1b10: 000000013f5ea000-fffff80380cf3fff 0x0001/0x0000 0x0000000 1900.1b10: *000007fefdee0000-000007fefdedefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 1900.1b10: 000007fefdee1000-000007fefde96fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 1900.1b10: 000007fefdf2b000-000007fefdf15fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 1900.1b10: 000007fefdf40000-000007fefdf3dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 1900.1b10: 000007fefdf42000-000007fefdf38fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 1900.1b10: 000007fefdf4b000-000007fefc435fff 0x0001/0x0000 0x0000000 1900.1b10: *000007feffa60000-000007feffa5efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll 1900.1b10: 000007feffa61000-000007fdff511fff 0x0001/0x0000 0x0000000 1900.1b10: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000 1900.1b10: 000007fffffd3000-000007fffffccfff 0x0001/0x0000 0x0000000 1900.1b10: *000007fffffd9000-000007fffffd7fff 0x0004/0x0004 0x0020000 1900.1b10: 000007fffffda000-000007fffffd5fff 0x0001/0x0000 0x0000000 1900.1b10: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000 1900.1b10: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000 1900.1b10: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1900.1b10: \Device\HarddiskVolume2\Windows\System32\apisetschema.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 1900.1b10: \Device\HarddiskVolume2\Windows\System32\apisetschema.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 1900.1b10: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports 1900.1b10: \Device\HarddiskVolume2\Windows\System32\ntdll.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 1900.1b10: \Device\HarddiskVolume2\Windows\System32\ntdll.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 1900.1b10: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 1900.1b10: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1900.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 1900.1b10: supHardNtVpScanVirtualMemory: enmKind=VERIFY_ONLY 1900.1b10: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000 1900.1b10: *0000000000010000-ffffffffffffffff 0x0004/0x0004 0x0040000 1900.1b10: 0000000000020000-000000000000ffff 0x0001/0x0000 0x0000000 1900.1b10: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000 1900.1b10: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000 1900.1b10: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000 1900.1b10: 0000000000041000-0000000000011fff 0x0001/0x0000 0x0000000 1900.1b10: *0000000000070000-fffffffffff6ffff 0x0004/0x0004 0x0020000 1900.1b10: *0000000000170000-0000000000108fff 0x0002/0x0002 0x0040000 1900.1b10: 00000000001d7000-00000000001cdfff 0x0001/0x0000 0x0000000 1900.1b10: *00000000001e0000-00000000000e5fff 0x0000/0x0004 0x0020000 1900.1b10: 00000000002da000-00000000002d7fff 0x0104/0x0004 0x0020000 1900.1b10: 00000000002dc000-00000000002d7fff 0x0004/0x0004 0x0020000 1900.1b10: *00000000002e0000-0000000000133fff 0x0004/0x0004 0x0020000 1900.1b10: 000000000048c000-0000000000487fff 0x0001/0x0000 0x0000000 1900.1b10: *0000000000490000-0000000000393fff 0x0004/0x0004 0x0020000 1900.1b10: 000000000058c000-0000000000587fff 0x0000/0x0004 0x0020000 1900.1b10: *0000000000590000-0000000000512fff 0x0004/0x0004 0x0020000 1900.1b10: 000000000060d000-0000000000489fff 0x0000/0x0004 0x0020000 1900.1b10: *0000000000790000-000000000066ffff 0x0004/0x0004 0x0020000 1900.1b10: 00000000008b0000-ffffffff89c3ffff 0x0001/0x0000 0x0000000 1900.1b10: *0000000077520000-000000007751efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll 1900.1b10: 0000000077521000-0000000077485fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll 1900.1b10: 00000000775bc000-000000007754dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll 1900.1b10: 000000007762a000-0000000077627fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll 1900.1b10: 000000007762c000-0000000077618fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll 1900.1b10: 000000007763f000-000000007753dfff 0x0001/0x0000 0x0000000 1900.1b10: *0000000077740000-000000007773efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1900.1b10: 0000000077741000-000000007763efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1900.1b10: 0000000077843000-0000000077813fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1900.1b10: 0000000077872000-0000000077870fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1900.1b10: 0000000077873000-0000000077871fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1900.1b10: 0000000077874000-0000000077872fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1900.1b10: 0000000077875000-0000000077872fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1900.1b10: 0000000077877000-0000000077875fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1900.1b10: 0000000077878000-0000000077874fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1900.1b10: 000000007787b000-0000000077878fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1900.1b10: 000000007787d000-000000007787bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1900.1b10: 000000007787e000-000000007787bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1900.1b10: 0000000077880000-0000000077814fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1900.1b10: 00000000778eb000-00000000778e5fff 0x0001/0x0000 0x0000000 1900.1b10: *00000000778f0000-00000000778eefff 0x0004/0x0004 0x0020000 1900.1b10: 00000000778f1000-0000000070201fff 0x0001/0x0000 0x0000000 1900.1b10: *000000007efe0000-000000007efdafff 0x0002/0x0002 0x0040000 1900.1b10: 000000007efe5000-000000007eee9fff 0x0000/0x0002 0x0040000 1900.1b10: *000000007f0e0000-000000007e1dffff 0x0000/0x0002 0x0020000 1900.1b10: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 1900.1b10: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 1900.1b10: 000000007fff0000-ffffffffc0aeffff 0x0001/0x0000 0x0000000 1900.1b10: *000000013f4f0000-000000013f4eefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1900.1b10: 000000013f4f1000-000000013f470fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1900.1b10: 000000013f571000-000000013f539fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1900.1b10: 000000013f5a8000-000000013f59efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1900.1b10: 000000013f5b1000-000000013f577fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1900.1b10: 000000013f5ea000-fffff80380cf3fff 0x0001/0x0000 0x0000000 1900.1b10: *000007fefdee0000-000007fefdedefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 1900.1b10: 000007fefdee1000-000007fefde96fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 1900.1b10: 000007fefdf2b000-000007fefdf15fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 1900.1b10: 000007fefdf40000-000007fefdf3dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 1900.1b10: 000007fefdf42000-000007fefdf38fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 1900.1b10: 000007fefdf4b000-000007fefc435fff 0x0001/0x0000 0x0000000 1900.1b10: *000007feffa60000-000007feffa5efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll 1900.1b10: 000007feffa61000-000007fdff511fff 0x0001/0x0000 0x0000000 1900.1b10: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000 1900.1b10: 000007fffffd3000-000007fffffccfff 0x0001/0x0000 0x0000000 1900.1b10: *000007fffffd9000-000007fffffd7fff 0x0004/0x0004 0x0020000 1900.1b10: 000007fffffda000-000007fffffd5fff 0x0001/0x0000 0x0000000 1900.1b10: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000 1900.1b10: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000 1900.1b10: SUPR3HardenedMain: Respawn #2 1900.1b10: supR3HardNtEnableThreadCreation: 1900.1b10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll *pfFlags=0xffffffff pwszSearchPath=0000000000000000: 1900.1b10: \Device\HarddiskVolume2\Windows\System32\apphelp.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 1900.1b10: \Device\HarddiskVolume2\Windows\System32\apphelp.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 1900.1b10: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll) 1900.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll 1900.1b10: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 1900.1b10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda70000 'C:\Windows\system32\apphelp.dll' 1900.1b10: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007776bfa0 pvNtTerminateThread=0000000077791360 1900.1b10: supR3HardenedWinDoReSpawn(2): New child 19b4.1b7c [kernel32]. 1900.1b10: supR3HardenedWinPurifyChild: PebBaseAddress=000007fffffd7000 cbPeb=0x380 1900.1b10: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077740000 uNtDllChildAddr=0000000077740000 1900.1b10: supR3HardNtPuChTriggerInitialImageEvents: uLdrInitThunk=000000007776bfa0 uNtTerminateThread=0000000077791360 1900.1b10: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007776bfa0 pvNtTerminateThread=0000000077791360 1900.1b10: \Device\HarddiskVolume2\Windows\System32\ntdll.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 1900.1b10: \Device\HarddiskVolume2\Windows\System32\ntdll.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 1900.1b10: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 1900.1b10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll) 1900.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1900.1b10: supR3HardNtPuChTriggerInitialImageEvents: mapping view of ntdll.dll[2nd] 1900.1b10: supR3HardNtPuChTriggerInitialImageEvents: ntdll.dll[2nd] mapped at 0000000000240000 LB 0x1ab000 1900.1b10: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) 1900.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll 1900.1b10: supR3HardNtPuChTriggerInitialImageEvents: mapping view of kernel32.dll 1900.1b10: supR3HardNtPuChTriggerInitialImageEvents: kernel32.dll mapped at 0000000077520000 LB 0x11f000 1900.1b10: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) 1900.1b10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 1900.1b10: supR3HardNtPuChTriggerInitialImageEvents: mapping view of KernelBase.dll 1900.1b10: supR3HardNtPuChTriggerInitialImageEvents: KernelBase.dll mapped at 000007fefdee0000 LB 0x6b000 1900.1b10: supR3HardNtPuChTriggerInitialImageEvents: Startup delay kludge #1: 31 ms 1900.1b10: supR3HardNtEnableThreadCreation: 1900.1b10: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 1900.1b10: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000 1900.1b10: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000 1900.1b10: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000 1900.1b10: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000 1900.1b10: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000 1900.1b10: 0000000000041000-fffffffffff41fff 0x0001/0x0000 0x0000000 1900.1b10: *0000000000140000-0000000000043fff 0x0000/0x0004 0x0020000 1900.1b10: 000000000023c000-0000000000238fff 0x0104/0x0004 0x0020000 1900.1b10: 000000000023f000-000000000023dfff 0x0004/0x0004 0x0020000 1900.1b10: 0000000000240000-ffffffff88d3ffff 0x0001/0x0000 0x0000000 1900.1b10: *0000000077740000-000000007773efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1900.1b10: 0000000077741000-000000007763efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1900.1b10: 0000000077843000-0000000077813fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1900.1b10: 0000000077872000-0000000077863fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1900.1b10: 0000000077880000-0000000077814fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1900.1b10: 00000000778eb000-00000000701f5fff 0x0001/0x0000 0x0000000 1900.1b10: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000 1900.1b10: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 1900.1b10: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 1900.1b10: 000000007fff0000-ffffffffc0aeffff 0x0001/0x0000 0x0000000 1900.1b10: *000000013f4f0000-000000013f4eefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1900.1b10: 000000013f4f1000-000000013f471fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1900.1b10: 000000013f570000-000000013f56efff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1900.1b10: 000000013f571000-000000013f539fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1900.1b10: 000000013f5a8000-000000013f59efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1900.1b10: 000000013f5b1000-000000013f577fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1900.1b10: 000000013f5ea000-fffff8037f173fff 0x0001/0x0000 0x0000000 1900.1b10: *000007feffa60000-000007feffa5efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll 1900.1b10: 000007feffa61000-000007fdff511fff 0x0001/0x0000 0x0000000 1900.1b10: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000 1900.1b10: 000007fffffd3000-000007fffffcefff 0x0001/0x0000 0x0000000 1900.1b10: *000007fffffd7000-000007fffffd5fff 0x0004/0x0004 0x0020000 1900.1b10: 000007fffffd8000-000007fffffd1fff 0x0001/0x0000 0x0000000 1900.1b10: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000 1900.1b10: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000 19b4.1b7c: Log file opened: 4.3.16r95972 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110 19b4.1b7c: Calling main() 19b4.1b7c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 19b4.1b7c: System32: \Device\HarddiskVolume2\Windows\System32 19b4.1b7c: WinSxS: \Device\HarddiskVolume2\Windows\winsxs 19b4.1b7c: ProgDir: \Device\HarddiskVolume2\Program Files 19b4.1b7c: ComDir: \Device\HarddiskVolume2\Program Files\Common Files 19b4.1b7c: ProgDir32: \Device\HarddiskVolume2\Program Files (x86) 19b4.1b7c: ComDir32: \Device\HarddiskVolume2\Program Files (x86)\Common Files 19b4.1b7c: supR3HardenedWinInit: Startup delay kludge #2/0: 94 ms, 11 sleeps 19b4.1b7c: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION 19b4.1b7c: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000 19b4.1b7c: *0000000000010000-ffffffffffffffff 0x0004/0x0004 0x0040000 19b4.1b7c: 0000000000020000-000000000000ffff 0x0001/0x0000 0x0000000 19b4.1b7c: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000 19b4.1b7c: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000 19b4.1b7c: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000 19b4.1b7c: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000 19b4.1b7c: *0000000000050000-fffffffffffe8fff 0x0002/0x0002 0x0040000 19b4.1b7c: 00000000000b7000-000000000002dfff 0x0001/0x0000 0x0000000 19b4.1b7c: *0000000000140000-0000000000044fff 0x0000/0x0004 0x0020000 19b4.1b7c: 000000000023b000-0000000000238fff 0x0104/0x0004 0x0020000 19b4.1b7c: 000000000023d000-0000000000239fff 0x0004/0x0004 0x0020000 19b4.1b7c: 0000000000240000-000000000022ffff 0x0001/0x0000 0x0000000 19b4.1b7c: *0000000000250000-00000000001cefff 0x0004/0x0004 0x0020000 19b4.1b7c: 00000000002d1000-0000000000251fff 0x0000/0x0004 0x0020000 19b4.1b7c: *0000000000350000-00000000001a3fff 0x0004/0x0004 0x0020000 19b4.1b7c: 00000000004fc000-ffffffff894d7fff 0x0001/0x0000 0x0000000 19b4.1b7c: *0000000077520000-000000007751efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll 19b4.1b7c: 0000000077521000-0000000077485fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll 19b4.1b7c: 00000000775bc000-000000007754dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll 19b4.1b7c: 000000007762a000-0000000077627fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll 19b4.1b7c: 000000007762c000-0000000077618fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll 19b4.1b7c: 000000007763f000-000000007753dfff 0x0001/0x0000 0x0000000 19b4.1b7c: *0000000077740000-000000007773efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 19b4.1b7c: 0000000077741000-000000007763efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 19b4.1b7c: 0000000077843000-0000000077813fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 19b4.1b7c: 0000000077872000-0000000077870fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 19b4.1b7c: 0000000077873000-0000000077871fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 19b4.1b7c: 0000000077874000-0000000077872fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 19b4.1b7c: 0000000077875000-0000000077872fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 19b4.1b7c: 0000000077877000-0000000077875fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 19b4.1b7c: 0000000077878000-0000000077874fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 19b4.1b7c: 000000007787b000-0000000077878fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 19b4.1b7c: 000000007787d000-000000007787bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 19b4.1b7c: 000000007787e000-000000007787bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 19b4.1b7c: 0000000077880000-0000000077814fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 19b4.1b7c: 00000000778eb000-00000000701f5fff 0x0001/0x0000 0x0000000 19b4.1b7c: *000000007efe0000-000000007efdafff 0x0002/0x0002 0x0040000 19b4.1b7c: 000000007efe5000-000000007eee9fff 0x0000/0x0002 0x0040000 19b4.1b7c: *000000007f0e0000-000000007e1dffff 0x0000/0x0002 0x0020000 19b4.1b7c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 19b4.1b7c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 19b4.1b7c: 000000007fff0000-ffffffffc0aeffff 0x0001/0x0000 0x0000000 19b4.1b7c: *000000013f4f0000-000000013f4eefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 19b4.1b7c: 000000013f4f1000-000000013f471fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 19b4.1b7c: 000000013f570000-000000013f56efff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 19b4.1b7c: 000000013f571000-000000013f539fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 19b4.1b7c: 000000013f5a8000-000000013f59efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 19b4.1b7c: 000000013f5b1000-000000013f577fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 19b4.1b7c: 000000013f5ea000-fffff80380cf3fff 0x0001/0x0000 0x0000000 19b4.1b7c: *000007fefdee0000-000007fefdedefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 19b4.1b7c: 000007fefdee1000-000007fefde96fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 19b4.1b7c: 000007fefdf2b000-000007fefdf15fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 19b4.1b7c: 000007fefdf40000-000007fefdf3dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 19b4.1b7c: 000007fefdf42000-000007fefdf38fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 19b4.1b7c: 000007fefdf4b000-000007fefc435fff 0x0001/0x0000 0x0000000 19b4.1b7c: *000007feffa60000-000007feffa5efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll 19b4.1b7c: 000007feffa61000-000007fdff511fff 0x0001/0x0000 0x0000000 19b4.1b7c: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000 19b4.1b7c: 000007fffffd3000-000007fffffcefff 0x0001/0x0000 0x0000000 19b4.1b7c: *000007fffffd7000-000007fffffd5fff 0x0004/0x0004 0x0020000 19b4.1b7c: 000007fffffd8000-000007fffffd1fff 0x0001/0x0000 0x0000000 19b4.1b7c: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000 19b4.1b7c: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000 19b4.1b7c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\apisetschema.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\apisetschema.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\ntdll.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\ntdll.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 19b4.1b7c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 19b4.1b7c: supHardNtVpScanVirtualMemory: enmKind=VERIFY_ONLY 19b4.1b7c: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000 19b4.1b7c: *0000000000010000-ffffffffffffffff 0x0004/0x0004 0x0040000 19b4.1b7c: 0000000000020000-000000000000ffff 0x0001/0x0000 0x0000000 19b4.1b7c: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000 19b4.1b7c: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000 19b4.1b7c: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000 19b4.1b7c: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000 19b4.1b7c: *0000000000050000-fffffffffffe8fff 0x0002/0x0002 0x0040000 19b4.1b7c: 00000000000b7000-000000000002dfff 0x0001/0x0000 0x0000000 19b4.1b7c: *0000000000140000-0000000000045fff 0x0000/0x0004 0x0020000 19b4.1b7c: 000000000023a000-0000000000237fff 0x0104/0x0004 0x0020000 19b4.1b7c: 000000000023c000-0000000000237fff 0x0004/0x0004 0x0020000 19b4.1b7c: 0000000000240000-000000000022ffff 0x0001/0x0000 0x0000000 19b4.1b7c: *0000000000250000-000000000014ffff 0x0004/0x0004 0x0020000 19b4.1b7c: *0000000000350000-00000000001a3fff 0x0004/0x0004 0x0020000 19b4.1b7c: 00000000004fc000-00000000004f7fff 0x0001/0x0000 0x0000000 19b4.1b7c: *0000000000500000-0000000000403fff 0x0004/0x0004 0x0020000 19b4.1b7c: 00000000005fc000-00000000005f7fff 0x0000/0x0004 0x0020000 19b4.1b7c: *0000000000600000-0000000000582fff 0x0004/0x0004 0x0020000 19b4.1b7c: 000000000067d000-00000000004f9fff 0x0000/0x0004 0x0020000 19b4.1b7c: *0000000000800000-00000000006dffff 0x0004/0x0004 0x0020000 19b4.1b7c: 0000000000920000-ffffffff89d1ffff 0x0001/0x0000 0x0000000 19b4.1b7c: *0000000077520000-000000007751efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll 19b4.1b7c: 0000000077521000-0000000077485fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll 19b4.1b7c: 00000000775bc000-000000007754dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll 19b4.1b7c: 000000007762a000-0000000077627fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll 19b4.1b7c: 000000007762c000-0000000077618fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll 19b4.1b7c: 000000007763f000-000000007753dfff 0x0001/0x0000 0x0000000 19b4.1b7c: *0000000077740000-000000007773efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 19b4.1b7c: 0000000077741000-000000007763efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 19b4.1b7c: 0000000077843000-0000000077813fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 19b4.1b7c: 0000000077872000-0000000077870fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 19b4.1b7c: 0000000077873000-0000000077871fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 19b4.1b7c: 0000000077874000-0000000077872fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 19b4.1b7c: 0000000077875000-0000000077872fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 19b4.1b7c: 0000000077877000-0000000077875fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 19b4.1b7c: 0000000077878000-0000000077874fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 19b4.1b7c: 000000007787b000-0000000077878fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 19b4.1b7c: 000000007787d000-000000007787bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 19b4.1b7c: 000000007787e000-000000007787bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 19b4.1b7c: 0000000077880000-0000000077814fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 19b4.1b7c: 00000000778eb000-00000000778e5fff 0x0001/0x0000 0x0000000 19b4.1b7c: *00000000778f0000-00000000778eefff 0x0004/0x0004 0x0020000 19b4.1b7c: 00000000778f1000-0000000070201fff 0x0001/0x0000 0x0000000 19b4.1b7c: *000000007efe0000-000000007efdafff 0x0002/0x0002 0x0040000 19b4.1b7c: 000000007efe5000-000000007eee9fff 0x0000/0x0002 0x0040000 19b4.1b7c: *000000007f0e0000-000000007e1dffff 0x0000/0x0002 0x0020000 19b4.1b7c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 19b4.1b7c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 19b4.1b7c: 000000007fff0000-ffffffffc0aeffff 0x0001/0x0000 0x0000000 19b4.1b7c: *000000013f4f0000-000000013f4eefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 19b4.1b7c: 000000013f4f1000-000000013f470fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 19b4.1b7c: 000000013f571000-000000013f539fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 19b4.1b7c: 000000013f5a8000-000000013f59efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 19b4.1b7c: 000000013f5b1000-000000013f577fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 19b4.1b7c: 000000013f5ea000-fffff80380cf3fff 0x0001/0x0000 0x0000000 19b4.1b7c: *000007fefdee0000-000007fefdedefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 19b4.1b7c: 000007fefdee1000-000007fefde96fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 19b4.1b7c: 000007fefdf2b000-000007fefdf15fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 19b4.1b7c: 000007fefdf40000-000007fefdf3dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 19b4.1b7c: 000007fefdf42000-000007fefdf38fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 19b4.1b7c: 000007fefdf4b000-000007fefc435fff 0x0001/0x0000 0x0000000 19b4.1b7c: *000007feffa60000-000007feffa5efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll 19b4.1b7c: 000007feffa61000-000007fdff511fff 0x0001/0x0000 0x0000000 19b4.1b7c: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000 19b4.1b7c: 000007fffffd3000-000007fffffcefff 0x0001/0x0000 0x0000000 19b4.1b7c: *000007fffffd7000-000007fffffd5fff 0x0004/0x0004 0x0020000 19b4.1b7c: 000007fffffd8000-000007fffffd1fff 0x0001/0x0000 0x0000000 19b4.1b7c: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000 19b4.1b7c: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000 19b4.1b7c: SUPR3HardenedMain: Final process, opening VBoxDrv... 19b4.1b7c: supR3HardNtEnableThreadCreation: 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL *pfFlags=0x0 pwszSearchPath=00000000005fbf80:C:\Windows\system32 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb570000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb570000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb570000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll *pfFlags=0x0 pwszSearchPath=00000000002c6580:C:\Windows\system32 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\msasn1.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\msasn1.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\crypt32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\crypt32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde00000 'C:\Windows\system32\Wintrust.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=CRYPTSP.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'CRYPTSP.dll' -> 'C:\Windows\system32\CRYPTSP.dll' [rcNt=0xc0150008] 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd470000 'C:\Windows\system32\CRYPTSP.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd170000 'C:\Windows\system32\rsaenh.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=ADVAPI32.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'ADVAPI32.dll' -> 'C:\Windows\system32\ADVAPI32.dll' [rcNt=0xc0150008] 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\advapi32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\advapi32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\sechost.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\sechost.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf70000 'C:\Windows\system32\ADVAPI32.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=CRYPTBASE.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'CRYPTBASE.dll' -> 'C:\Windows\system32\CRYPTBASE.dll' [rcNt=0xc0150008] 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdad0000 'C:\Windows\system32\CRYPTBASE.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=kernel32.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'kernel32.dll' -> 'C:\Windows\system32\kernel32.dll' [rcNt=0xc0150008] 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077520000 'C:\Windows\system32\kernel32.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'WINTRUST.DLL' -> 'C:\Windows\system32\WINTRUST.DLL' [rcNt=0xc0150008] 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde00000 'C:\Windows\system32\WINTRUST.DLL' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll *pfFlags=0x2 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc90000 'C:\Windows\system32\CRYPT32.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=imagehlp.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'imagehlp.dll' -> 'C:\Windows\system32\imagehlp.dll' [rcNt=0xc0150008] 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb90000 'C:\Windows\system32\imagehlp.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=CRYPTSP.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'CRYPTSP.dll' -> 'C:\Windows\system32\CRYPTSP.dll' [rcNt=0xc0150008] 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd470000 'C:\Windows\system32\CRYPTSP.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=USER32.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'USER32.dll' -> 'C:\Windows\system32\USER32.dll' [rcNt=0xc0150008] 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\user32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\user32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\gdi32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\gdi32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\lpk.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\lpk.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\usp10.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\usp10.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=gdi32.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'gdi32.dll' -> 'C:\Windows\system32\gdi32.dll' [rcNt=0xc0150008] 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe2c0000 'C:\Windows\system32\gdi32.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\imm32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\imm32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\msctf.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\msctf.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe3e0000 'C:\Windows\system32\IMM32.DLL' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077640000 'C:\Windows\system32\USER32.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=ncrypt.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'ncrypt.dll' -> 'C:\Windows\system32\ncrypt.dll' [rcNt=0xc0150008] 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5f0000 'C:\Windows\system32\ncrypt.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\bcryptprimitives.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=bcrypt.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'bcrypt.dll' -> 'C:\Windows\system32\bcrypt.dll' [rcNt=0xc0150008] 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5c0000 'C:\Windows\system32\bcrypt.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=USERENV.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'USERENV.dll' -> 'C:\Windows\system32\USERENV.dll' [rcNt=0xc0150008] 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\userenv.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\userenv.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\profapi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\profapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcef0000 'C:\Windows\system32\USERENV.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe050000 'API-MS-Win-Security-SDDL-L1-1-0.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe050000 'API-MS-Win-Security-SDDL-L1-1-0.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=GPAPI.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'GPAPI.dll' -> 'C:\Windows\system32\GPAPI.dll' [rcNt=0xc0150008] 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\gpapi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\gpapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefced0000 'C:\Windows\system32\GPAPI.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe050000 'API-MS-WIN-Service-Management-L1-1-0.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=rpcrt4.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'rpcrt4.dll' -> 'C:\Windows\system32\rpcrt4.dll' [rcNt=0xc0150008] 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe190000 'C:\Windows\system32\rpcrt4.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe050000 'API-MS-WIN-Service-Management-L2-1-0.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe050000 'API-MS-Win-Security-SDDL-L1-1-0.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=cryptnet.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'cryptnet.dll' -> 'C:\Windows\system32\cryptnet.dll' [rcNt=0xc0150008] 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'crypt32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'wldap32.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll *pfFlags=0x2 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=SHLWAPI.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'SHLWAPI.dll' -> 'C:\Windows\system32\SHLWAPI.dll' [rcNt=0xc0150008] 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe860000 'C:\Windows\system32\SHLWAPI.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe050000 'API-MS-Win-Security-SDDL-L1-1-0.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=profapi.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'profapi.dll' -> 'C:\Windows\system32\profapi.dll' [rcNt=0xc0150008] 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdba0000 'C:\Windows\system32\profapi.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=setupapi.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'setupapi.dll' -> 'C:\Windows\system32\setupapi.dll' [rcNt=0xc0150008] 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\setupapi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\setupapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\devobj.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\devobj.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\ole32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\ole32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077520000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe410000 'C:\Windows\system32\setupapi.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=Cabinet.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'Cabinet.dll' -> 'C:\Windows\system32\Cabinet.dll' [rcNt=0xc0150008] 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\cabinet.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\cabinet.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cabinet.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cabinet.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cabinet.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc5f0000 'C:\Windows\system32\Cabinet.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=DEVRTL.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'DEVRTL.dll' -> 'C:\Windows\system32\DEVRTL.dll' [rcNt=0xc0150008] 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\devrtl.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\devrtl.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll) 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf10000 'C:\Windows\system32\DEVRTL.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=cryptnet.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'cryptnet.dll' -> 'C:\Windows\system32\cryptnet.dll' [rcNt=0xc0150008] 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1b0000 'C:\Windows\system32\cryptnet.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=866DDB003158E58EECBEE1A3E2C950A8A69F5DD3 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe050000 'API-MS-Win-Security-SDDL-L1-1-0.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe050000 'API-MS-WIN-Service-Management-L1-1-0.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe050000 'API-MS-WIN-Service-winsvc-L1-1-0.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=ADVAPI32.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: 'ADVAPI32.dll' -> 'C:\Windows\system32\ADVAPI32.dll' [rcNt=0xc0150008] 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf70000 'C:\Windows\system32\ADVAPI32.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe050000 'API-MS-Win-Security-LSALookup-L1-1-0.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe050000 'API-MS-Win-Security-LSALookup-L1-1-0.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_9_for_KB2582203~31bf3856ad364e35~amd64~~6.1.2.0.cat'; file='\SystemRoot\System32\ntdll.dll' 19b4.1b7c: g_pfnWinVerifyTrust=000007fefde01010 19b4.1b7c: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust] 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=182E6F79914D49DF28459DA814876FC993B84468 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_7_for_KB2615174~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' 19b4.1b7c: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust] 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DBD5D88D100825A4A22743B0FD6EF53BF9B657CA 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2653956~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000404 pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=445E5B0E9F43B5D56A5B9C4BC3369E3D076ACA1A 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2552343~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003f4 pwszName=\Device\HarddiskVolume2\Windows\System32\cabinet.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5D1555851298EA005A2E9FEA027F5898BC240083 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cabinet.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cabinet.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003bc pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=53E7F399C252FCB2432CF12AE186607A29B05C3B 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2545479~31bf3856ad364e35~amd64~~6.1.2.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ole32.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b8 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2552343~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b4 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C1D7CC9111C6B5A59641FA11BE0A6A1841FEBBCD 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2564958~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b0 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2552343~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devobj.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003ac pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=61D2F3383797A6102BF0451CEA866AA3B25A1E3F 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2619914~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003a0 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D2874423413B01B4F590C81C426758DC75648AC1 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_7_for_KB2641618~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000394 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AE6BC64AA0324B995BE4547BD6D73C4E25E26059 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2619880~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000390 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CA2FE16E05087DA5C24DC5EB2EE8053CDA5DE9A9 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000025c pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c8 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c4 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FEBF1852D192776129DE4710CB4532A2C68E6045 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2600484~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll' 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000019c pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000198 pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6346E2270FAE938CFE988BBF7992CC2F16FDD115 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2785220~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6B384589D138616B3DBEAC42A8B650E961A30F8B 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2617157~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000178 pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C3B6C4900AF128307B7F404C8B87D9E7709B2275 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2618517~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000174 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A42DFBB8A3A26D2178D79D34DA1CE275E2A0BE37 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000170 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=517060B6F77D7CE521D25C74F1334F818E554241 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2616332~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000016c pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=017D6732BF3C5BA133FC116F57D20B4FF549E1D9 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_225_for_KB2627489~31bf3856ad364e35~amd64~~6.1.3.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000168 pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F0A0F84DD55507C56A273E145872B7ECBEDE3F5 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2653956~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000164 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E8B34FD6019C12A3AD997917482F677B142DEDBE 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_4_for_KB2790113~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000118 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A965CC5DB13A5FB23BBB1B6B5FA6D400DC49462F 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000010c pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=462905914EA6B14B14AC7D6F2E4FC7460F1297EB 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2616386~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000100 pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D0911C2AAF9631336FC8A74BC5D44A9932CBD6D3 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2616386~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000fc pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=40667EDBA9045D4A4BE1D4844665D3B88F8CD0E0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=57F023F98C5CD166C8F956C91DEF2FA6CFDCA2E9 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_7_for_KB2480994~31bf3856ad364e35~amd64~~6.1.2.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d0 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0BF1CEBFCCC91A69A101A3E89AA84F6578572A78 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_63_for_KB2619234~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' 19b4.1b7c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll *pfFlags=0x0 pwszSearchPath=000000000033efc0:C:\Windows\system32 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc90000 'C:\Windows\system32\crypt32.dll' 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp. 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 19b4.1b7c: supR3HardenedWinIsDesiredRootCA: Adding 0x9259c8abe5ca713a L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 Policy Validation Authority, CN=http://www.valicert.com/, Email=info@valicert.com 19b4.1b7c: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=18 19b4.1b7c: SUPR3HardenedMain: Load Runtime... 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c68c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll)WinVerifyTrust 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a8 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll)WinVerifyTrust 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll)WinVerifyTrust 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)WinVerifyTrust 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\nsi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\nsi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b8 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)WinVerifyTrust 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000002c5ac0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef38d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll *pfFlags=0x0 pwszSearchPath=00000000005ffc70:C:\Windows\system32 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde00000 'C:\Windows\system32\Wintrust.dll' 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll *pfFlags=0x0 pwszSearchPath=00000000005ffc70:C:\Windows\system32 19b4.1b7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc90000 'C:\Windows\system32\crypt32.dll' 19b4.1b7c: SUPR3HardenedMain: Load TrustedMain... 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll *pfFlags=0x0 pwszSearchPath=00000000002c68c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll)WinVerifyTrust 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\winmm.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\winmm.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f8 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1784364C88AA0D688F77B5F155A237A9A5826F3F 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2538047~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll)WinVerifyTrust 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000504 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll)WinVerifyTrust 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000508 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AAA26A59ACB8916CC8B81C3CCE996E7AD5930E20 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2691442~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll)WinVerifyTrust 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll)WinVerifyTrust 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll)WinVerifyTrust 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)WinVerifyTrust 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)WinVerifyTrust 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\opengl32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\opengl32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000538 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)WinVerifyTrust 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\ddraw.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\ddraw.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000052c pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll)WinVerifyTrust 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\glu32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\glu32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000528 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E828B863A516A49953338306D078BFA6CC3CA490 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2466493~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)WinVerifyTrust 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\winspool.drv: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\winspool.drv: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000534 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=00BDDD44BABBCB727197D19CDB20F70547BD1958 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_7_for_KB2542200~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)WinVerifyTrust 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\comctl32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\comctl32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000520 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4D3B2DA266DE92D9E1311E30C810160CDC5BD5AA 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)WinVerifyTrust 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000554 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B79EE7B5AD74EF51A849809202E043183A2C727E 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)WinVerifyTrust 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\dciman32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: \Device\HarddiskVolume2\Windows\System32\dciman32.dll: Relaxing the TrustedInstaller requirement for this DLL (it's in system32). 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000550 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000034cfd0 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3FEC714D729F7CAEB9B7A25E2012B6A6E9007F5 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll' 19b4.1b7c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'. 19b4.1b7c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll)WinVerifyTrust 19b4.1b7c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 19b4.1b7c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 19b4.1b7c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll 19b4.1b7c: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll: Owner is not trusted installer (01 05 00 00 00 00 00 05 15 00 00 00 15 1a 7e 79 15 ff 30 e4 6a 96 d7 de e8 03 00 00) 19b4.1b7c: supHardenedWinVerifyImageByHandle: -> -5667 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll) 19b4.1b7c: Error (rc=0): 19b4.1b7c: supR3HardenedScreenImage/NtCreateSection: rc=Unknown Status -5667 (0xffffe9dd) fImage=1 fProtect=0xf fAccess=0x10 \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll: supHardenedWinVerifyImageByHandle: TrustedInstaller is not the owner of '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll'. 19b4.1b7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll' 19b4.1b7c: Fatal error: 19b4.1b7c: supR3HardenedMainGetTrustedMain: LoadLibrary "C:\Program Files\Oracle\VirtualBox/VirtualBox.dll" failed, rc=1790 1900.1b10: supR3HardenedWinDoReSpawn(2): Quitting: ExitCode=0x1 rcNt=0x0 e54.10c: supR3HardenedWinDoReSpawn(1): Quitting: ExitCode=0x1 rcNt=0x0