29c.12f4: Log file opened: 5.0.10r104061 g_hStartupLog=000000000000008c g_uNtVerCombined=0xa0295a00 29c.12f4: \SystemRoot\System32\ntdll.dll: 29c.12f4: CreationTime: 2015-10-30T07:18:03.534188700Z 29c.12f4: LastWriteTime: 2015-10-30T07:18:03.534188700Z 29c.12f4: ChangeTime: 2015-11-18T12:17:26.280542600Z 29c.12f4: FileAttributes: 0x20 29c.12f4: Size: 0x1bba48 29c.12f4: NT Headers: 0xe0 29c.12f4: Timestamp: 0x5632d193 29c.12f4: Machine: 0x8664 - amd64 29c.12f4: Timestamp: 0x5632d193 29c.12f4: Image Version: 10.0 29c.12f4: SizeOfImage: 0x1c1000 (1839104) 29c.12f4: Resource Dir: 0x159000 LB 0x66210 29c.12f4: ProductName: Microsoft® Windows® Operating System 29c.12f4: ProductVersion: 10.0.10586.0 29c.12f4: FileVersion: 10.0.10586.0 (th2_release.151029-1700) 29c.12f4: FileDescription: NT Layer DLL 29c.12f4: \SystemRoot\System32\kernel32.dll: 29c.12f4: CreationTime: 2015-10-30T07:17:46.221743200Z 29c.12f4: LastWriteTime: 2015-10-30T07:17:46.221743200Z 29c.12f4: ChangeTime: 2015-11-18T12:17:25.968031300Z 29c.12f4: FileAttributes: 0x20 29c.12f4: Size: 0xac430 29c.12f4: NT Headers: 0xf0 29c.12f4: Timestamp: 0x5632d5aa 29c.12f4: Machine: 0x8664 - amd64 29c.12f4: Timestamp: 0x5632d5aa 29c.12f4: Image Version: 10.0 29c.12f4: SizeOfImage: 0xad000 (708608) 29c.12f4: Resource Dir: 0xab000 LB 0x528 29c.12f4: ProductName: Microsoft® Windows® Operating System 29c.12f4: ProductVersion: 10.0.10586.0 29c.12f4: FileVersion: 10.0.10586.0 (th2_release.151029-1700) 29c.12f4: FileDescription: Windows NT BASE API Client DLL 29c.12f4: \SystemRoot\System32\KernelBase.dll: 29c.12f4: CreationTime: 2015-10-30T07:18:03.596688800Z 29c.12f4: LastWriteTime: 2015-10-30T07:18:03.596688800Z 29c.12f4: ChangeTime: 2015-11-18T12:17:25.999283300Z 29c.12f4: FileAttributes: 0x20 29c.12f4: Size: 0x1e7a08 29c.12f4: NT Headers: 0xf0 29c.12f4: Timestamp: 0x5632d1de 29c.12f4: Machine: 0x8664 - amd64 29c.12f4: Timestamp: 0x5632d1de 29c.12f4: Image Version: 10.0 29c.12f4: SizeOfImage: 0x1e8000 (1998848) 29c.12f4: Resource Dir: 0x1d1000 LB 0x540 29c.12f4: ProductName: Microsoft® Windows® Operating System 29c.12f4: ProductVersion: 10.0.10586.0 29c.12f4: FileVersion: 10.0.10586.0 (th2_release.151029-1700) 29c.12f4: FileDescription: Windows NT BASE API Client DLL 29c.12f4: \SystemRoot\System32\apisetschema.dll: 29c.12f4: CreationTime: 2015-10-30T07:17:57.502957900Z 29c.12f4: LastWriteTime: 2015-10-30T07:17:57.502957900Z 29c.12f4: ChangeTime: 2015-11-18T12:17:25.092999700Z 29c.12f4: FileAttributes: 0x20 29c.12f4: Size: 0x16d60 29c.12f4: NT Headers: 0xc8 29c.12f4: Timestamp: 0x5632d94c 29c.12f4: Machine: 0x8664 - amd64 29c.12f4: Timestamp: 0x5632d94c 29c.12f4: Image Version: 10.0 29c.12f4: SizeOfImage: 0x18000 (98304) 29c.12f4: Resource Dir: 0x17000 LB 0x400 29c.12f4: ProductName: Microsoft® Windows® Operating System 29c.12f4: ProductVersion: 10.0.10586.0 29c.12f4: FileVersion: 10.0.10586.0 (th2_release.151029-1700) 29c.12f4: FileDescription: ApiSet Schema DLL 29c.12f4: supR3HardenedWinFindAdversaries: 0x100 29c.12f4: \SystemRoot\System32\drivers\avgrkx64.sys: 29c.12f4: CreationTime: 2015-03-20T10:18:18.000000000Z 29c.12f4: LastWriteTime: 2015-08-10T14:25:40.000000000Z 29c.12f4: ChangeTime: 2015-11-18T12:52:22.602400600Z 29c.12f4: FileAttributes: 0x20 29c.12f4: Size: 0xa5b0 29c.12f4: NT Headers: 0xe8 29c.12f4: Timestamp: 0x55c8a651 29c.12f4: Machine: 0x8664 - amd64 29c.12f4: Timestamp: 0x55c8a651 29c.12f4: Image Version: 6.2 29c.12f4: SizeOfImage: 0xa000 (40960) 29c.12f4: Resource Dir: 0x9000 LB 0x4e4 29c.12f4: ProductName: AVG Internet Security 29c.12f4: ProductVersion: 16.0.0.7018 29c.12f4: FileVersion: 16.0.0.7018 29c.12f4: SpecialBuild: AvCompile_2015_0810_152249(7018), SVNRev bcda0285b62dd6766bbf558cb0e562271f6e2fd5 (av/devel), av 29c.12f4: PrivateBuild: x64 Release_Unicode_DRIVER 29c.12f4: FileDescription: AVG Anti-Rootkit Driver 29c.12f4: \SystemRoot\System32\drivers\avgmfx64.sys: 29c.12f4: CreationTime: 2015-10-21T15:15:02.000000000Z 29c.12f4: LastWriteTime: 2015-10-21T15:15:02.000000000Z 29c.12f4: ChangeTime: 2015-11-18T12:52:22.602400600Z 29c.12f4: FileAttributes: 0x20 29c.12f4: Size: 0x3e5b0 29c.12f4: NT Headers: 0xe8 29c.12f4: Timestamp: 0x5627abf4 29c.12f4: Machine: 0x8664 - amd64 29c.12f4: Timestamp: 0x5627abf4 29c.12f4: Image Version: 6.2 29c.12f4: SizeOfImage: 0x3f000 (258048) 29c.12f4: Resource Dir: 0x3d000 LB 0x558 29c.12f4: ProductName: AVG Internet Security 29c.12f4: ProductVersion: 16.7.0.7225 29c.12f4: FileVersion: 16.7.0.7225 29c.12f4: SpecialBuild: AvCompile_2015_1021_170455(7225), SVNRev 7c855447f1a8108ea241fa3c579387fa3a34c4a1 (release/SmallUpdate2016-01_release), av, gbn 16.7.1.29462 29c.12f4: PrivateBuild: x64 Release_Unicode_DRIVER 29c.12f4: FileDescription: AVG Resident Shield Minifilter Driver 29c.12f4: \SystemRoot\System32\drivers\avgidsdrivera.sys: 29c.12f4: CreationTime: 2015-06-26T07:49:10.000000000Z 29c.12f4: LastWriteTime: 2015-10-19T07:03:24.000000000Z 29c.12f4: ChangeTime: 2015-11-18T12:52:22.602400600Z 29c.12f4: FileAttributes: 0x20 29c.12f4: Size: 0x4c9b0 29c.12f4: NT Headers: 0xe0 29c.12f4: Timestamp: 0x562495b9 29c.12f4: Machine: 0x8664 - amd64 29c.12f4: Timestamp: 0x562495b9 29c.12f4: Image Version: 6.2 29c.12f4: SizeOfImage: 0x53000 (339968) 29c.12f4: Resource Dir: 0x51000 LB 0x578 29c.12f4: ProductName: AVG Internet Security 29c.12f4: ProductVersion: 16.7.0.7222 29c.12f4: FileVersion: 16.7.0.7222 29c.12f4: SpecialBuild: AvCompile_2015_1019_084916(7222), SVNRev ae2258cc1e372062c071fabbc49d3ede375b871c (release/SmallUpdate2016-01_release), av, gbn 16.7.1.28104 29c.12f4: PrivateBuild: x64 Release_Unicode_DRIVER 29c.12f4: FileDescription: AVG IDS Application Activity Monitor Driver. 29c.12f4: \SystemRoot\System32\drivers\avgidsha.sys: 29c.12f4: CreationTime: 2015-05-12T12:36:54.000000000Z 29c.12f4: LastWriteTime: 2015-08-20T12:58:04.000000000Z 29c.12f4: ChangeTime: 2015-11-18T12:52:22.602400600Z 29c.12f4: FileAttributes: 0x20 29c.12f4: Size: 0x48db0 29c.12f4: NT Headers: 0xd8 29c.12f4: Timestamp: 0x55d5c0c9 29c.12f4: Machine: 0x8664 - amd64 29c.12f4: Timestamp: 0x55d5c0c9 29c.12f4: Image Version: 6.2 29c.12f4: SizeOfImage: 0x49000 (299008) 29c.12f4: Resource Dir: 0x47000 LB 0x52c 29c.12f4: ProductName: AVG Internet Security 29c.12f4: ProductVersion: 16.1.0.7028 29c.12f4: FileVersion: 16.1.0.7028 29c.12f4: SpecialBuild: AvCompile_2015_0820_135459(7028), SVNRev f4234d401b085a2f130f926a678ec233158e4b7d (release/AVG2016_beta1), av 29c.12f4: PrivateBuild: x64 Release_Unicode_DRIVER 29c.12f4: FileDescription: AVG Application Activity Monitor Helper Driver 29c.12f4: \SystemRoot\System32\drivers\avgloga.sys: 29c.12f4: CreationTime: 2015-08-14T13:24:40.000000000Z 29c.12f4: LastWriteTime: 2015-08-14T13:24:40.000000000Z 29c.12f4: ChangeTime: 2015-11-18T12:52:22.602400600Z 29c.12f4: FileAttributes: 0x20 29c.12f4: Size: 0x613b0 29c.12f4: NT Headers: 0xe0 29c.12f4: Timestamp: 0x55cdde04 29c.12f4: Machine: 0x8664 - amd64 29c.12f4: Timestamp: 0x55cdde04 29c.12f4: Image Version: 6.2 29c.12f4: SizeOfImage: 0x62000 (401408) 29c.12f4: Resource Dir: 0x60000 LB 0x4d4 29c.12f4: ProductName: AVG Internet Security 29c.12f4: ProductVersion: 16.0.0.7023 29c.12f4: FileVersion: 16.0.0.7023 29c.12f4: SpecialBuild: AvCompile_2015_0814_141417(7023), SVNRev 3f0381b1756dd093311a0a028b8a3dbdd65d1ea3 (av/devel), av 29c.12f4: PrivateBuild: x64 Release_Unicode_DRIVER 29c.12f4: FileDescription: AVG Logging Driver 29c.12f4: \SystemRoot\System32\drivers\avgldx64.sys: 29c.12f4: CreationTime: 2015-10-21T15:16:48.000000000Z 29c.12f4: LastWriteTime: 2015-10-21T15:16:48.000000000Z 29c.12f4: ChangeTime: 2015-11-18T12:52:22.602400600Z 29c.12f4: FileAttributes: 0x20 29c.12f4: Size: 0x455b0 29c.12f4: NT Headers: 0xd8 29c.12f4: Timestamp: 0x5627ac5c 29c.12f4: Machine: 0x8664 - amd64 29c.12f4: Timestamp: 0x5627ac5c 29c.12f4: Image Version: 6.2 29c.12f4: SizeOfImage: 0x46000 (286720) 29c.12f4: Resource Dir: 0x44000 LB 0x538 29c.12f4: ProductName: AVG Internet Security 29c.12f4: ProductVersion: 16.7.0.7225 29c.12f4: FileVersion: 16.7.0.7225 29c.12f4: SpecialBuild: AvCompile_2015_1021_170455(7225), SVNRev 7c855447f1a8108ea241fa3c579387fa3a34c4a1 (release/SmallUpdate2016-01_release), av, gbn 16.7.1.29462 29c.12f4: PrivateBuild: x64 Release_Unicode_DRIVER 29c.12f4: FileDescription: AVG AVI Loader Driver 29c.12f4: \SystemRoot\System32\drivers\avgdiska.sys: 29c.12f4: CreationTime: 2015-08-10T14:32:08.000000000Z 29c.12f4: LastWriteTime: 2015-08-10T14:32:08.000000000Z 29c.12f4: ChangeTime: 2015-11-18T12:52:22.602400600Z 29c.12f4: FileAttributes: 0x20 29c.12f4: Size: 0x301b0 29c.12f4: NT Headers: 0xe8 29c.12f4: Timestamp: 0x55c8a7d5 29c.12f4: Machine: 0x8664 - amd64 29c.12f4: Timestamp: 0x55c8a7d5 29c.12f4: Image Version: 6.2 29c.12f4: SizeOfImage: 0x31000 (200704) 29c.12f4: Resource Dir: 0x2f000 LB 0x4e0 29c.12f4: ProductName: AVG Internet Security 29c.12f4: ProductVersion: 16.0.0.7018 29c.12f4: FileVersion: 16.0.0.7018 29c.12f4: SpecialBuild: AvCompile_2015_0810_152249(7018), SVNRev bcda0285b62dd6766bbf558cb0e562271f6e2fd5 (av/devel), av 29c.12f4: PrivateBuild: x64 Release_Unicode_DRIVER 29c.12f4: FileDescription: AVG File Vault Driver 29c.12f4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 29c.12f4: Calling main() 29c.12f4: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0 29c.12f4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 29c.12f4: SUPR3HardenedMain: Respawn #1 29c.12f4: System32: \Device\HarddiskVolume2\Windows\System32 29c.12f4: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS 29c.12f4: KnownDllPath: C:\WINDOWS\system32 29c.12f4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 29c.12f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe) 29c.12f4: supR3HardNtEnableThreadCreation: 29c.12f4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffed00e6a00 pvNtTerminateThread=00007ffed01157a0 29c.12f4: supR3HardenedWinDoReSpawn(1): New child 3744.1e94 [kernel32]. 29c.12f4: supR3HardNtChildGatherData: PebBaseAddress=00000000002e7000 cbPeb=0x388 29c.12f4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffed0070000 uNtDllChildAddr=00007ffed0070000 29c.12f4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffed00e6a00 29c.12f4: supR3HardenedWinSetupChildInit: Start child. 29c.12f4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 29c.12f4: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 58 sleeps 29c.12f4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 29c.12f4: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000 29c.12f4: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000 29c.12f4: *0000000000030000-000000000001afff 0x0002/0x0002 0x0040000 29c.12f4: 0000000000045000-0000000000039fff 0x0001/0x0000 0x0000000 29c.12f4: *0000000000050000-fffffffffff53fff 0x0000/0x0004 0x0020000 29c.12f4: 000000000014c000-0000000000148fff 0x0104/0x0004 0x0020000 29c.12f4: 000000000014f000-000000000014dfff 0x0004/0x0004 0x0020000 29c.12f4: *0000000000150000-000000000014bfff 0x0002/0x0002 0x0040000 29c.12f4: 0000000000154000-0000000000147fff 0x0001/0x0000 0x0000000 29c.12f4: *0000000000160000-000000000015dfff 0x0004/0x0004 0x0020000 29c.12f4: 0000000000162000-00000000000c3fff 0x0001/0x0000 0x0000000 29c.12f4: *0000000000200000-0000000000118fff 0x0000/0x0004 0x0020000 29c.12f4: 00000000002e7000-00000000002e3fff 0x0004/0x0004 0x0020000 29c.12f4: 00000000002ea000-00000000001d3fff 0x0000/0x0004 0x0020000 29c.12f4: 0000000000400000-ffffffff8081ffff 0x0001/0x0000 0x0000000 29c.12f4: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 29c.12f4: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 29c.12f4: 000000007fff0000-ffff8009dbedffff 0x0001/0x0000 0x0000000 29c.12f4: *00007ff724100000-00007ff7240dcfff 0x0002/0x0002 0x0040000 29c.12f4: 00007ff724123000-00007ff723ed5fff 0x0001/0x0000 0x0000000 29c.12f4: *00007ff724370000-00007ff724370fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 29c.12f4: 00007ff724371000-00007ff7243f7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 29c.12f4: 00007ff7243f8000-00007ff7243f8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 29c.12f4: 00007ff7243f9000-00007ff724443fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 29c.12f4: 00007ff724444000-00007ff724444fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 29c.12f4: 00007ff724445000-00007ff724445fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 29c.12f4: 00007ff724446000-00007ff72444afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 29c.12f4: 00007ff72444b000-00007ff72444bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 29c.12f4: 00007ff72444c000-00007ff72444cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 29c.12f4: 00007ff72444d000-00007ff724450fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 29c.12f4: 00007ff724451000-00007ff72449bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 29c.12f4: 00007ff72449c000-00007fef788c7fff 0x0001/0x0000 0x0000000 29c.12f4: *00007ffed0070000-00007ffed0070fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 29c.12f4: 00007ffed0071000-00007ffed016dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 29c.12f4: 00007ffed016e000-00007ffed01aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 29c.12f4: 00007ffed01af000-00007ffed01b7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 29c.12f4: 00007ffed01b8000-00007ffed01c4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 29c.12f4: 00007ffed01c5000-00007ffed01c5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 29c.12f4: 00007ffed01c6000-00007ffed01c8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 29c.12f4: 00007ffed01c9000-00007ffed0230fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 29c.12f4: 00007ffed0231000-00007ffda0481fff 0x0001/0x0000 0x0000000 29c.12f4: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 29c.12f4: VBoxHeadless.exe: timestamp 0x564221d3 (rc=VINF_SUCCESS) 29c.12f4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 29c.12f4: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 29c.12f4: supR3HardNtChildPurify: Done after 551 ms and 0 fixes (loop #0). 29c.12f4: supR3HardNtEnableThreadCreation: 3744.1e94: Log file opened: 5.0.10r104061 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa0295a00 3744.1e94: supR3HardenedVmProcessInit: uNtDllAddr=00007ffed0070000 3744.1e94: ntdll.dll: timestamp 0x5632d193 (rc=VINF_SUCCESS) 3744.1e94: New simple heap: #1 0000000000500000 LB 0x400000 (for 1839104 allocation) 3744.1e94: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 3744.1e94: System32: \Device\HarddiskVolume2\Windows\System32 3744.1e94: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS 3744.1e94: KnownDllPath: C:\WINDOWS\system32 3744.1e94: supR3HardenedVmProcessInit: Opening vboxdrv stub... 3744.1e94: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 3744.1e94: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 3744.1e94: Registered Dll notification callback with NTDLL. 3744.1e94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) 3744.1e94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll 3744.1e94: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801: [calling] 3744.1e94: supR3HardenedDllNotificationCallback: load 00007ffecb400000 LB 0x001e8000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0] 3744.1e94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) 3744.1e94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 3744.1e94: supR3HardenedDllNotificationCallback: load 00007ffeceb70000 LB 0x000ad000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0] 3744.1e94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 3744.1e94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeceb70000 'C:\WINDOWS\system32\KERNEL32.DLL' 3744.1e94: supR3HardenedDllNotificationCallback: load 00007ff724370000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0] 3744.1e94: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 3744.1e94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe) 3744.1e94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 3744.1e94: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffed00e6a00 pvNtTerminateThread=00007ffed01157a0 29c.12f4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 87 ms. 3744.1e94: \SystemRoot\System32\ntdll.dll: 3744.1e94: CreationTime: 2015-10-30T07:18:03.534188700Z 3744.1e94: LastWriteTime: 2015-10-30T07:18:03.534188700Z 3744.1e94: ChangeTime: 2015-11-18T12:17:26.280542600Z 3744.1e94: FileAttributes: 0x20 3744.1e94: Size: 0x1bba48 3744.1e94: NT Headers: 0xe0 3744.1e94: Timestamp: 0x5632d193 3744.1e94: Machine: 0x8664 - amd64 3744.1e94: Timestamp: 0x5632d193 3744.1e94: Image Version: 10.0 3744.1e94: SizeOfImage: 0x1c1000 (1839104) 3744.1e94: Resource Dir: 0x159000 LB 0x66210 3744.1e94: ProductName: Microsoft® Windows® Operating System 3744.1e94: ProductVersion: 10.0.10586.0 3744.1e94: FileVersion: 10.0.10586.0 (th2_release.151029-1700) 3744.1e94: FileDescription: NT Layer DLL 3744.1e94: \SystemRoot\System32\kernel32.dll: 3744.1e94: CreationTime: 2015-10-30T07:17:46.221743200Z 3744.1e94: LastWriteTime: 2015-10-30T07:17:46.221743200Z 3744.1e94: ChangeTime: 2015-11-18T12:17:25.968031300Z 3744.1e94: FileAttributes: 0x20 3744.1e94: Size: 0xac430 3744.1e94: NT Headers: 0xf0 3744.1e94: Timestamp: 0x5632d5aa 3744.1e94: Machine: 0x8664 - amd64 3744.1e94: Timestamp: 0x5632d5aa 3744.1e94: Image Version: 10.0 3744.1e94: SizeOfImage: 0xad000 (708608) 3744.1e94: Resource Dir: 0xab000 LB 0x528 3744.1e94: ProductName: Microsoft® Windows® Operating System 3744.1e94: ProductVersion: 10.0.10586.0 3744.1e94: FileVersion: 10.0.10586.0 (th2_release.151029-1700) 3744.1e94: FileDescription: Windows NT BASE API Client DLL 3744.1e94: \SystemRoot\System32\KernelBase.dll: 3744.1e94: CreationTime: 2015-10-30T07:18:03.596688800Z 3744.1e94: LastWriteTime: 2015-10-30T07:18:03.596688800Z 3744.1e94: ChangeTime: 2015-11-18T12:17:25.999283300Z 3744.1e94: FileAttributes: 0x20 3744.1e94: Size: 0x1e7a08 3744.1e94: NT Headers: 0xf0 3744.1e94: Timestamp: 0x5632d1de 3744.1e94: Machine: 0x8664 - amd64 3744.1e94: Timestamp: 0x5632d1de 3744.1e94: Image Version: 10.0 3744.1e94: SizeOfImage: 0x1e8000 (1998848) 3744.1e94: Resource Dir: 0x1d1000 LB 0x540 3744.1e94: ProductName: Microsoft® Windows® Operating System 3744.1e94: ProductVersion: 10.0.10586.0 3744.1e94: FileVersion: 10.0.10586.0 (th2_release.151029-1700) 3744.1e94: FileDescription: Windows NT BASE API Client DLL 3744.1e94: \SystemRoot\System32\apisetschema.dll: 3744.1e94: CreationTime: 2015-10-30T07:17:57.502957900Z 3744.1e94: LastWriteTime: 2015-10-30T07:17:57.502957900Z 3744.1e94: ChangeTime: 2015-11-18T12:17:25.092999700Z 3744.1e94: FileAttributes: 0x20 3744.1e94: Size: 0x16d60 3744.1e94: NT Headers: 0xc8 3744.1e94: Timestamp: 0x5632d94c 3744.1e94: Machine: 0x8664 - amd64 3744.1e94: Timestamp: 0x5632d94c 3744.1e94: Image Version: 10.0 3744.1e94: SizeOfImage: 0x18000 (98304) 3744.1e94: Resource Dir: 0x17000 LB 0x400 3744.1e94: ProductName: Microsoft® Windows® Operating System 3744.1e94: ProductVersion: 10.0.10586.0 3744.1e94: FileVersion: 10.0.10586.0 (th2_release.151029-1700) 3744.1e94: FileDescription: ApiSet Schema DLL 3744.1e94: supR3HardenedWinFindAdversaries: 0x100 3744.1e94: \SystemRoot\System32\drivers\avgrkx64.sys: 3744.1e94: CreationTime: 2015-03-20T10:18:18.000000000Z 3744.1e94: LastWriteTime: 2015-08-10T14:25:40.000000000Z 3744.1e94: ChangeTime: 2015-11-18T12:52:22.602400600Z 3744.1e94: FileAttributes: 0x20 3744.1e94: Size: 0xa5b0 3744.1e94: NT Headers: 0xe8 3744.1e94: Timestamp: 0x55c8a651 3744.1e94: Machine: 0x8664 - amd64 3744.1e94: Timestamp: 0x55c8a651 3744.1e94: Image Version: 6.2 3744.1e94: SizeOfImage: 0xa000 (40960) 3744.1e94: Resource Dir: 0x9000 LB 0x4e4 3744.1e94: ProductName: AVG Internet Security 3744.1e94: ProductVersion: 16.0.0.7018 3744.1e94: FileVersion: 16.0.0.7018 3744.1e94: SpecialBuild: AvCompile_2015_0810_152249(7018), SVNRev bcda0285b62dd6766bbf558cb0e562271f6e2fd5 (av/devel), av 3744.1e94: PrivateBuild: x64 Release_Unicode_DRIVER 3744.1e94: FileDescription: AVG Anti-Rootkit Driver 3744.1e94: \SystemRoot\System32\drivers\avgmfx64.sys: 3744.1e94: CreationTime: 2015-10-21T15:15:02.000000000Z 3744.1e94: LastWriteTime: 2015-10-21T15:15:02.000000000Z 3744.1e94: ChangeTime: 2015-11-18T12:52:22.602400600Z 3744.1e94: FileAttributes: 0x20 3744.1e94: Size: 0x3e5b0 3744.1e94: NT Headers: 0xe8 3744.1e94: Timestamp: 0x5627abf4 3744.1e94: Machine: 0x8664 - amd64 3744.1e94: Timestamp: 0x5627abf4 3744.1e94: Image Version: 6.2 3744.1e94: SizeOfImage: 0x3f000 (258048) 3744.1e94: Resource Dir: 0x3d000 LB 0x558 3744.1e94: ProductName: AVG Internet Security 3744.1e94: ProductVersion: 16.7.0.7225 3744.1e94: FileVersion: 16.7.0.7225 3744.1e94: SpecialBuild: AvCompile_2015_1021_170455(7225), SVNRev 7c855447f1a8108ea241fa3c579387fa3a34c4a1 (release/SmallUpdate2016-01_release), av, gbn 16.7.1.29462 3744.1e94: PrivateBuild: x64 Release_Unicode_DRIVER 3744.1e94: FileDescription: AVG Resident Shield Minifilter Driver 3744.1e94: \SystemRoot\System32\drivers\avgidsdrivera.sys: 3744.1e94: CreationTime: 2015-06-26T07:49:10.000000000Z 3744.1e94: LastWriteTime: 2015-10-19T07:03:24.000000000Z 3744.1e94: ChangeTime: 2015-11-18T12:52:22.602400600Z 3744.1e94: FileAttributes: 0x20 3744.1e94: Size: 0x4c9b0 3744.1e94: NT Headers: 0xe0 3744.1e94: Timestamp: 0x562495b9 3744.1e94: Machine: 0x8664 - amd64 3744.1e94: Timestamp: 0x562495b9 3744.1e94: Image Version: 6.2 3744.1e94: SizeOfImage: 0x53000 (339968) 3744.1e94: Resource Dir: 0x51000 LB 0x578 3744.1e94: ProductName: AVG Internet Security 3744.1e94: ProductVersion: 16.7.0.7222 3744.1e94: FileVersion: 16.7.0.7222 3744.1e94: SpecialBuild: AvCompile_2015_1019_084916(7222), SVNRev ae2258cc1e372062c071fabbc49d3ede375b871c (release/SmallUpdate2016-01_release), av, gbn 16.7.1.28104 3744.1e94: PrivateBuild: x64 Release_Unicode_DRIVER 3744.1e94: FileDescription: AVG IDS Application Activity Monitor Driver. 3744.1e94: \SystemRoot\System32\drivers\avgidsha.sys: 3744.1e94: CreationTime: 2015-05-12T12:36:54.000000000Z 3744.1e94: LastWriteTime: 2015-08-20T12:58:04.000000000Z 3744.1e94: ChangeTime: 2015-11-18T12:52:22.602400600Z 3744.1e94: FileAttributes: 0x20 3744.1e94: Size: 0x48db0 3744.1e94: NT Headers: 0xd8 3744.1e94: Timestamp: 0x55d5c0c9 3744.1e94: Machine: 0x8664 - amd64 3744.1e94: Timestamp: 0x55d5c0c9 3744.1e94: Image Version: 6.2 3744.1e94: SizeOfImage: 0x49000 (299008) 3744.1e94: Resource Dir: 0x47000 LB 0x52c 3744.1e94: ProductName: AVG Internet Security 3744.1e94: ProductVersion: 16.1.0.7028 3744.1e94: FileVersion: 16.1.0.7028 3744.1e94: SpecialBuild: AvCompile_2015_0820_135459(7028), SVNRev f4234d401b085a2f130f926a678ec233158e4b7d (release/AVG2016_beta1), av 3744.1e94: PrivateBuild: x64 Release_Unicode_DRIVER 3744.1e94: FileDescription: AVG Application Activity Monitor Helper Driver 3744.1e94: \SystemRoot\System32\drivers\avgloga.sys: 3744.1e94: CreationTime: 2015-08-14T13:24:40.000000000Z 3744.1e94: LastWriteTime: 2015-08-14T13:24:40.000000000Z 3744.1e94: ChangeTime: 2015-11-18T12:52:22.602400600Z 3744.1e94: FileAttributes: 0x20 3744.1e94: Size: 0x613b0 3744.1e94: NT Headers: 0xe0 3744.1e94: Timestamp: 0x55cdde04 3744.1e94: Machine: 0x8664 - amd64 3744.1e94: Timestamp: 0x55cdde04 3744.1e94: Image Version: 6.2 3744.1e94: SizeOfImage: 0x62000 (401408) 3744.1e94: Resource Dir: 0x60000 LB 0x4d4 3744.1e94: ProductName: AVG Internet Security 3744.1e94: ProductVersion: 16.0.0.7023 3744.1e94: FileVersion: 16.0.0.7023 3744.1e94: SpecialBuild: AvCompile_2015_0814_141417(7023), SVNRev 3f0381b1756dd093311a0a028b8a3dbdd65d1ea3 (av/devel), av 3744.1e94: PrivateBuild: x64 Release_Unicode_DRIVER 3744.1e94: FileDescription: AVG Logging Driver 3744.1e94: \SystemRoot\System32\drivers\avgldx64.sys: 3744.1e94: CreationTime: 2015-10-21T15:16:48.000000000Z 3744.1e94: LastWriteTime: 2015-10-21T15:16:48.000000000Z 3744.1e94: ChangeTime: 2015-11-18T12:52:22.602400600Z 3744.1e94: FileAttributes: 0x20 3744.1e94: Size: 0x455b0 3744.1e94: NT Headers: 0xd8 3744.1e94: Timestamp: 0x5627ac5c 3744.1e94: Machine: 0x8664 - amd64 3744.1e94: Timestamp: 0x5627ac5c 3744.1e94: Image Version: 6.2 3744.1e94: SizeOfImage: 0x46000 (286720) 3744.1e94: Resource Dir: 0x44000 LB 0x538 3744.1e94: ProductName: AVG Internet Security 3744.1e94: ProductVersion: 16.7.0.7225 3744.1e94: FileVersion: 16.7.0.7225 3744.1e94: SpecialBuild: AvCompile_2015_1021_170455(7225), SVNRev 7c855447f1a8108ea241fa3c579387fa3a34c4a1 (release/SmallUpdate2016-01_release), av, gbn 16.7.1.29462 3744.1e94: PrivateBuild: x64 Release_Unicode_DRIVER 3744.1e94: FileDescription: AVG AVI Loader Driver 3744.1e94: \SystemRoot\System32\drivers\avgdiska.sys: 3744.1e94: CreationTime: 2015-08-10T14:32:08.000000000Z 3744.1e94: LastWriteTime: 2015-08-10T14:32:08.000000000Z 3744.1e94: ChangeTime: 2015-11-18T12:52:22.602400600Z 3744.1e94: FileAttributes: 0x20 3744.1e94: Size: 0x301b0 3744.1e94: NT Headers: 0xe8 3744.1e94: Timestamp: 0x55c8a7d5 3744.1e94: Machine: 0x8664 - amd64 3744.1e94: Timestamp: 0x55c8a7d5 3744.1e94: Image Version: 6.2 3744.1e94: SizeOfImage: 0x31000 (200704) 3744.1e94: Resource Dir: 0x2f000 LB 0x4e0 3744.1e94: ProductName: AVG Internet Security 3744.1e94: ProductVersion: 16.0.0.7018 3744.1e94: FileVersion: 16.0.0.7018 3744.1e94: SpecialBuild: AvCompile_2015_0810_152249(7018), SVNRev bcda0285b62dd6766bbf558cb0e562271f6e2fd5 (av/devel), av 3744.1e94: PrivateBuild: x64 Release_Unicode_DRIVER 3744.1e94: FileDescription: AVG File Vault Driver 3744.1e94: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 3744.1e94: Calling main() 3744.1e94: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0 3744.1e94: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 3744.1e94: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 3744.1e94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe) 3744.1e94: SUPR3HardenedMain: Respawn #2 3744.1e94: supR3HardNtEnableThreadCreation: 3744.1e94: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll) 3744.1e94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll 3744.1e94: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 3744.1e94: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 3744.1e94: supR3HardenedDllNotificationCallback: load 00007ffec9b10000 LB 0x00079000 C:\WINDOWS\system32\apphelp.dll [fFlags=0x0] 3744.1e94: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 3744.1e94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec9b10000 'C:\WINDOWS\system32\apphelp.dll' 3744.1e94: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffed00e6a00 pvNtTerminateThread=00007ffed01157a0 3744.1e94: supR3HardenedWinDoReSpawn(2): New child 3638.c8 [kernel32]. 3744.1e94: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless) 3744.1e94: supR3HardNtChildGatherData: PebBaseAddress=0000000000201000 cbPeb=0x388 3744.1e94: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffed0070000 uNtDllChildAddr=00007ffed0070000 3744.1e94: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffed00e6a00 3744.1e94: supR3HardenedWinSetupChildInit: Start child. 3744.1e94: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 3744.1e94: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 59 sleeps 3744.1e94: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 3744.1e94: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000 3744.1e94: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000 3744.1e94: *0000000000030000-000000000001afff 0x0002/0x0002 0x0040000 3744.1e94: 0000000000045000-0000000000039fff 0x0001/0x0000 0x0000000 3744.1e94: *0000000000050000-fffffffffff53fff 0x0000/0x0004 0x0020000 3744.1e94: 000000000014c000-0000000000148fff 0x0104/0x0004 0x0020000 3744.1e94: 000000000014f000-000000000014dfff 0x0004/0x0004 0x0020000 3744.1e94: *0000000000150000-000000000014bfff 0x0002/0x0002 0x0040000 3744.1e94: 0000000000154000-0000000000147fff 0x0001/0x0000 0x0000000 3744.1e94: *0000000000160000-000000000015dfff 0x0004/0x0004 0x0020000 3744.1e94: 0000000000162000-00000000000c3fff 0x0001/0x0000 0x0000000 3744.1e94: *0000000000200000-00000000001fefff 0x0000/0x0004 0x0020000 3744.1e94: 0000000000201000-00000000001fdfff 0x0004/0x0004 0x0020000 3744.1e94: 0000000000204000-0000000000007fff 0x0000/0x0004 0x0020000 3744.1e94: 0000000000400000-ffffffff8081ffff 0x0001/0x0000 0x0000000 3744.1e94: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 3744.1e94: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 3744.1e94: 000000007fff0000-ffff8009dbedffff 0x0001/0x0000 0x0000000 3744.1e94: *00007ff724100000-00007ff7240dcfff 0x0002/0x0002 0x0040000 3744.1e94: 00007ff724123000-00007ff723ed5fff 0x0001/0x0000 0x0000000 3744.1e94: *00007ff724370000-00007ff724370fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 3744.1e94: 00007ff724371000-00007ff7243f7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 3744.1e94: 00007ff7243f8000-00007ff7243f8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 3744.1e94: 00007ff7243f9000-00007ff724443fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 3744.1e94: 00007ff724444000-00007ff724444fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 3744.1e94: 00007ff724445000-00007ff724445fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 3744.1e94: 00007ff724446000-00007ff72444afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 3744.1e94: 00007ff72444b000-00007ff72444bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 3744.1e94: 00007ff72444c000-00007ff72444cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 3744.1e94: 00007ff72444d000-00007ff724450fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 3744.1e94: 00007ff724451000-00007ff72449bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 3744.1e94: 00007ff72449c000-00007fef788c7fff 0x0001/0x0000 0x0000000 3744.1e94: *00007ffed0070000-00007ffed0070fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 3744.1e94: 00007ffed0071000-00007ffed016dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 3744.1e94: 00007ffed016e000-00007ffed01aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 3744.1e94: 00007ffed01af000-00007ffed01b7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 3744.1e94: 00007ffed01b8000-00007ffed01c4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 3744.1e94: 00007ffed01c5000-00007ffed01c5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 3744.1e94: 00007ffed01c6000-00007ffed01c8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 3744.1e94: 00007ffed01c9000-00007ffed0230fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 3744.1e94: 00007ffed0231000-00007ffda0481fff 0x0001/0x0000 0x0000000 3744.1e94: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 3744.1e94: VBoxHeadless.exe: timestamp 0x564221d3 (rc=VINF_SUCCESS) 3744.1e94: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 3744.1e94: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 3744.1e94: supR3HardNtChildPurify: Done after 557 ms and 0 fixes (loop #0). 3638.c8: Log file opened: 5.0.10r104061 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa0295a00 3638.c8: supR3HardenedVmProcessInit: uNtDllAddr=00007ffed0070000 3744.1e94: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000500000 LB 0x400000) 3744.1e94: supR3HardNtEnableThreadCreation: 3638.c8: ntdll.dll: timestamp 0x5632d193 (rc=VINF_SUCCESS) 3638.c8: New simple heap: #1 0000000000500000 LB 0x400000 (for 1839104 allocation) 3638.c8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 3638.c8: System32: \Device\HarddiskVolume2\Windows\System32 3638.c8: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS 3638.c8: KnownDllPath: C:\WINDOWS\system32 3638.c8: supR3HardenedVmProcessInit: Opening vboxdrv... 3638.c8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 3638.c8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 3638.c8: Registered Dll notification callback with NTDLL. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801: [calling] 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffecb400000 LB 0x001e8000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0] 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffeceb70000 LB 0x000ad000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeceb70000 'C:\WINDOWS\system32\KERNEL32.DLL' 3638.c8: supR3HardenedDllNotificationCallback: load 00007ff724370000 LB 0x0012c000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0] 3638.c8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 3638.c8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffed00e6a00 pvNtTerminateThread=00007ffed01157a0 3744.1e94: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 94 ms. 3638.c8: \SystemRoot\System32\ntdll.dll: 3638.c8: CreationTime: 2015-10-30T07:18:03.534188700Z 3638.c8: LastWriteTime: 2015-10-30T07:18:03.534188700Z 3638.c8: ChangeTime: 2015-11-18T12:17:26.280542600Z 3638.c8: FileAttributes: 0x20 3638.c8: Size: 0x1bba48 3638.c8: NT Headers: 0xe0 3638.c8: Timestamp: 0x5632d193 3638.c8: Machine: 0x8664 - amd64 3638.c8: Timestamp: 0x5632d193 3638.c8: Image Version: 10.0 3638.c8: SizeOfImage: 0x1c1000 (1839104) 3638.c8: Resource Dir: 0x159000 LB 0x66210 3638.c8: ProductName: Microsoft® Windows® Operating System 3638.c8: ProductVersion: 10.0.10586.0 3638.c8: FileVersion: 10.0.10586.0 (th2_release.151029-1700) 3638.c8: FileDescription: NT Layer DLL 3638.c8: \SystemRoot\System32\kernel32.dll: 3638.c8: CreationTime: 2015-10-30T07:17:46.221743200Z 3638.c8: LastWriteTime: 2015-10-30T07:17:46.221743200Z 3638.c8: ChangeTime: 2015-11-18T12:17:25.968031300Z 3638.c8: FileAttributes: 0x20 3638.c8: Size: 0xac430 3638.c8: NT Headers: 0xf0 3638.c8: Timestamp: 0x5632d5aa 3638.c8: Machine: 0x8664 - amd64 3638.c8: Timestamp: 0x5632d5aa 3638.c8: Image Version: 10.0 3638.c8: SizeOfImage: 0xad000 (708608) 3638.c8: Resource Dir: 0xab000 LB 0x528 3638.c8: ProductName: Microsoft® Windows® Operating System 3638.c8: ProductVersion: 10.0.10586.0 3638.c8: FileVersion: 10.0.10586.0 (th2_release.151029-1700) 3638.c8: FileDescription: Windows NT BASE API Client DLL 3638.c8: \SystemRoot\System32\KernelBase.dll: 3638.c8: CreationTime: 2015-10-30T07:18:03.596688800Z 3638.c8: LastWriteTime: 2015-10-30T07:18:03.596688800Z 3638.c8: ChangeTime: 2015-11-18T12:17:25.999283300Z 3638.c8: FileAttributes: 0x20 3638.c8: Size: 0x1e7a08 3638.c8: NT Headers: 0xf0 3638.c8: Timestamp: 0x5632d1de 3638.c8: Machine: 0x8664 - amd64 3638.c8: Timestamp: 0x5632d1de 3638.c8: Image Version: 10.0 3638.c8: SizeOfImage: 0x1e8000 (1998848) 3638.c8: Resource Dir: 0x1d1000 LB 0x540 3638.c8: ProductName: Microsoft® Windows® Operating System 3638.c8: ProductVersion: 10.0.10586.0 3638.c8: FileVersion: 10.0.10586.0 (th2_release.151029-1700) 3638.c8: FileDescription: Windows NT BASE API Client DLL 3638.c8: \SystemRoot\System32\apisetschema.dll: 3638.c8: CreationTime: 2015-10-30T07:17:57.502957900Z 3638.c8: LastWriteTime: 2015-10-30T07:17:57.502957900Z 3638.c8: ChangeTime: 2015-11-18T12:17:25.092999700Z 3638.c8: FileAttributes: 0x20 3638.c8: Size: 0x16d60 3638.c8: NT Headers: 0xc8 3638.c8: Timestamp: 0x5632d94c 3638.c8: Machine: 0x8664 - amd64 3638.c8: Timestamp: 0x5632d94c 3638.c8: Image Version: 10.0 3638.c8: SizeOfImage: 0x18000 (98304) 3638.c8: Resource Dir: 0x17000 LB 0x400 3638.c8: ProductName: Microsoft® Windows® Operating System 3638.c8: ProductVersion: 10.0.10586.0 3638.c8: FileVersion: 10.0.10586.0 (th2_release.151029-1700) 3638.c8: FileDescription: ApiSet Schema DLL 3638.c8: supR3HardenedWinFindAdversaries: 0x100 3638.c8: \SystemRoot\System32\drivers\avgrkx64.sys: 3638.c8: CreationTime: 2015-03-20T10:18:18.000000000Z 3638.c8: LastWriteTime: 2015-08-10T14:25:40.000000000Z 3638.c8: ChangeTime: 2015-11-18T12:52:22.602400600Z 3638.c8: FileAttributes: 0x20 3638.c8: Size: 0xa5b0 3638.c8: NT Headers: 0xe8 3638.c8: Timestamp: 0x55c8a651 3638.c8: Machine: 0x8664 - amd64 3638.c8: Timestamp: 0x55c8a651 3638.c8: Image Version: 6.2 3638.c8: SizeOfImage: 0xa000 (40960) 3638.c8: Resource Dir: 0x9000 LB 0x4e4 3638.c8: ProductName: AVG Internet Security 3638.c8: ProductVersion: 16.0.0.7018 3638.c8: FileVersion: 16.0.0.7018 3638.c8: SpecialBuild: AvCompile_2015_0810_152249(7018), SVNRev bcda0285b62dd6766bbf558cb0e562271f6e2fd5 (av/devel), av 3638.c8: PrivateBuild: x64 Release_Unicode_DRIVER 3638.c8: FileDescription: AVG Anti-Rootkit Driver 3638.c8: \SystemRoot\System32\drivers\avgmfx64.sys: 3638.c8: CreationTime: 2015-10-21T15:15:02.000000000Z 3638.c8: LastWriteTime: 2015-10-21T15:15:02.000000000Z 3638.c8: ChangeTime: 2015-11-18T12:52:22.602400600Z 3638.c8: FileAttributes: 0x20 3638.c8: Size: 0x3e5b0 3638.c8: NT Headers: 0xe8 3638.c8: Timestamp: 0x5627abf4 3638.c8: Machine: 0x8664 - amd64 3638.c8: Timestamp: 0x5627abf4 3638.c8: Image Version: 6.2 3638.c8: SizeOfImage: 0x3f000 (258048) 3638.c8: Resource Dir: 0x3d000 LB 0x558 3638.c8: ProductName: AVG Internet Security 3638.c8: ProductVersion: 16.7.0.7225 3638.c8: FileVersion: 16.7.0.7225 3638.c8: SpecialBuild: AvCompile_2015_1021_170455(7225), SVNRev 7c855447f1a8108ea241fa3c579387fa3a34c4a1 (release/SmallUpdate2016-01_release), av, gbn 16.7.1.29462 3638.c8: PrivateBuild: x64 Release_Unicode_DRIVER 3638.c8: FileDescription: AVG Resident Shield Minifilter Driver 3638.c8: \SystemRoot\System32\drivers\avgidsdrivera.sys: 3638.c8: CreationTime: 2015-06-26T07:49:10.000000000Z 3638.c8: LastWriteTime: 2015-10-19T07:03:24.000000000Z 3638.c8: ChangeTime: 2015-11-18T12:52:22.602400600Z 3638.c8: FileAttributes: 0x20 3638.c8: Size: 0x4c9b0 3638.c8: NT Headers: 0xe0 3638.c8: Timestamp: 0x562495b9 3638.c8: Machine: 0x8664 - amd64 3638.c8: Timestamp: 0x562495b9 3638.c8: Image Version: 6.2 3638.c8: SizeOfImage: 0x53000 (339968) 3638.c8: Resource Dir: 0x51000 LB 0x578 3638.c8: ProductName: AVG Internet Security 3638.c8: ProductVersion: 16.7.0.7222 3638.c8: FileVersion: 16.7.0.7222 3638.c8: SpecialBuild: AvCompile_2015_1019_084916(7222), SVNRev ae2258cc1e372062c071fabbc49d3ede375b871c (release/SmallUpdate2016-01_release), av, gbn 16.7.1.28104 3638.c8: PrivateBuild: x64 Release_Unicode_DRIVER 3638.c8: FileDescription: AVG IDS Application Activity Monitor Driver. 3638.c8: \SystemRoot\System32\drivers\avgidsha.sys: 3638.c8: CreationTime: 2015-05-12T12:36:54.000000000Z 3638.c8: LastWriteTime: 2015-08-20T12:58:04.000000000Z 3638.c8: ChangeTime: 2015-11-18T12:52:22.602400600Z 3638.c8: FileAttributes: 0x20 3638.c8: Size: 0x48db0 3638.c8: NT Headers: 0xd8 3638.c8: Timestamp: 0x55d5c0c9 3638.c8: Machine: 0x8664 - amd64 3638.c8: Timestamp: 0x55d5c0c9 3638.c8: Image Version: 6.2 3638.c8: SizeOfImage: 0x49000 (299008) 3638.c8: Resource Dir: 0x47000 LB 0x52c 3638.c8: ProductName: AVG Internet Security 3638.c8: ProductVersion: 16.1.0.7028 3638.c8: FileVersion: 16.1.0.7028 3638.c8: SpecialBuild: AvCompile_2015_0820_135459(7028), SVNRev f4234d401b085a2f130f926a678ec233158e4b7d (release/AVG2016_beta1), av 3638.c8: PrivateBuild: x64 Release_Unicode_DRIVER 3638.c8: FileDescription: AVG Application Activity Monitor Helper Driver 3638.c8: \SystemRoot\System32\drivers\avgloga.sys: 3638.c8: CreationTime: 2015-08-14T13:24:40.000000000Z 3638.c8: LastWriteTime: 2015-08-14T13:24:40.000000000Z 3638.c8: ChangeTime: 2015-11-18T12:52:22.602400600Z 3638.c8: FileAttributes: 0x20 3638.c8: Size: 0x613b0 3638.c8: NT Headers: 0xe0 3638.c8: Timestamp: 0x55cdde04 3638.c8: Machine: 0x8664 - amd64 3638.c8: Timestamp: 0x55cdde04 3638.c8: Image Version: 6.2 3638.c8: SizeOfImage: 0x62000 (401408) 3638.c8: Resource Dir: 0x60000 LB 0x4d4 3638.c8: ProductName: AVG Internet Security 3638.c8: ProductVersion: 16.0.0.7023 3638.c8: FileVersion: 16.0.0.7023 3638.c8: SpecialBuild: AvCompile_2015_0814_141417(7023), SVNRev 3f0381b1756dd093311a0a028b8a3dbdd65d1ea3 (av/devel), av 3638.c8: PrivateBuild: x64 Release_Unicode_DRIVER 3638.c8: FileDescription: AVG Logging Driver 3638.c8: \SystemRoot\System32\drivers\avgldx64.sys: 3638.c8: CreationTime: 2015-10-21T15:16:48.000000000Z 3638.c8: LastWriteTime: 2015-10-21T15:16:48.000000000Z 3638.c8: ChangeTime: 2015-11-18T12:52:22.602400600Z 3638.c8: FileAttributes: 0x20 3638.c8: Size: 0x455b0 3638.c8: NT Headers: 0xd8 3638.c8: Timestamp: 0x5627ac5c 3638.c8: Machine: 0x8664 - amd64 3638.c8: Timestamp: 0x5627ac5c 3638.c8: Image Version: 6.2 3638.c8: SizeOfImage: 0x46000 (286720) 3638.c8: Resource Dir: 0x44000 LB 0x538 3638.c8: ProductName: AVG Internet Security 3638.c8: ProductVersion: 16.7.0.7225 3638.c8: FileVersion: 16.7.0.7225 3638.c8: SpecialBuild: AvCompile_2015_1021_170455(7225), SVNRev 7c855447f1a8108ea241fa3c579387fa3a34c4a1 (release/SmallUpdate2016-01_release), av, gbn 16.7.1.29462 3638.c8: PrivateBuild: x64 Release_Unicode_DRIVER 3638.c8: FileDescription: AVG AVI Loader Driver 3638.c8: \SystemRoot\System32\drivers\avgdiska.sys: 3638.c8: CreationTime: 2015-08-10T14:32:08.000000000Z 3638.c8: LastWriteTime: 2015-08-10T14:32:08.000000000Z 3638.c8: ChangeTime: 2015-11-18T12:52:22.602400600Z 3638.c8: FileAttributes: 0x20 3638.c8: Size: 0x301b0 3638.c8: NT Headers: 0xe8 3638.c8: Timestamp: 0x55c8a7d5 3638.c8: Machine: 0x8664 - amd64 3638.c8: Timestamp: 0x55c8a7d5 3638.c8: Image Version: 6.2 3638.c8: SizeOfImage: 0x31000 (200704) 3638.c8: Resource Dir: 0x2f000 LB 0x4e0 3638.c8: ProductName: AVG Internet Security 3638.c8: ProductVersion: 16.0.0.7018 3638.c8: FileVersion: 16.0.0.7018 3638.c8: SpecialBuild: AvCompile_2015_0810_152249(7018), SVNRev bcda0285b62dd6766bbf558cb0e562271f6e2fd5 (av/devel), av 3638.c8: PrivateBuild: x64 Release_Unicode_DRIVER 3638.c8: FileDescription: AVG File Vault Driver 3638.c8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 3638.c8: Calling main() 3638.c8: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0 3638.c8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 3638.c8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe) 3638.c8: SUPR3HardenedMain: Final process, opening VBoxDrv... 3638.c8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000500000 LB 0x400000) 3638.c8: supR3HardNtEnableThreadCreation: 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 3638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffe9b200000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9b200000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9b200000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9b200000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'msasn1.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffece9b0000 LB 0x0009d000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffecb3f0000 LB 0x00010000 C:\WINDOWS\system32\MSASN1.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffecbd70000 LB 0x001c7000 C:\WINDOWS\system32\CRYPT32.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffecea50000 LB 0x0011c000 C:\WINDOWS\system32\RPCRT4.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffecbff0000 LB 0x00055000 C:\WINDOWS\system32\Wintrust.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbff0000 'C:\WINDOWS\system32\Wintrust.dll' 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 3638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffecb2a0000 LB 0x00029000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecb2a0000 'C:\WINDOWS\system32\bcrypt.dll' 3638.c8: bcrypt.dll loaded at 00007ffecb2a0000, BCryptOpenAlgorithmProvider at 00007ffecb2a3b50, preloading providers: 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffecc0e0000 LB 0x0006a000 C:\WINDOWS\system32\bcryptprimitives.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecc0e0000 'C:\WINDOWS\system32\bcryptprimitives.dll' 3638.c8: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000a8a390) 3638.c8: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000a8aa50) 3638.c8: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000a8ad20) 3638.c8: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000a8b080) 3638.c8: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000a8bba0) 3638.c8: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000a8beb0) 3638.c8: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000a8c1c0) 3638.c8: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000a8c490) 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbff0000 'C:\Windows\System32\WINTRUST.DLL' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbff0000 'C:\Windows\System32\WINTRUST.DLL' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbff0000 'C:\Windows\System32\WINTRUST.DLL' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbff0000 'C:\Windows\System32\WINTRUST.DLL' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbff0000 'C:\Windows\System32\WINTRUST.DLL' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbff0000 'C:\Windows\System32\WINTRUST.DLL' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbff0000 'C:\Windows\System32\WINTRUST.DLL' 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffecad00000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffeca990000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffecae20000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeceb70000 'C:\WINDOWS\system32\kernel32.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbff0000 'C:\Windows\System32\WINTRUST.DLL' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\CRYPT32.dll' 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffecec60000 LB 0x0001c000 C:\WINDOWS\system32\imagehlp.dll [fFlags=0x0] 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffecd7d0000 LB 0x0005b000 C:\WINDOWS\system32\sechost.dll [fFlags=0x0] 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffeca320000 LB 0x00024000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffecb3d0000 LB 0x00014000 C:\WINDOWS\system32\profapi.dll [fFlags=0x0] 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffe9d060000 LB 0x0002f000 C:\WINDOWS\system32\cryptnet.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9d060000 'C:\WINDOWS\system32\cryptnet.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9d060000 'C:\WINDOWS\system32\cryptnet.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9d060000 'C:\WINDOWS\system32\cryptnet.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9d060000 'C:\WINDOWS\system32\cryptnet.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9d060000 'C:\WINDOWS\system32\cryptnet.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9d060000 'C:\WINDOWS\system32\cryptnet.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9d060000 'C:\WINDOWS\system32\cryptnet.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9d060000 'C:\WINDOWS\system32\cryptnet.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9d060000 'C:\WINDOWS\system32\cryptnet.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9d060000 'C:\WINDOWS\system32\cryptnet.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9d060000 'C:\WINDOWS\system32\cryptnet.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9d060000 'C:\WINDOWS\system32\cryptnet.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe9d060000 'C:\Windows\System32\cryptnet.dll' 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffecda80000 LB 0x000a7000 C:\WINDOWS\system32\advapi32.dll [fFlags=0x0] 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000adc760 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000adc760 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9A46A462BF8E5FC5E097E98A51381D8EFF8C537E 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecea50000 'C:\WINDOWS\system32\rpcrt4.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbff0000 'C:\Windows\System32\WINTRUST.DLL' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbff0000 'C:\Windows\System32\WINTRUST.DLL' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbff0000 'C:\Windows\System32\WINTRUST.DLL' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbff0000 'C:\Windows\System32\WINTRUST.DLL' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbff0000 'C:\Windows\System32\WINTRUST.DLL' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbff0000 'C:\Windows\System32\WINTRUST.DLL' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbff0000 'C:\Windows\System32\WINTRUST.DLL' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Group-minkernel-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\SystemRoot\System32\ntdll.dll' 3638.c8: g_pfnWinVerifyTrust=00007ffecbff74d0 3638.c8: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' 3638.c8: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000038c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000adc760 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000adc760 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=357A4685FBBF5E8A1472AE56D4B122532A042630 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-ds-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll' 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 3638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x3fb1ac73ae1db300 CN=markt 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x8b4c08792a04b100 CN=localhost, O=Skype Click to Call, OU=Skype Click to Call 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x89df2ac1a847af00 C=CZ, ST=Moravia, L=Brno, O=AVG Technologies cz, OU=Engineering, CN=AVG Technologies 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xf36e04c6e767c800 C=CZ, ST=Moravia, L=Brno, O=AVG Technologies cz, OU=Engineering, CN=AVG Technologies 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp. 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x202e62f7af5cd800 C=CZ, ST=Moravia, L=Brno, O=AVG Technologies cz, OU=Engineering, CN=AVG Technologies 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048) 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xf0ca9d354a179000 C=FI, O=Sonera, CN=Sonera Class2 CA 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x20b7075b3689b600 C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x92ac5ed85c2d0e9b C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3 3638.c8: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root 3638.c8: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=54 3638.c8: SUPR3HardenedMain: Load Runtime... 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3638.c8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01: [calling] 3638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 3638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust] 3638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 3638.c8: supR3HardenedDllNotificationCallback: load 00000000594d0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust] 3638.c8: supR3HardenedDllNotificationCallback: load 0000000059430000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffecec80000 LB 0x0006b000 C:\WINDOWS\system32\WS2_32.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffe8f570000 LB 0x0055f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 3638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'. 3638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8f570000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbff0000 'C:\WINDOWS\system32\Wintrust.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: SUPR3HardenedMain: Load TrustedMain... 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxrt.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.dll) WinVerifyTrust 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 3638.c8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'bcryptprimitives.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3638.c8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3638.c8: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll) WinVerifyTrust 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust] 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01: [calling] 3638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.dll 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffece130000 LB 0x00186000 C:\WINDOWS\system32\GDI32.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [avoiding WinVerifyTrust] 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffecdb30000 LB 0x00156000 C:\WINDOWS\system32\USER32.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [avoiding WinVerifyTrust] 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffecdeb0000 LB 0x0027d000 C:\WINDOWS\system32\combase.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust] 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffecdc90000 LB 0x00143000 C:\WINDOWS\system32\ole32.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffecdde0000 LB 0x000c1000 C:\WINDOWS\system32\OLEAUT32.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffecfec0000 LB 0x00066000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.dll 3638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'. 3638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rescheduled] 3638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'. 3638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rescheduled] 3638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'. 3638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rescheduled] 3638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust] 3638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'. 3638.c8: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\user32.dll 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffecec20000 LB 0x0003b000 C:\WINDOWS\system32\IMM32.DLL [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [avoiding WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecec20000 'C:\WINDOWS\system32\IMM32.DLL' 3638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'. 3638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rescheduled] 3638.c8: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\PROGRA~2\SupTab\SEARCH~2.DLL': 0 (NtPath=\??\C:\PROGRA~2\SupTab\SEARCH~2.DLL; Input=C:\PROGRA~2\SupTab\SEARCH~2.DLL; rcNtGetDll=0x0 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\PROGRA~2\SupTab\SEARCH~2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\PROGRA~2\SupTab\SEARCH~2.DLL' 3638.c8: \Device\HarddiskVolume2\Windows\System32\nvinitx.dll: Owner is administrators group. 3638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\nvinitx.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'version.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nvinitx.dll) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nvinitx.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust] 3638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'. 3638.c8: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\user32.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008] 3638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\version.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\version.dll) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\nvinitx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nvinitx.dll [avoiding WinVerifyTrust] 3638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll [avoiding WinVerifyTrust] 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffecb250000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\VERSION.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll [avoiding WinVerifyTrust] 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffecb260000 LB 0x00031000 C:\WINDOWS\system32\nvinitx.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nvinitx.dll [avoiding WinVerifyTrust] 3638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\version.dll'. 3638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\version.dll' [rescheduled] 3638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\nvinitx.dll'. 3638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\nvinitx.dll' [rescheduled] 3638.c8: \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll: Owner is administrators group. 3638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll [avoiding WinVerifyTrust] 3638.c8: supR3HardenedDllNotificationCallback: load 000000000f000000 LB 0x00006000 C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll [avoiding WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000000000f000000 'C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll' 3638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll'. 3638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll' [rescheduled] 3638.c8: \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll: Owner is administrators group. 3638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'setupapi.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'detoured.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'detoured.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'detoured.dll' -> '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll [redoing WinVerifyTrust] 3638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll'. 3638.c8: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 3638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\setupapi.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'cfgmgr32.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust] 3638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'. 3638.c8: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\gdi32.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust] 3638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'. 3638.c8: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Windows\System32\user32.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] 3638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrapx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll [avoiding WinVerifyTrust] 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffecbc40000 LB 0x00043000 C:\WINDOWS\system32\CFGMGR32.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust] 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffece580000 LB 0x00429000 C:\WINDOWS\system32\SETUPAPI.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [avoiding WinVerifyTrust] 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffec8a90000 LB 0x00032000 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrapx.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll [avoiding WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec8a90000 'C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrapx.dll' 3638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'. 3638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rescheduled] 3638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\setupapi.dll'. 3638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rescheduled] 3638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll'. 3638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll' [rescheduled] 3638.c8: \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll: Owner is administrators group. 3638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'advapi32.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'detoured.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'detoured.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'detoured.dll' -> '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll [redoing WinVerifyTrust] 3638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll'. 3638.c8: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrapx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll [avoiding WinVerifyTrust] 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffec8a60000 LB 0x00022000 C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrapx.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll [avoiding WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec8a60000 'C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrapx.dll' 3638.c8: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll'. 3638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll' [rescheduled] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecb260000 'C:\WINDOWS\system32\nvinitx.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecfec0000 'C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll' 3638.c8: SUPR3HardenedMain: Calling TrustedMain (00007ffecfeca000)... 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffecb370000 LB 0x0000f000 C:\WINDOWS\system32\kernel.appcore.dll [fFlags=0x0] 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcrt.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffecc1b0000 LB 0x000a7000 C:\WINDOWS\system32\clbcatq.dll [fFlags=0x0] 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\clbcatq.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'psapi.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'version.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll [redoing WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\version.dll' 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\psapi.dll) WinVerifyTrust 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\psapi.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 3638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffecd990000 LB 0x00008000 C:\WINDOWS\system32\PSAPI.DLL [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\psapi.dll 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffe8d620000 LB 0x005d7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8d620000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecdde0000 'C:\Windows\System32\oleaut32.dll' 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sxs.dll) 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sxs.dll 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffecb1b0000 LB 0x00099000 C:\WINDOWS\SYSTEM32\sxs.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll [avoiding WinVerifyTrust] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sxs.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecdde0000 'C:\WINDOWS\system32\OLEAUT32.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecdc90000 'C:\WINDOWS\system32\ole32.dll' 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecdde0000 'C:\WINDOWS\system32\OLEAUT32.dll' 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000618 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000adc760 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000adc760 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3488B506C76AED41BC3048EF4C38C6A11D8B3CC4 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll' 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000006fc pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000adc760 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000adc760 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D0F5B8FB82A59EE0D6149941C8198202D2D48FDA 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 3638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll 3638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffebe580000 LB 0x0007f000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffebc4d0000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecb400000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebc4d0000 'C:\WINDOWS\system32\wbem\wbemprox.dll' 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000060c pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000adc760 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000adc760 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9CE21DDF09B1BCCF1977CBD665E28F9BA3B97D79 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll' 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 3638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffebb750000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebb750000 'C:\WINDOWS\system32\wbem\wbemsvc.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecb400000 'api-ms-win-core-localization-l1-2-0.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecb400000 'api-ms-win-core-localization-obsolete-l1-1-0.dll' 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000700 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000adc760 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000adc760 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AFD9E9630890EA6E6C472D5579966609C56F9EFD 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll' 3638.c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3638.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'. 3638.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust 3638.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3638.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3638.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 3638.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll 3638.c8: supR3HardenedDllNotificationCallback: load 00007ffebaec0000 LB 0x000f6000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0] 3638.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll 3638.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebaec0000 'C:\WINDOWS\system32\wbem\fastprox.dll' 3638.3d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.3d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3638.3d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'. 3638.3d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 3638.3d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust 3638.3d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 3638.3d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 3638.3d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 3638.3d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'... 3638.3d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008] 3638.3d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.3d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'. 3638.3d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 3638.3d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'. 3638.3d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust 3638.3d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll 3638.3d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3638.3d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3638.3d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 3638.3d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3638.3d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3638.3d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 3638.3d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 3638.3d4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 3638.3d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 3638.3d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 3638.3d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.3d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 3638.3d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll 3638.3d4: supR3HardenedDllNotificationCallback: load 00000000585f0000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0] 3638.3d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll 3638.3d4: supR3HardenedDllNotificationCallback: load 00007ffecfc20000 LB 0x0029c000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0] 3638.3d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 3638.3d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecfc20000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'. 3638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys) 3638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys 3638.35ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys [avoiding WinVerifyTrust] 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 3638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys) 3638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys 3638.35ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys [avoiding WinVerifyTrust] 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 3638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys) 3638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys 3638.35ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys [avoiding WinVerifyTrust] 3638.35ec: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys: Owner is administrators group. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ndis.sys'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ntoskrnl.exe'. 3638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys) 3638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys 3638.35ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys [avoiding WinVerifyTrust] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 3638.35ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'hal.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'pshed.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'bootvid.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'kdcom.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ci.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'msrpc.sys'. 3638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe) 3638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008] 3638.35ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'wpprecorder.sys'. 3638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys) 3638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008] 3638.35ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msrpc.sys'. 3638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys) 3638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\netio.sys 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys [lacks WinVerifyTrust] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msrpc.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys' [rcNtRedir=0xc0150008] 3638.35ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 3638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys) 3638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys [lacks WinVerifyTrust] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wpprecorder.sys'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'wpprecorder.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\wpprecorder.sys' [rcNtRedir=0xc0150008] 3638.35ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\drivers\WppRecorder.sys'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 3638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\drivers\WppRecorder.sys) 3638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\drivers\WppRecorder.sys 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\drivers\netio.sys [lacks WinVerifyTrust] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008] 3638.35ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\hal.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'kdcom.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'pshed.dll'. 3638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\hal.dll) 3638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\hal.dll 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msrpc.sys' 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ci.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ci.dll' -> '\Device\HarddiskVolume2\Windows\System32\ci.dll' [rcNtRedir=0xc0150008] 3638.35ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\ci.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'. 3638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ci.dll) 3638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ci.dll 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume2\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008] 3638.35ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\kdcom.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'. 3638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kdcom.dll) 3638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kdcom.dll 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bootvid.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'bootvid.dll' -> '\Device\HarddiskVolume2\Windows\System32\bootvid.dll' [rcNtRedir=0xc0150008] 3638.35ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\BOOTVID.DLL'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 3638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\BOOTVID.DLL) 3638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\BOOTVID.DLL 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume2\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008] 3638.35ec: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\PSHED.DLL'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'. 3638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\PSHED.DLL) 3638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\PSHED.DLL 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll [lacks WinVerifyTrust] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll [lacks WinVerifyTrust] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll [lacks WinVerifyTrust] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume2\Windows\System32\hal.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\hal.dll [lacks WinVerifyTrust] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume2\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\PSHED.DLL [lacks WinVerifyTrust] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume2\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kdcom.dll [lacks WinVerifyTrust] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust] 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetAdp6.sys' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxDrv.sys' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxUSBMon.sys' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\VBoxNetLwf.sys' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\PSHED.DLL' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\BOOTVID.DLL' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kdcom.dll' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ci.dll' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\hal.dll' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\WppRecorder.sys' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\msrpc.sys' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\netio.sys' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\drivers\ndis.sys' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntoskrnl.exe' 3638.35ec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000744 pwszName=\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll 3638.35ec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000adc760 3638.35ec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000adc760 3638.35ec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CFB385060B4FA365AB9E4DC16369A36F5D635690 3638.35ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll 3638.35ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.35ec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-net~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll' 3638.35ec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'oleaut32.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'ws2_32.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'netsetupapi.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'setupapi.dll'. 3638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll) WinVerifyTrust 3638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [redoing WinVerifyTrust] 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.35ec: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netsetupapi.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'netsetupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\netsetupapi.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'. 3638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll) WinVerifyTrust 3638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupShim.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 3638.35ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll 3638.35ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll 3638.35ec: supR3HardenedDllNotificationCallback: load 00007ffebf850000 LB 0x0001f000 C:\Windows\System32\NetSetupApi.dll [fFlags=0x0] 3638.35ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupApi.dll 3638.35ec: supR3HardenedDllNotificationCallback: load 00007ffebf870000 LB 0x00079000 C:\Windows\System32\NetSetupShim.dll [fFlags=0x0] 3638.35ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\NetSetupShim.dll 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffebf870000 'C:\Windows\System32\NetSetupShim.dll' 3638.3f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.3f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3638.3f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 3638.3f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 3638.3f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 3638.3f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust 3638.3f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll 3638.3f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3638.3f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3638.3f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust] 3638.3f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.3f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.3f4: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' 3638.3f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 3638.3f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 3638.3f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 3638.3f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 3638.3f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 3638.3f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3638.3f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3638.3f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 3638.3f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.3f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll 3638.3f4: supR3HardenedDllNotificationCallback: load 00007ffecffa0000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0] 3638.3f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll 3638.3f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecffa0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL' 3638.508: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000860 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll 3638.508: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000adc760 3638.508: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000adc760 3638.560: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.508: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4F9BD6CD3F872DBBFCD5F712A95134C3D7F47679 3638.560: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3638.560: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 3638.560: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 3638.560: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust 3638.560: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll 3638.560: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 3638.508: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.560: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 3638.560: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 3638.560: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 3638.560: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 3638.560: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3638.560: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3638.560: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 3638.560: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.560: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll 3638.560: supR3HardenedDllNotificationCallback: load 00007ffecff90000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0] 3638.560: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll 3638.560: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecff90000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL' 3638.438: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.438: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3638.438: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 3638.438: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 3638.438: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust 3638.438: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll 3638.438: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 3638.438: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 3638.438: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 3638.438: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 3638.438: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 3638.438: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3638.438: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3638.438: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 3638.438: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.438: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll 3638.438: supR3HardenedDllNotificationCallback: load 00007ffecff80000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0] 3638.438: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll 3638.438: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecff80000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL' 3638.2f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.2f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3638.2f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 3638.2f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 3638.2f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust 3638.2f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll 3638.2f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 3638.2f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 3638.2f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 3638.2f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 3638.2f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 3638.2f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3638.2f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3638.2f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.2f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll 3638.2f4: supR3HardenedDllNotificationCallback: load 00007ffecff70000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0] 3638.508: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.2f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll 3638.2f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecff70000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL' 3638.508: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' 3638.508: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 3638.508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3638.508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'. 3638.508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'. 3638.508: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust 3638.508: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 3638.508: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3638.508: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3638.508: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll 3638.508: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3638.508: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3638.508: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust] 3638.508: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.508: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.508: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' 3638.508: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3638.508: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3638.508: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 3638.508: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 3638.508: supR3HardenedDllNotificationCallback: load 00007ffec9ca0000 LB 0x00096000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0] 3638.508: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 3638.508: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec9ca0000 'C:\WINDOWS\system32\uxtheme.dll' 3638.508: supR3HardenedDllNotificationCallback: load 00007ffecd830000 LB 0x0015a000 C:\WINDOWS\system32\MSCTF.dll [fFlags=0x0] 3638.508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3638.508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'. 3638.508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'. 3638.508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'imm32.dll'. 3638.508: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msctf.dll) 3638.508: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #65 'user32.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #67 'gdi32.dll'. 3638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust 3638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.35ec: supR3HardenedDllNotificationCallback: load 00007ffececf0000 LB 0x00052000 C:\WINDOWS\system32\shlwapi.dll [fFlags=0x0] 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'gdi32.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'. 3638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll) 3638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll 3638.35ec: supR3HardenedDllNotificationCallback: load 00007ffecbc90000 LB 0x000b5000 C:\WINDOWS\system32\shcore.dll [fFlags=0x0] 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'. 3638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll) 3638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll 3638.35ec: supR3HardenedDllNotificationCallback: load 0000000004930000 LB 0x0004b000 C:\WINDOWS\system32\powrprof.dll [fFlags=0x0] 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'. 3638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll) 3638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll 3638.35ec: supR3HardenedDllNotificationCallback: load 00007ffecb5f0000 LB 0x00644000 C:\WINDOWS\system32\windows.storage.dll [fFlags=0x0] 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #59 'combase.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #66 'profapi.dll'. 3638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\windows.storage.dll) 3638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\windows.storage.dll 3638.35ec: supR3HardenedDllNotificationCallback: load 00007ffecc260000 LB 0x0155f000 C:\WINDOWS\system32\Shell32.dll [fFlags=0x0] 3638.35ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecc260000 'C:\WINDOWS\system32/Shell32.dll' 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\windows.storage.dll' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'. 3638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust 3638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll 3638.35ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust 3638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 3638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust 3638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'. 3638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust 3638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume2\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000844 pwszName=\Device\HarddiskVolume2\Windows\System32\newdev.dll 3638.35ec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000adc760 3638.35ec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000adc760 3638.35ec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=668FD39FDE68075AB44D78A92AF8BD445DF77C1A 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.35ec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\newdev.dll' 3638.35ec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'uxtheme.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'cfgmgr32.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'setupapi.dll'. 3638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\newdev.dll) WinVerifyTrust 3638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\newdev.dll 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust] 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.35ec: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.35ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll 3638.35ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll 3638.35ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll 3638.35ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL 3638.35ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 3638.35ec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll) 3638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll 3638.35ec: supR3HardenedDllNotificationCallback: load 00007ffec4b30000 LB 0x00013000 C:\WINDOWS\SYSTEM32\devrtl.DLL [fFlags=0x0] 3638.35ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [avoiding WinVerifyTrust] 3638.35ec: supR3HardenedDllNotificationCallback: load 00007ffe8f4e0000 LB 0x00082000 C:\WINDOWS\SYSTEM32\newdev.dll [fFlags=0x0] 3638.35ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll 3638.35ec: supR3HardenedDllNotificationCallback: load 00007ffe986f0000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0] 3638.35ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll 3638.35ec: supR3HardenedDllNotificationCallback: load 00007ffecff30000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0] 3638.35ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll 3638.35ec: supR3HardenedDllNotificationCallback: load 00007ffec77b0000 LB 0x00038000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0] 3638.35ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL 3638.35ec: supR3HardenedDllNotificationCallback: load 00007ffecf330000 LB 0x008e3000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0] 3638.35ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecf330000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL' 3638.35ec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a44 pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll 3638.35ec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000adc760 3638.35ec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000adc760 3638.35ec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9566730BDA7E6EB3E1397940D3DD3BA80C5317F3 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 3638.35ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecbd70000 'C:\WINDOWS\system32\crypt32.dll' 3638.35ec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-base~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll' 3638.35ec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 3638.35ec: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll 3638.35ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffe8d620000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll 3638.35ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecff30000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.1330: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffeca990000 'C:\WINDOWS\system32\rsaenh.dll' 3638.1330: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 3638.1330: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 3638.1330: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 3638.1330: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust 3638.1330: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll 3638.1330: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 3638.1330: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 3638.1330: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 3638.1330: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 3638.1330: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 3638.1330: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 3638.1330: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 3638.1330: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.1330: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll 3638.1330: supR3HardenedDllNotificationCallback: load 00007ffecf320000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0] 3638.1330: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll 3638.1330: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffecf320000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL' 3638.35ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL 3638.35ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 3638.35ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffec77b0000 'C:\WINDOWS\system32/Iphlpapi.dll' 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 3638.35ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'. 3638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) 3638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll 3638.35ec: supR3HardenedDllNotificationCallback: load 00007ffecda70000 LB 0x00008000 C:\WINDOWS\system32\NSI.dll [fFlags=0x0] 3638.35ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) 3638.35ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll 3638.35ec: supR3HardenedDllNotificationCallback: load 00007ffec72d0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\WINNSI.DLL [fFlags=0x0] 3638.35ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll [avoiding WinVerifyTrust] 3638.35ec: supR3HardenedDllNotificationCallback: Unload 00007ffecf330000 LB 0x008e3000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0] 3638.35ec: supR3HardenedDllNotificationCallback: Unload 00007ffe986f0000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0] 3638.35ec: supR3HardenedDllNotificationCallback: Unload 00007ffe8f4e0000 LB 0x00082000 C:\WINDOWS\SYSTEM32\newdev.dll [flags=0x0] 3638.35ec: supR3HardenedDllNotificationCallback: Unload 00007ffec4b30000 LB 0x00013000 C:\WINDOWS\SYSTEM32\devrtl.DLL [flags=0x0] 3638.35ec: supR3HardenedDllNotificationCallback: Unload 00007ffecff30000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0] 3638.1330: supR3HardenedDllNotificationCallback: Unload 00007ffecf320000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0] 3638.2f4: supR3HardenedDllNotificationCallback: Unload 00007ffecff70000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0] 3638.438: supR3HardenedDllNotificationCallback: Unload 00007ffecff80000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0] 3638.560: supR3HardenedDllNotificationCallback: Unload 00007ffecff90000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0] 3638.3f4: supR3HardenedDllNotificationCallback: Unload 00007ffecffa0000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0] 3638.c8: supR3HardenedDllNotificationCallback: Unload 00007ffebb750000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [flags=0x0] 3638.c8: supR3HardenedDllNotificationCallback: Unload 00007ffebaec0000 LB 0x000f6000 C:\WINDOWS\system32\wbem\fastprox.dll [flags=0x0] 3638.c8: supR3HardenedDllNotificationCallback: Unload 00007ffebc4d0000 LB 0x00011000 C:\WINDOWS\system32\wbem\wbemprox.dll [flags=0x0] 3638.c8: supR3HardenedDllNotificationCallback: Unload 00007ffebe580000 LB 0x0007f000 C:\WINDOWS\SYSTEM32\wbemcomn.dll [flags=0x0] 3638.c8: supR3HardenedDllNotificationCallback: Unload 00007ffe8d620000 LB 0x005d7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0] 3638.c8: supR3HardenedDllNotificationCallback: Unload 00007ffecd990000 LB 0x00008000 C:\WINDOWS\system32\PSAPI.DLL [flags=0x0] 3638.c8: supR3HardenedDllNotificationCallback: Unload 00007ffebf870000 LB 0x00079000 C:\Windows\System32\NetSetupShim.dll [flags=0x0] 3638.c8: supR3HardenedDllNotificationCallback: Unload 00007ffebf850000 LB 0x0001f000 C:\Windows\System32\NetSetupApi.dll [flags=0x0] 3638.c8: Terminating the normal way: rcExit=0 3744.1e94: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2986 ms, the end); 29c.12f4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 3663 ms, the end);