1324.bbc: Log file opened: 5.2.18r124319 g_hStartupLog=0000000000000010 g_uNtVerCombined=0x611db000 1324.bbc: \SystemRoot\System32\ntdll.dll: 1324.bbc: CreationTime: 2017-12-27T16:17:42.754411400Z 1324.bbc: LastWriteTime: 2010-10-27T05:16:01.087520700Z 1324.bbc: ChangeTime: 2017-12-28T02:16:50.051600300Z 1324.bbc: FileAttributes: 0x20 1324.bbc: Size: 0x1a89a8 1324.bbc: NT Headers: 0xe8 1324.bbc: Timestamp: 0x4cc7b325 1324.bbc: Machine: 0x8664 - amd64 1324.bbc: Timestamp: 0x4cc7b325 1324.bbc: Image Version: 6.1 1324.bbc: SizeOfImage: 0x1ac000 (1753088) 1324.bbc: Resource Dir: 0x154000 LB 0x560d0 1324.bbc: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 1324.bbc: [Raw version resource data: 0x1540f0 LB 0x378, codepage 0x0 (reserved 0x0)] 1324.bbc: ProductName: Microsoft® Windows® Operating System 1324.bbc: ProductVersion: 6.1.7600.16695 1324.bbc: FileVersion: 6.1.7600.16695 (win7_gdr.101026-1503) 1324.bbc: FileDescription: NT Layer DLL 1324.bbc: \SystemRoot\System32\kernel32.dll: 1324.bbc: CreationTime: 2017-12-27T16:15:39.420810600Z 1324.bbc: LastWriteTime: 2012-11-30T05:43:53.453000000Z 1324.bbc: ChangeTime: 2017-12-28T02:16:17.697200100Z 1324.bbc: FileAttributes: 0x20 1324.bbc: Size: 0x11b800 1324.bbc: NT Headers: 0xe0 1324.bbc: Timestamp: 0x50b84840 1324.bbc: Machine: 0x8664 - amd64 1324.bbc: Timestamp: 0x50b84840 1324.bbc: Image Version: 6.1 1324.bbc: SizeOfImage: 0x11f000 (1175552) 1324.bbc: Resource Dir: 0x116000 LB 0x520 1324.bbc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 1324.bbc: [Raw version resource data: 0x1160b0 LB 0x39c, codepage 0x0 (reserved 0x0)] 1324.bbc: ProductName: Microsoft® Windows® Operating System 1324.bbc: ProductVersion: 6.1.7600.17179 1324.bbc: FileVersion: 6.1.7600.17179 (win7_gdr.121129-1434) 1324.bbc: FileDescription: Windows NT BASE API Client DLL 1324.bbc: \SystemRoot\System32\KernelBase.dll: 1324.bbc: CreationTime: 2017-12-27T16:15:39.576810600Z 1324.bbc: LastWriteTime: 2012-11-30T05:43:53.547000000Z 1324.bbc: ChangeTime: 2017-12-28T02:16:17.697200100Z 1324.bbc: FileAttributes: 0x20 1324.bbc: Size: 0x67c00 1324.bbc: NT Headers: 0xe8 1324.bbc: Timestamp: 0x50b84841 1324.bbc: Machine: 0x8664 - amd64 1324.bbc: Timestamp: 0x50b84841 1324.bbc: Image Version: 6.1 1324.bbc: SizeOfImage: 0x6c000 (442368) 1324.bbc: Resource Dir: 0x6a000 LB 0x528 1324.bbc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 1324.bbc: [Raw version resource data: 0x6a0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 1324.bbc: ProductName: Microsoft® Windows® Operating System 1324.bbc: ProductVersion: 6.1.7600.17179 1324.bbc: FileVersion: 6.1.7600.17179 (win7_gdr.121129-1434) 1324.bbc: FileDescription: Windows NT BASE API Client DLL 1324.bbc: \SystemRoot\System32\apisetschema.dll: 1324.bbc: CreationTime: 2009-07-13T23:18:54.866423200Z 1324.bbc: LastWriteTime: 2009-07-14T01:24:53.779000000Z 1324.bbc: ChangeTime: 2017-12-27T14:16:08.339602700Z 1324.bbc: FileAttributes: 0x20 1324.bbc: Size: 0x1a00 1324.bbc: NT Headers: 0xc0 1324.bbc: Timestamp: 0x4a5bdeab 1324.bbc: Machine: 0x8664 - amd64 1324.bbc: Timestamp: 0x4a5bdeab 1324.bbc: Image Version: 6.1 1324.bbc: SizeOfImage: 0x50000 (327680) 1324.bbc: Resource Dir: 0x30000 LB 0x3f0 1324.bbc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 1324.bbc: [Raw version resource data: 0x30060 LB 0x390, codepage 0x0 (reserved 0x0)] 1324.bbc: ProductName: Microsoft® Windows® Operating System 1324.bbc: ProductVersion: 6.1.7600.16385 1324.bbc: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255) 1324.bbc: FileDescription: ApiSet Schema DLL 1324.bbc: supR3HardenedWinFindAdversaries: 0x0 1324.bbc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 1324.bbc: Calling main() 1324.bbc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 1324.bbc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 1324.bbc: SUPR3HardenedMain: Respawn #1 1324.bbc: System32: \Device\HarddiskVolume3\Windows\System32 1324.bbc: WinSxS: \Device\HarddiskVolume3\Windows\winsxs 1324.bbc: KnownDllPath: C:\Windows\system32 1324.bbc: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1324.bbc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe) 1324.bbc: supR3HardNtEnableThreadCreation: 1324.bbc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000779a2ac0 pvNtTerminateThread=00000000779bfbe0 1324.bbc: supR3HardenedWinDoReSpawn(1): New child 9e0.344 [kernel32]. 1324.bbc: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd6000 cbPeb=0x380 1324.bbc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077970000 uNtDllChildAddr=0000000077970000 1324.bbc: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000779a2ac0 1324.bbc: supR3HardenedWinSetupChildInit: Start child. 1324.bbc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 1324.bbc: supR3HardNtChildPurify: Startup delay kludge #1/0: 257 ms, 32 sleeps 1324.bbc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 1324.bbc: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000 1324.bbc: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000 1324.bbc: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000 1324.bbc: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000 1324.bbc: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000 1324.bbc: 0000000000041000-000000000021ffff 0x0001/0x0000 0x0000000 1324.bbc: *0000000000220000-000000000031bfff 0x0000/0x0004 0x0020000 1324.bbc: 000000000031c000-000000000031dfff 0x0104/0x0004 0x0020000 1324.bbc: 000000000031e000-000000000031ffff 0x0004/0x0004 0x0020000 1324.bbc: 0000000000320000-000000007796ffff 0x0001/0x0000 0x0000000 1324.bbc: *0000000077970000-0000000077970fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1324.bbc: 0000000077971000-0000000077a73fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1324.bbc: 0000000077a74000-0000000077aa3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1324.bbc: 0000000077aa4000-0000000077aaffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1324.bbc: 0000000077ab0000-0000000077b1bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 1324.bbc: 0000000077b1c000-000000007efdffff 0x0001/0x0000 0x0000000 1324.bbc: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000 1324.bbc: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 1324.bbc: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 1324.bbc: 000000007fff0000-000000013fe0ffff 0x0001/0x0000 0x0000000 1324.bbc: *000000013fe10000-000000013fe10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1324.bbc: 000000013fe11000-000000013fe81fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1324.bbc: 000000013fe82000-000000013fe82fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1324.bbc: 000000013fe83000-000000013fec8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1324.bbc: 000000013fec9000-000000013fec9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1324.bbc: 000000013feca000-000000013fecafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1324.bbc: 000000013fecb000-000000013fecffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1324.bbc: 000000013fed0000-000000013fed0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1324.bbc: 000000013fed1000-000000013fed1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1324.bbc: 000000013fed2000-000000013fed5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1324.bbc: 000000013fed6000-000000013ff1dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 1324.bbc: 000000013ff1e000-000007feffc8ffff 0x0001/0x0000 0x0000000 1324.bbc: *000007feffc90000-000007feffc90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apisetschema.dll 1324.bbc: 000007feffc91000-000007fffffaffff 0x0001/0x0000 0x0000000 1324.bbc: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000 1324.bbc: 000007fffffd3000-000007fffffd5fff 0x0001/0x0000 0x0000000 1324.bbc: *000007fffffd6000-000007fffffd6fff 0x0004/0x0004 0x0020000 1324.bbc: 000007fffffd7000-000007fffffddfff 0x0001/0x0000 0x0000000 1324.bbc: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000 1324.bbc: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000 1324.bbc: apisetschema.dll: timestamp 0x4a5bdeab (rc=VINF_SUCCESS) 1324.bbc: VirtualBox.exe: timestamp 0x5b72bf7e (rc=VINF_SUCCESS) 1324.bbc: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1324.bbc: '\Device\HarddiskVolume3\Windows\System32\apisetschema.dll' has no imports 1324.bbc: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports 1324.bbc: supR3HardNtChildPurify: Done after 323 ms and 0 fixes (loop #0). 9e0.344: Log file opened: 5.2.18r124319 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db000 9e0.344: supR3HardenedVmProcessInit: uNtDllAddr=0000000077970000 g_uNtVerCombined=0x611db000 9e0.344: ntdll.dll: timestamp 0x4cc7b325 (rc=VINF_SUCCESS) 9e0.344: New simple heap: #1 0000000000320000 LB 0x400000 (for 1753088 allocation) 1324.bbc: supR3HardNtEnableThreadCreation: 9e0.344: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 9e0.344: System32: \Device\HarddiskVolume3\Windows\System32 9e0.344: WinSxS: \Device\HarddiskVolume3\Windows\winsxs 9e0.344: KnownDllPath: C:\Windows\system32 9e0.344: supR3HardenedVmProcessInit: Opening vboxdrv stub... 9e0.344: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 9e0.344: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 9e0.344: Registered Dll notification callback with NTDLL. 9e0.344: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll) 9e0.344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll 9e0.344: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 9e0.344: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 9e0.344: supR3HardenedDllNotificationCallback: load 0000000077750000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0] 9e0.344: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 9e0.344: supR3HardenedDllNotificationCallback: load 000007fefda20000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] 9e0.344: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll) 9e0.344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 9e0.344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077750000 'C:\Windows\system32\kernel32.dll' 9e0.344: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000779a2ac0 pvNtTerminateThread=00000000779bfbe0 1324.bbc: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 123 ms. 9e0.344: \SystemRoot\System32\ntdll.dll: 9e0.344: CreationTime: 2017-12-27T16:17:42.754411400Z 9e0.344: LastWriteTime: 2010-10-27T05:16:01.087520700Z 9e0.344: ChangeTime: 2017-12-28T02:16:50.051600300Z 9e0.344: FileAttributes: 0x20 9e0.344: Size: 0x1a89a8 9e0.344: NT Headers: 0xe8 9e0.344: Timestamp: 0x4cc7b325 9e0.344: Machine: 0x8664 - amd64 9e0.344: Timestamp: 0x4cc7b325 9e0.344: Image Version: 6.1 9e0.344: SizeOfImage: 0x1ac000 (1753088) 9e0.344: Resource Dir: 0x154000 LB 0x560d0 9e0.344: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 9e0.344: [Raw version resource data: 0x1540f0 LB 0x378, codepage 0x0 (reserved 0x0)] 9e0.344: ProductName: Microsoft® Windows® Operating System 9e0.344: ProductVersion: 6.1.7600.16695 9e0.344: FileVersion: 6.1.7600.16695 (win7_gdr.101026-1503) 9e0.344: FileDescription: NT Layer DLL 9e0.344: \SystemRoot\System32\kernel32.dll: 9e0.344: CreationTime: 2017-12-27T16:15:39.420810600Z 9e0.344: LastWriteTime: 2012-11-30T05:43:53.453000000Z 9e0.344: ChangeTime: 2017-12-28T02:16:17.697200100Z 9e0.344: FileAttributes: 0x20 9e0.344: Size: 0x11b800 9e0.344: NT Headers: 0xe0 9e0.344: Timestamp: 0x50b84840 9e0.344: Machine: 0x8664 - amd64 9e0.344: Timestamp: 0x50b84840 9e0.344: Image Version: 6.1 9e0.344: SizeOfImage: 0x11f000 (1175552) 9e0.344: Resource Dir: 0x116000 LB 0x520 9e0.344: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 9e0.344: [Raw version resource data: 0x1160b0 LB 0x39c, codepage 0x0 (reserved 0x0)] 9e0.344: ProductName: Microsoft® Windows® Operating System 9e0.344: ProductVersion: 6.1.7600.17179 9e0.344: FileVersion: 6.1.7600.17179 (win7_gdr.121129-1434) 9e0.344: FileDescription: Windows NT BASE API Client DLL 9e0.344: \SystemRoot\System32\KernelBase.dll: 9e0.344: CreationTime: 2017-12-27T16:15:39.576810600Z 9e0.344: LastWriteTime: 2012-11-30T05:43:53.547000000Z 9e0.344: ChangeTime: 2017-12-28T02:16:17.697200100Z 9e0.344: FileAttributes: 0x20 9e0.344: Size: 0x67c00 9e0.344: NT Headers: 0xe8 9e0.344: Timestamp: 0x50b84841 9e0.344: Machine: 0x8664 - amd64 9e0.344: Timestamp: 0x50b84841 9e0.344: Image Version: 6.1 9e0.344: SizeOfImage: 0x6c000 (442368) 9e0.344: Resource Dir: 0x6a000 LB 0x528 9e0.344: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 9e0.344: [Raw version resource data: 0x6a0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 9e0.344: ProductName: Microsoft® Windows® Operating System 9e0.344: ProductVersion: 6.1.7600.17179 9e0.344: FileVersion: 6.1.7600.17179 (win7_gdr.121129-1434) 9e0.344: FileDescription: Windows NT BASE API Client DLL 9e0.344: \SystemRoot\System32\apisetschema.dll: 9e0.344: CreationTime: 2009-07-13T23:18:54.866423200Z 9e0.344: LastWriteTime: 2009-07-14T01:24:53.779000000Z 9e0.344: ChangeTime: 2017-12-27T14:16:08.339602700Z 9e0.344: FileAttributes: 0x20 9e0.344: Size: 0x1a00 9e0.344: NT Headers: 0xc0 9e0.344: Timestamp: 0x4a5bdeab 9e0.344: Machine: 0x8664 - amd64 9e0.344: Timestamp: 0x4a5bdeab 9e0.344: Image Version: 6.1 9e0.344: SizeOfImage: 0x50000 (327680) 9e0.344: Resource Dir: 0x30000 LB 0x3f0 9e0.344: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 9e0.344: [Raw version resource data: 0x30060 LB 0x390, codepage 0x0 (reserved 0x0)] 9e0.344: ProductName: Microsoft® Windows® Operating System 9e0.344: ProductVersion: 6.1.7600.16385 9e0.344: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255) 9e0.344: FileDescription: ApiSet Schema DLL 9e0.344: supR3HardenedWinFindAdversaries: 0x0 9e0.344: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 9e0.344: Calling main() 9e0.344: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 9e0.344: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 9e0.344: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 9e0.344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe) 9e0.344: SUPR3HardenedMain: Respawn #2 9e0.344: supR3HardNtEnableThreadCreation: 9e0.344: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\apphelp.dll) 9e0.344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\apphelp.dll 9e0.344: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 9e0.344: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 9e0.344: supR3HardenedDllNotificationCallback: load 000007fefd760000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0] 9e0.344: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 9e0.344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd760000 'C:\Windows\system32\apphelp.dll' 9e0.344: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000779a2ac0 pvNtTerminateThread=00000000779bfbe0 9e0.344: supR3HardenedWinDoReSpawn(2): New child f6c.1068 [kernel32]. 9e0.344: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdb000 cbPeb=0x380 9e0.344: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077970000 uNtDllChildAddr=0000000077970000 9e0.344: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000779a2ac0 9e0.344: supR3HardenedWinSetupChildInit: Start child. 9e0.344: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 9e0.344: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 33 sleeps 9e0.344: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 9e0.344: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000 9e0.344: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000 9e0.344: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000 9e0.344: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000 9e0.344: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000 9e0.344: 0000000000041000-000000000011ffff 0x0001/0x0000 0x0000000 9e0.344: *0000000000120000-000000000021bfff 0x0000/0x0004 0x0020000 9e0.344: 000000000021c000-000000000021dfff 0x0104/0x0004 0x0020000 9e0.344: 000000000021e000-000000000021ffff 0x0004/0x0004 0x0020000 9e0.344: 0000000000220000-000000007796ffff 0x0001/0x0000 0x0000000 9e0.344: *0000000077970000-0000000077970fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 9e0.344: 0000000077971000-0000000077a73fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 9e0.344: 0000000077a74000-0000000077aa3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 9e0.344: 0000000077aa4000-0000000077aaffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 9e0.344: 0000000077ab0000-0000000077b1bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 9e0.344: 0000000077b1c000-000000007efdffff 0x0001/0x0000 0x0000000 9e0.344: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000 9e0.344: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 9e0.344: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 9e0.344: 000000007fff0000-000000013fe0ffff 0x0001/0x0000 0x0000000 9e0.344: *000000013fe10000-000000013fe10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 9e0.344: 000000013fe11000-000000013fe81fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 9e0.344: 000000013fe82000-000000013fe82fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 9e0.344: 000000013fe83000-000000013fec8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 9e0.344: 000000013fec9000-000000013fec9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 9e0.344: 000000013feca000-000000013fecafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 9e0.344: 000000013fecb000-000000013fecffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 9e0.344: 000000013fed0000-000000013fed0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 9e0.344: 000000013fed1000-000000013fed1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 9e0.344: 000000013fed2000-000000013fed5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 9e0.344: 000000013fed6000-000000013ff1dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe 9e0.344: 000000013ff1e000-000007feffc8ffff 0x0001/0x0000 0x0000000 9e0.344: *000007feffc90000-000007feffc90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apisetschema.dll 9e0.344: 000007feffc91000-000007fffffaffff 0x0001/0x0000 0x0000000 9e0.344: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000 9e0.344: 000007fffffd3000-000007fffffdafff 0x0001/0x0000 0x0000000 9e0.344: *000007fffffdb000-000007fffffdbfff 0x0004/0x0004 0x0020000 9e0.344: 000007fffffdc000-000007fffffddfff 0x0001/0x0000 0x0000000 9e0.344: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000 9e0.344: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000 9e0.344: apisetschema.dll: timestamp 0x4a5bdeab (rc=VINF_SUCCESS) 9e0.344: VirtualBox.exe: timestamp 0x5b72bf7e (rc=VINF_SUCCESS) 9e0.344: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 9e0.344: '\Device\HarddiskVolume3\Windows\System32\apisetschema.dll' has no imports 9e0.344: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports 9e0.344: supR3HardNtChildPurify: Done after 330 ms and 0 fixes (loop #0). f6c.1068: Log file opened: 5.2.18r124319 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db000 f6c.1068: supR3HardenedVmProcessInit: uNtDllAddr=0000000077970000 g_uNtVerCombined=0x611db000 f6c.1068: ntdll.dll: timestamp 0x4cc7b325 (rc=VINF_SUCCESS) f6c.1068: New simple heap: #1 0000000000320000 LB 0x400000 (for 1753088 allocation) 9e0.344: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000320000 LB 0x400000) 9e0.344: supR3HardNtEnableThreadCreation: f6c.1068: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' f6c.1068: System32: \Device\HarddiskVolume3\Windows\System32 f6c.1068: WinSxS: \Device\HarddiskVolume3\Windows\winsxs f6c.1068: KnownDllPath: C:\Windows\system32 f6c.1068: supR3HardenedVmProcessInit: Opening vboxdrv... f6c.1068: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... f6c.1068: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... f6c.1068: Registered Dll notification callback with NTDLL. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 0000000077750000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefda20000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077750000 'C:\Windows\system32\kernel32.dll' f6c.1068: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000779a2ac0 pvNtTerminateThread=00000000779bfbe0 9e0.344: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 275 ms. f6c.1068: \SystemRoot\System32\ntdll.dll: f6c.1068: CreationTime: 2017-12-27T16:17:42.754411400Z f6c.1068: LastWriteTime: 2010-10-27T05:16:01.087520700Z f6c.1068: ChangeTime: 2017-12-28T02:16:50.051600300Z f6c.1068: FileAttributes: 0x20 f6c.1068: Size: 0x1a89a8 f6c.1068: NT Headers: 0xe8 f6c.1068: Timestamp: 0x4cc7b325 f6c.1068: Machine: 0x8664 - amd64 f6c.1068: Timestamp: 0x4cc7b325 f6c.1068: Image Version: 6.1 f6c.1068: SizeOfImage: 0x1ac000 (1753088) f6c.1068: Resource Dir: 0x154000 LB 0x560d0 f6c.1068: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] f6c.1068: [Raw version resource data: 0x1540f0 LB 0x378, codepage 0x0 (reserved 0x0)] f6c.1068: ProductName: Microsoft® Windows® Operating System f6c.1068: ProductVersion: 6.1.7600.16695 f6c.1068: FileVersion: 6.1.7600.16695 (win7_gdr.101026-1503) f6c.1068: FileDescription: NT Layer DLL f6c.1068: \SystemRoot\System32\kernel32.dll: f6c.1068: CreationTime: 2017-12-27T16:15:39.420810600Z f6c.1068: LastWriteTime: 2012-11-30T05:43:53.453000000Z f6c.1068: ChangeTime: 2017-12-28T02:16:17.697200100Z f6c.1068: FileAttributes: 0x20 f6c.1068: Size: 0x11b800 f6c.1068: NT Headers: 0xe0 f6c.1068: Timestamp: 0x50b84840 f6c.1068: Machine: 0x8664 - amd64 f6c.1068: Timestamp: 0x50b84840 f6c.1068: Image Version: 6.1 f6c.1068: SizeOfImage: 0x11f000 (1175552) f6c.1068: Resource Dir: 0x116000 LB 0x520 f6c.1068: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] f6c.1068: [Raw version resource data: 0x1160b0 LB 0x39c, codepage 0x0 (reserved 0x0)] f6c.1068: ProductName: Microsoft® Windows® Operating System f6c.1068: ProductVersion: 6.1.7600.17179 f6c.1068: FileVersion: 6.1.7600.17179 (win7_gdr.121129-1434) f6c.1068: FileDescription: Windows NT BASE API Client DLL f6c.1068: \SystemRoot\System32\KernelBase.dll: f6c.1068: CreationTime: 2017-12-27T16:15:39.576810600Z f6c.1068: LastWriteTime: 2012-11-30T05:43:53.547000000Z f6c.1068: ChangeTime: 2017-12-28T02:16:17.697200100Z f6c.1068: FileAttributes: 0x20 f6c.1068: Size: 0x67c00 f6c.1068: NT Headers: 0xe8 f6c.1068: Timestamp: 0x50b84841 f6c.1068: Machine: 0x8664 - amd64 f6c.1068: Timestamp: 0x50b84841 f6c.1068: Image Version: 6.1 f6c.1068: SizeOfImage: 0x6c000 (442368) f6c.1068: Resource Dir: 0x6a000 LB 0x528 f6c.1068: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] f6c.1068: [Raw version resource data: 0x6a0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] f6c.1068: ProductName: Microsoft® Windows® Operating System f6c.1068: ProductVersion: 6.1.7600.17179 f6c.1068: FileVersion: 6.1.7600.17179 (win7_gdr.121129-1434) f6c.1068: FileDescription: Windows NT BASE API Client DLL f6c.1068: \SystemRoot\System32\apisetschema.dll: f6c.1068: CreationTime: 2009-07-13T23:18:54.866423200Z f6c.1068: LastWriteTime: 2009-07-14T01:24:53.779000000Z f6c.1068: ChangeTime: 2017-12-27T14:16:08.339602700Z f6c.1068: FileAttributes: 0x20 f6c.1068: Size: 0x1a00 f6c.1068: NT Headers: 0xc0 f6c.1068: Timestamp: 0x4a5bdeab f6c.1068: Machine: 0x8664 - amd64 f6c.1068: Timestamp: 0x4a5bdeab f6c.1068: Image Version: 6.1 f6c.1068: SizeOfImage: 0x50000 (327680) f6c.1068: Resource Dir: 0x30000 LB 0x3f0 f6c.1068: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] f6c.1068: [Raw version resource data: 0x30060 LB 0x390, codepage 0x0 (reserved 0x0)] f6c.1068: ProductName: Microsoft® Windows® Operating System f6c.1068: ProductVersion: 6.1.7600.16385 f6c.1068: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255) f6c.1068: FileDescription: ApiSet Schema DLL f6c.1068: supR3HardenedWinFindAdversaries: 0x0 f6c.1068: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' f6c.1068: Calling main() f6c.1068: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 f6c.1068: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' f6c.1068: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe) f6c.1068: SUPR3HardenedMain: Final process, opening VBoxDrv... f6c.1068: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000320000 LB 0x400000) f6c.1068: supR3HardNtEnableThreadCreation: f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000873cc0:C:\Windows\system32 [calling] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefa390000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa390000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa390000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa390000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000873cc0:C:\Windows\system32 [calling] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd9c0000 LB 0x0003a000 C:\Windows\system32\Wintrust.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefdd80000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefdb30000 LB 0x00166000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd970000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefde60000 LB 0x0012e000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9c0000 'C:\Windows\system32\Wintrust.dll' f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008b8ef0:C:\Windows\system32 [calling] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd2b0000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2b0000 'C:\Windows\system32\bcrypt.dll' f6c.1068: bcrypt.dll loaded at 000007fefd2b0000, BCryptOpenAlgorithmProvider at 000007fefd2b2640, preloading providers: f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefcda0000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefdca0000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\sechost.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefde40000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcda0000 'C:\Windows\system32\bcryptprimitives.dll' f6c.1068: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000008ba5d0) f6c.1068: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000008bd490) f6c.1068: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000008bd5b0) f6c.1068: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000008bd7c0) f6c.1068: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000008bd8e0) f6c.1068: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000008bda00) f6c.1068: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000008bdc40) f6c.1068: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000008bdd60) f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd160000 LB 0x00017000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd160000 'C:\Windows\system32\CRYPTSP.dll' f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefce60000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce60000 'C:\Windows\system32\rsaenh.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdca0000 'C:\Windows\system32\ADVAPI32.dll' f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd7c0000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7c0000 'C:\Windows\system32\CRYPTBASE.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077750000 'C:\Windows\system32\kernel32.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9c0000 'C:\Windows\system32\WINTRUST.DLL' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb30000 'C:\Windows\system32\CRYPT32.dll' f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imagehlp.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefde20000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imagehlp.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde20000 'C:\Windows\system32\imagehlp.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd160000 'C:\Windows\system32\CRYPTSP.dll' f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\user32.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume3\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\lpk.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\lpk.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume3\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\usp10.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\usp10.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 0000000077870000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007feffa20000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff3e0000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\lpk.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff100000 LB 0x000ca000 C:\Windows\system32\USP10.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\usp10.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa20000 'C:\Windows\system32\gdi32.dll' f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\imm32.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume3\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\msctf.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff0d0000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff490000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msctf.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0d0000 'C:\Windows\system32\IMM32.DLL' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077870000 'C:\Windows\system32\USER32.dll' f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\ncrypt.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ncrypt.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ncrypt.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd2e0000 LB 0x0004e000 C:\Windows\system32\ncrypt.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ncrypt.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2e0000 'C:\Windows\system32\ncrypt.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2b0000 'C:\Windows\system32\bcrypt.dll' f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\userenv.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\profapi.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\userenv.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefcc00000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\userenv.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd890000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc00000 'C:\Windows\system32\USERENV.dll' f6c.1068: supR3HardenedIsApiSetDll: '' -> true f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'API-MS-Win-Security-SDDL-L1-1-0.dll' f6c.1068: supR3HardenedIsApiSetDll: '' -> true f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'API-MS-Win-Security-SDDL-L1-1-0.dll' f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefcbe0000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcbe0000 'C:\Windows\system32\GPAPI.dll' f6c.1068: supR3HardenedIsApiSetDll: '' -> true f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'API-MS-WIN-Service-Management-L1-1-0.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde60000 'C:\Windows\system32\rpcrt4.dll' f6c.1068: supR3HardenedIsApiSetDll: '' -> true f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'API-MS-WIN-Service-Management-L2-1-0.dll' f6c.1068: supR3HardenedIsApiSetDll: '' -> true f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'API-MS-Win-Security-SDDL-L1-1-0.dll' f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'crypt32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'wldap32.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume3\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\Wldap32.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\Wldap32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fef9c30000 LB 0x00026000 C:\Windows\system32\cryptnet.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefee20000 LB 0x00050000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\Wldap32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c30000 'C:\Windows\system32\cryptnet.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c30000 'C:\Windows\system32\cryptnet.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c30000 'C:\Windows\system32\cryptnet.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c30000 'C:\Windows\system32\cryptnet.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c30000 'C:\Windows\system32\cryptnet.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c30000 'C:\Windows\system32\cryptnet.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c30000 'C:\Windows\system32\cryptnet.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c30000 'C:\Windows\system32\cryptnet.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c30000 'C:\Windows\system32\cryptnet.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c30000 'C:\Windows\system32\cryptnet.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c30000 'C:\Windows\system32\cryptnet.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c30000 'C:\Windows\system32\cryptnet.dll' f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefe010000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe010000 'C:\Windows\system32\SHLWAPI.dll' f6c.1068: supR3HardenedIsApiSetDll: '' -> true f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'API-MS-Win-Security-SDDL-L1-1-0.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd890000 'C:\Windows\system32\profapi.dll' f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\devobj.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\setupapi.dll (Input=setupapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ole32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\devobj.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedIsApiSetDll: '' -> true f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077750000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll' f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cabinet.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cabinet.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Cabinet.dll (Input=Cabinet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cabinet.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fef97e0000 LB 0x0001b000 C:\Windows\system32\Cabinet.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cabinet.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97e0000 'C:\Windows\system32\Cabinet.dll' f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\devrtl.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devrtl.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DEVRTL.dll (Input=DEVRTL.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\devrtl.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefcc20000 LB 0x00012000 C:\Windows\system32\DEVRTL.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\devrtl.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\Windows\system32\DEVRTL.dll' f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [flags=0x0] f6c.1068: supR3HardenedIsApiSetDll: '' -> true f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'API-MS-WIN-Service-Management-L1-1-0.dll' f6c.1068: supR3HardenedIsApiSetDll: '' -> true f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'API-MS-WIN-Service-winsvc-L1-1-0.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde60000 'C:\Windows\system32\RPCRT4.dll' f6c.1068: supR3HardenedIsApiSetDll: '' -> true f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'API-MS-Win-Security-LSALookup-L1-1-0.dll' f6c.1068: supR3HardenedIsApiSetDll: '' -> true f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'API-MS-Win-Security-LSALookup-L1-1-0.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\setupapi.dll (Input=setupapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ole32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\devobj.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedIsApiSetDll: '' -> true f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077750000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cabinet.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Cabinet.dll (Input=Cabinet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97e0000 'C:\Windows\system32\Cabinet.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\devrtl.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DEVRTL.dll (Input=DEVRTL.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\Windows\system32\DEVRTL.dll' f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [flags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c30000 'C:\Windows\system32\cryptnet.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B1CC1FB102B520EF6BF868B8979443077BF99576 f6c.1068: supR3HardenedIsApiSetDll: '' -> true f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'API-MS-Win-Security-SDDL-L1-1-0.dll' f6c.1068: supR3HardenedIsApiSetDll: '' -> true f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'API-MS-WIN-Service-Management-L1-1-0.dll' f6c.1068: supR3HardenedIsApiSetDll: '' -> true f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'API-MS-WIN-Service-winsvc-L1-1-0.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdca0000 'C:\Windows\system32\ADVAPI32.dll' f6c.1068: supR3HardenedIsApiSetDll: '' -> true f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'API-MS-Win-Security-LSALookup-L1-1-0.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_4_for_KB2393802~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\SystemRoot\System32\ntdll.dll' f6c.1068: g_pfnWinVerifyTrust=000007fefd9c1010 f6c.1068: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust] f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume3\Windows\System32\crypt32.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9291EDBBC127C928AA153279BBEF3441A67E2E64 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\crypt32.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' f6c.1068: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust] f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d0 pwszName=\Device\HarddiskVolume3\Windows\System32\wintrust.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=25C526F88FFB65E5337FBED8DA970667B79A436D f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_7_for_KB2653956~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume3\Windows\System32\wintrust.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003e8 pwszName=\Device\HarddiskVolume3\Windows\System32\devrtl.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=445E5B0E9F43B5D56A5B9C4BC3369E3D076ACA1A f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\devrtl.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\devrtl.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003dc pwszName=\Device\HarddiskVolume3\Windows\System32\cabinet.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=61589F17FEF1FC8E13381FC488DFF9B97265ADC0 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\cabinet.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cabinet.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003a4 pwszName=\Device\HarddiskVolume3\Windows\System32\ole32.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0E6E4E4C144C41C8DE8B6D14C0CEFC8466606238 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB979687~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume3\Windows\System32\ole32.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ole32.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003a0 pwszName=\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7C47113CE403595333AD5B6E07C7DAAD692CBCC3 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000039c pwszName=\Device\HarddiskVolume3\Windows\System32\oleaut32.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B6AE55767DA0FEC9EE078C21F6B93D73CB0EC97B f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_7_for_KB2564958~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000398 pwszName=\Device\HarddiskVolume3\Windows\System32\devobj.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\devobj.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\devobj.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000394 pwszName=\Device\HarddiskVolume3\Windows\System32\setupapi.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EF521BA39AF0E47D1865BB0D35CE4A6F4445F683 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\setupapi.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000388 pwszName=\Device\HarddiskVolume3\Windows\System32\shlwapi.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=606ABB1FF11221B54B2441E9291FAEDE00F0A737 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000037c pwszName=\Device\HarddiskVolume3\Windows\System32\Wldap32.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F91ABE7B7E6D1E87E7D4528AF218FE44B6223714 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\Wldap32.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\Wldap32.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000378 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CA2FE16E05087DA5C24DC5EB2EE8053CDA5DE9A9 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000254 pwszName=\Device\HarddiskVolume3\Windows\System32\gpapi.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume3\Windows\System32\gpapi.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c0 pwszName=\Device\HarddiskVolume3\Windows\System32\profapi.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\profapi.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001bc pwszName=\Device\HarddiskVolume3\Windows\System32\userenv.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CECE64826F44D45DC4DC4EAD2487D4E902D28B2 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\userenv.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\userenv.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a8 pwszName=\Device\HarddiskVolume3\Windows\System32\ncrypt.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3D482C50075646C922DC6A66C97956C5060C361B f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\ncrypt.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ncrypt.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume3\Windows\System32\msctf.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=803AF52F95A9EFDFDA06C595023831EE36ACD3A8 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\msctf.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume3\Windows\System32\imm32.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\imm32.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume3\Windows\System32\usp10.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=490BD33C335BD32EC161EED4A67F77D95677E4E5 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\usp10.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\usp10.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume3\Windows\System32\lpk.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A42DFBB8A3A26D2178D79D34DA1CE275E2A0BE37 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\lpk.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\lpk.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume3\Windows\System32\gdi32.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7EA80F9E71FDFA56CCF43E3C55C6720395894024 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\gdi32.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume3\Windows\System32\user32.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DBA6014EFD27EA9F3D12C3683DEBF0C87F381DC9 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\user32.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000178 pwszName=\Device\HarddiskVolume3\Windows\System32\imagehlp.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=19E59F7821F8166B726DD95DFEE4E7A4D77E03C3 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_7_for_KB2653956~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume3\Windows\System32\imagehlp.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000012c pwszName=\Device\HarddiskVolume3\Windows\System32\cryptbase.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A965CC5DB13A5FB23BBB1B6B5FA6D400DC49462F f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptbase.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll' f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000128 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptsp.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=40667EDBA9045D4A4BE1D4844665D3B88F8CD0E0 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptsp.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume3\Windows\System32\sechost.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\sechost.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000118 pwszName=\Device\HarddiskVolume3\Windows\System32\advapi32.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DBCDF817D89920EE3139FB7E090744EB36A4A21B f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\advapi32.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000100 pwszName=\Device\HarddiskVolume3\Windows\System32\bcrypt.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume3\Windows\System32\msvcrt.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=857E2261585BED6E20976DC49046A04066510AC8 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_7_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume3\Windows\System32\msasn1.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9F2501E3A272EEB34B9BC02F1FD262AE3BD138E8 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB974571~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\msasn1.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C14C7754CCAEF4A44E39D16017663B013F785504 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\setupapi.dll (Input=setupapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll f6c.1068: supR3HardenedIsApiSetDll: '' -> true f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077750000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cabinet.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Cabinet.dll (Input=Cabinet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97e0000 'C:\Windows\system32\Cabinet.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devrtl.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DEVRTL.dll (Input=DEVRTL.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\Windows\system32\DEVRTL.dll' f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [flags=0x0] f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000024 pwszName=\Device\HarddiskVolume3\Windows\System32\KernelBase.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BDD7376E7A7F636F4FA916F3B438F5139EB262E7 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_222_for_KB2726535~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\KernelBase.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000001c pwszName=\Device\HarddiskVolume3\Windows\System32\kernel32.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B4DF6E6BDB6DD0A1F360EC0B63067F7E6A84B10D f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_222_for_KB2726535~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\kernel32.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000927aa0:C:\Windows\system32 [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb30000 'C:\Windows\system32\crypt32.dll' f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp. f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3 f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011 f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0xbd02ec9a4a02ab00 DC=len, DC=rovereto, CN=ratsbane-new f6c.1068: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=25 f6c.1068: SUPR3HardenedMain: Load Runtime... f6c.1068: supR3HardenedDllNotificationCallback: load 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [fFlags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll f6c.1068: supR3HardenedIsApiSetDll: '' -> true f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077750000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cabinet.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Cabinet.dll (Input=Cabinet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97e0000 'C:\Windows\system32\Cabinet.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devrtl.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DEVRTL.dll (Input=DEVRTL.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\Windows\system32\DEVRTL.dll' f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [flags=0x0] f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000418 pwszName=\Device\HarddiskVolume3\Windows\System32\ws2_32.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E5F4BCE98F931638C28C032093E78167736B880A f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] f6c.1068: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\nsi.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\nsi.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedDllNotificationCallback: load 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [fFlags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll f6c.1068: supR3HardenedIsApiSetDll: '' -> true f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077750000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cabinet.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Cabinet.dll (Input=Cabinet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97e0000 'C:\Windows\system32\Cabinet.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devrtl.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DEVRTL.dll (Input=DEVRTL.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\Windows\system32\DEVRTL.dll' f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [flags=0x0] f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] f6c.1068: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [fFlags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll f6c.1068: supR3HardenedIsApiSetDll: '' -> true f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077750000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cabinet.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Cabinet.dll (Input=Cabinet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97e0000 'C:\Windows\system32\Cabinet.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devrtl.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DEVRTL.dll (Input=DEVRTL.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\Windows\system32\DEVRTL.dll' f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [flags=0x0] f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ecb80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007fef4b90000 LB 0x00595000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 0000000074410000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll f6c.1068: supR3HardenedDllNotificationCallback: load 0000000074370000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff6d0000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007feffc70000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [avoiding WinVerifyTrust] f6c.1068: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'. f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled] f6c.1068: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\nsi.dll'. f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rescheduled] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000009575c0:C:\Windows\system32 [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9c0000 'C:\Windows\system32\Wintrust.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000009575c0:C:\Windows\system32 [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb30000 'C:\Windows\system32\crypt32.dll' f6c.1068: SUPR3HardenedMain: Load TrustedMain... f6c.1068: supR3HardenedDllNotificationCallback: load 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [fFlags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cabinet.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Cabinet.dll (Input=Cabinet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ecca0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97e0000 'C:\Windows\system32\Cabinet.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devrtl.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DEVRTL.dll (Input=DEVRTL.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ecca0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\Windows\system32\DEVRTL.dll' f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [flags=0x0] f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000478 pwszName=\Device\HarddiskVolume3\Windows\System32\winmm.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\winmm.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000484 pwszName=\Device\HarddiskVolume3\Windows\System32\shell32.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DE7D7A3901C2C2D6C3C0DBA60CA941301EDCFDFD f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2640148~31bf3856ad364e35~amd64~~6.1.2.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\shell32.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll) WinVerifyTrust f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedDllNotificationCallback: load 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [fFlags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [fFlags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97e0000 'C:\Windows\system32\Cabinet.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\Windows\system32\DEVRTL.dll' f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [flags=0x0] f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] f6c.1068: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] f6c.1068: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] f6c.1068: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] f6c.1068: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008] f6c.1068: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\mpr.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume3\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008] f6c.1068: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\ddraw.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\ddraw.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ddraw.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008] f6c.1068: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008] f6c.1068: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dwmapi.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume3\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008] f6c.1068: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\dciman32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dciman32.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dciman32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedDllNotificationCallback: load 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [fFlags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [fFlags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97e0000 'C:\Windows\system32\Cabinet.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\Windows\system32\DEVRTL.dll' f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [flags=0x0] f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008] f6c.1068: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\comdlg32.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comdlg32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume3\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008] f6c.1068: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\winspool.drv'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\winspool.drv) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winspool.drv f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rcNtRedir=0x0] f6c.1068: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\comctl32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\comctl32.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comctl32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedDllNotificationCallback: load 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [fFlags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [fFlags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97e0000 'C:\Windows\system32\Cabinet.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\Windows\system32\DEVRTL.dll' f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [flags=0x0] f6c.1068: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll' f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [fFlags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [fFlags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97e0000 'C:\Windows\system32\Cabinet.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\Windows\system32\DEVRTL.dll' f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [flags=0x0] f6c.1068: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll' f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [fFlags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [fFlags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97e0000 'C:\Windows\system32\Cabinet.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\Windows\system32\DEVRTL.dll' f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [flags=0x0] f6c.1068: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll' f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [fFlags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97e0000 'C:\Windows\system32\Cabinet.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\Windows\system32\DEVRTL.dll' f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [flags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [flags=0x0] f6c.1068: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [redoing WinVerifyTrust] f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000045c pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ecb80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007fef3900000 LB 0x00a06000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007fef5790000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fef7ef0000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ddraw.dll [avoiding WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fef5340000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ddraw.dll [avoiding WinVerifyTrust] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dciman32.dll [avoiding WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fef7cd0000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dciman32.dll [avoiding WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007feffa90000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [fFlags=0x0] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefbb20000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll f6c.1068: supR3HardenedDllNotificationCallback: load 0000000072fd0000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefe090000 LB 0x00d87000 C:\Windows\system32\SHELL32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fef9350000 LB 0x00018000 C:\Windows\system32\MPR.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007fef3300000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll f6c.1068: supR3HardenedDllNotificationCallback: load 0000000072a60000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007fef6080000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\winspool.drv [avoiding WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefa0f0000 LB 0x00070000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\winspool.drv [avoiding WinVerifyTrust] f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff980000 LB 0x00098000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\comdlg32.dll [avoiding WinVerifyTrust] f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll) f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefa710000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\COMCTL32.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll [avoiding WinVerifyTrust] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll f6c.1068: supR3HardenedDllNotificationCallback: load 0000000074310000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefa2c0000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll f6c.1068: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll'. f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll' [rescheduled] f6c.1068: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\comctl32.dll'. f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rescheduled] f6c.1068: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\winspool.drv'. f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winspool.drv' [rescheduled] f6c.1068: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll'. f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' [rescheduled] f6c.1068: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\dciman32.dll'. f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dciman32.dll' [rescheduled] f6c.1068: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'. f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' [rescheduled] f6c.1068: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'. f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled] f6c.1068: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\ddraw.dll'. f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\ddraw.dll' [rescheduled] f6c.1068: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\mpr.dll'. f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ecdc0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0d0000 'C:\Windows\system32\imm32.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdca0000 'C:\Windows\system32\ADVAPI32.DLL' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7c0000 'C:\Windows\system32\cryptbase.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3900000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll' f6c.1068: SUPR3HardenedMain: Calling TrustedMain (000007fef39014f0)... f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff1d0000 'C:\Windows\system32\ole32.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdca0000 'C:\Windows\system32\ADVAPI32.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ecb80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd890000 'C:\Windows\system32\profapi.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97e0000 'C:\Windows\system32\Cabinet.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\Windows\system32\DEVRTL.dll' f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ecb80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007fef4a60000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4a60000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ecb80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7c0000 'C:\Windows\system32\CRYPTBASE.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077870000 'C:\Windows\system32\user32.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ecb80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe090000 'C:\Windows\system32\shell32.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0 f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Windows\system32\wintab32.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ecb80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa2c0000 'C:\Windows\system32\winmm.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ecb80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa2c0000 'C:\Windows\system32\winmm.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ecb80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe090000 'C:\Windows\system32\shell32.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000558 pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ecb80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefc1a0000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc1a0000 'C:\Windows\system32\uxtheme.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdca0000 'C:\Windows\system32\advapi32.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ecb80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc00000 'C:\Windows\system32\userenv.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ecb80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077750000 'C:\Windows\system32\kernel32.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000578 pwszName=\Device\HarddiskVolume3\Windows\System32\clbcatq.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\clbcatq.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll) WinVerifyTrust f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ecb80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\clbcatq.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff3f0000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\clbcatq.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff3f0000 'C:\Windows\system32\CLBCatQ.DLL' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ed090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdca0000 'C:\Windows\system32\ADVAPI32.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ed090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd160000 'C:\Windows\system32\CRYPTSP.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005a0 pwszName=\Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7190FCAE1D497CF28C08503A576285BB6F5EC724 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll) WinVerifyTrust f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ed090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd870000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd870000 'C:\Windows\system32\RpcRtRemote.dll' f6c.448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll' f6c.448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. f6c.448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. f6c.448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. f6c.448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. f6c.448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'. f6c.448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'. f6c.448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust f6c.448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] f6c.448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] f6c.448: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000913570:C:\Program Files\Oracle\VirtualBox;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.448: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll f6c.448: supR3HardenedDllNotificationCallback: load 000007fef2db0000 LB 0x00546000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0] f6c.448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll f6c.448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2db0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll' f6c.448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll' f6c.448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. f6c.448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. f6c.448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. f6c.448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'. f6c.448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'. f6c.448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'. f6c.448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. f6c.448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust f6c.448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] f6c.448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] f6c.448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] f6c.448: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000913570:C:\Program Files\Oracle\VirtualBox;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.448: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll f6c.448: supR3HardenedDllNotificationCallback: load 000007fef56d0000 LB 0x000ba000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0] f6c.448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll f6c.448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef56d0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll' f6c.448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeff0000 'C:\Windows\system32\oleaut32.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdca0000 'C:\Windows\system32\ADVAPI32.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa20000 'C:\Windows\system32\gdi32.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff1d0000 'C:\Windows\system32\ole32.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff1d0000 'C:\Windows\system32\ole32.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeff0000 'C:\Windows\system32\OLEAUT32.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000918 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000091c pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=28C1989B7914A37F8B8476A04FF90F25B8FA1A04 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000951180:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefa6b0000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefa9f0000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa6b0000 'C:\Windows\system32\wbem\wbemprox.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000944 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000951180:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefa400000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa400000 'C:\Windows\system32\wbem\wbemsvc.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000948 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000928 pwszName=\Device\HarddiskVolume3\Windows\System32\ntdsapi.dll f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\ntdsapi.dll' f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'. f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdsapi.dll) WinVerifyTrust f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdsapi.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000951180:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefa8c0000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntdsapi.dll f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefa7b0000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0] f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntdsapi.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa8c0000 'C:\Windows\system32\wbem\fastprox.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeff0000 'C:\Windows\system32\OLEAUT32.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000034120d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa2c0000 'C:\Windows\system32\WINMM.dll' f6c.1110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll' f6c.1110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. f6c.1110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'. f6c.1110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. f6c.1110: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust f6c.1110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll f6c.1110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... f6c.1110: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] f6c.1110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'... f6c.1110: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008] f6c.1110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll' f6c.1110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'. f6c.1110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. f6c.1110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'. f6c.1110: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust f6c.1110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll f6c.1110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... f6c.1110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] f6c.1110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.1110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.1110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... f6c.1110: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] f6c.1110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll f6c.1110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... f6c.1110: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] f6c.1110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003411f20:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.1110: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll f6c.1110: supR3HardenedDllNotificationCallback: load 000007fef2ae0000 LB 0x002c9000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0] f6c.1110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll f6c.1110: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll f6c.1110: supR3HardenedDllNotificationCallback: load 0000000074050000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0] f6c.1110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll f6c.1110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2ae0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL' f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll' f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a44 pwszName=\Device\HarddiskVolume3\Windows\System32\netcfgx.dll f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=33DAA9CC6F997D3C2EE91D76DD0DB6F4CD4685FB f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\netcfgx.dll' f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shlwapi.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'nsi.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'iphlpapi.dll'. f6c.d54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\netcfgx.dll) WinVerifyTrust f6c.d54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\netcfgx.dll f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a60 pwszName=\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9BC82F0D09DA90D52812F6F0F30999905E06ECB1 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL' f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. f6c.d54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust f6c.d54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [redoing WinVerifyTrust] f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000404 pwszName=\Device\HarddiskVolume3\Windows\System32\nsi.dll f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\nsi.dll' f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.d54: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll' f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a48 pwszName=\Device\HarddiskVolume3\Windows\System32\winnsi.dll f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\winnsi.dll' f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'. f6c.d54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll) WinVerifyTrust f6c.d54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\netcfgx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000955910:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\netcfgx.dll f6c.d54: supR3HardenedDllNotificationCallback: load 000007fef4430000 LB 0x00083000 C:\Windows\system32\netcfgx.dll [fFlags=0x0] f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\netcfgx.dll f6c.d54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL f6c.d54: supR3HardenedDllNotificationCallback: load 000007fefbb40000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0] f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL f6c.d54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll f6c.d54: supR3HardenedDllNotificationCallback: load 000007fefbb10000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0] f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4430000 'C:\Windows\system32\netcfgx.dll' f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\SETUPAPI.dll' f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.dll (Input=WINTRUST.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003411f20:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9c0000 'C:\Windows\system32\WINTRUST.dll' f6c.73c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll' f6c.73c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. f6c.73c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. f6c.73c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. f6c.73c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. f6c.73c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust f6c.73c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll f6c.73c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.73c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.73c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... f6c.73c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] f6c.73c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... f6c.73c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] f6c.73c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll f6c.73c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... f6c.73c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] f6c.73c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412310:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.73c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll f6c.73c: supR3HardenedDllNotificationCallback: load 000007fef7cc0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0] f6c.73c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll f6c.73c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL' f6c.73c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077870000 'C:\Windows\system32\User32.dll' f6c.f58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll' f6c.f58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. f6c.f58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. f6c.f58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. f6c.f58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust f6c.f58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll f6c.f58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... f6c.f58: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] f6c.f58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... f6c.f58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] f6c.f58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll f6c.f58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... f6c.f58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] f6c.f58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412310:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.f58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll f6c.f58: supR3HardenedDllNotificationCallback: load 000007fef7cb0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0] f6c.f58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll f6c.f58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7cb0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL' f6c.cc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll' f6c.cc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. f6c.cc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. f6c.cc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. f6c.cc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust f6c.cc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll f6c.cc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... f6c.cc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] f6c.cc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... f6c.cc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] f6c.cc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... f6c.cc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] f6c.cc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412310:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.cc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll f6c.cc8: supR3HardenedDllNotificationCallback: load 000007fef6070000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0] f6c.cc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll f6c.cc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6070000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL' f6c.6f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll' f6c.6f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. f6c.6f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. f6c.6f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. f6c.6f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust f6c.6f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll f6c.6f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... f6c.6f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] f6c.6f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... f6c.6f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] f6c.6f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... f6c.6f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] f6c.6f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll f6c.6f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412700:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.6f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll f6c.6f4: supR3HardenedDllNotificationCallback: load 000007fef6060000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0] f6c.6f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll f6c.6f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6060000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL' f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412700:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe090000 'C:\Windows\system32\Shell32.dll' f6c.d54: supR3HardenedIsApiSetDll: '' -> true f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000003412700:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'API-MS-Win-Security-SDDL-L1-1-0.dll' f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll' f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll' f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'. f6c.d54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust f6c.d54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll' f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. f6c.d54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust f6c.d54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll' f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. f6c.d54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust f6c.d54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412700:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll f6c.d54: supR3HardenedDllNotificationCallback: load 000007fef2110000 LB 0x009cd000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0] f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll f6c.d54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll f6c.d54: supR3HardenedDllNotificationCallback: load 000007fef49f0000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0] f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll f6c.d54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll f6c.d54: supR3HardenedDllNotificationCallback: load 000007fef4990000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0] f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2110000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL' f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll' f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412700:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2db0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL' f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll' f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412700:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4990000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL' f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll' f6c.e10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll' f6c.e10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. f6c.e10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. f6c.e10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. f6c.e10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust f6c.e10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll f6c.e10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... f6c.e10: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] f6c.e10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... f6c.e10: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] f6c.e10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll f6c.e10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... f6c.e10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] f6c.e10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412700:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.e10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll f6c.e10: supR3HardenedDllNotificationCallback: load 000007fef6030000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0] f6c.e10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll f6c.e10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6030000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdca0000 'C:\Windows\system32\ADVAPI32.dll' f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000db4 pwszName=\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=704F97298D44B8146C54067788F597E0BF365197 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll' f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'. f6c.d54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll) WinVerifyTrust f6c.d54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000dc0 pwszName=\Device\HarddiskVolume3\Windows\System32\propsys.dll f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1C32CA584C662CDEB3E782255E761116DDE1DBD3 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\propsys.dll' f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'. f6c.d54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\propsys.dll) WinVerifyTrust f6c.d54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\propsys.dll f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000955910:C:\Windows\System32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll f6c.d54: supR3HardenedDllNotificationCallback: load 000007fefbcc0000 LB 0x0004b000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0] f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll f6c.d54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll f6c.d54: supR3HardenedDllNotificationCallback: load 000007fefbb90000 LB 0x0012c000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0] f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdca0000 'C:\Windows\system32\ADVAPI32.dll' f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbcc0000 'C:\Windows\System32\MMDevApi.dll' f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff1d0000 'C:\Windows\system32\ole32.dll' f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\SETUPAPI.dll' f6c.13fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll f6c.13fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.13fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd980000 'C:\Windows\system32\CFGMGR32.dll' f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e10 pwszName=\Device\HarddiskVolume3\Windows\System32\dsound.dll f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6C3E3D9F8B48D816E52C31576FFFD4AF86AB813 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\dsound.dll' f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'. f6c.d54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dsound.dll) WinVerifyTrust f6c.d54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dsound.dll f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e14 pwszName=\Device\HarddiskVolume3\Windows\System32\powrprof.dll f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0B7DE18787DB24DAD3580634869A9A8FF4AB48F f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\powrprof.dll' f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'. f6c.d54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll) WinVerifyTrust f6c.d54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000955910:C:\Windows\System32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll f6c.d54: supR3HardenedDllNotificationCallback: load 000007fef7150000 LB 0x00088000 C:\Windows\System32\dsound.dll [fFlags=0x0] f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll f6c.d54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\powrprof.dll f6c.d54: supR3HardenedDllNotificationCallback: load 000007fefb320000 LB 0x0002c000 C:\Windows\System32\POWRPROF.dll [fFlags=0x0] f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\powrprof.dll f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7150000 'C:\Windows\System32\dsound.dll' f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7150000 'C:\Windows\System32\dsound.dll' f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7150000 'C:\Windows\system32\dsound.dll' f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe010000 'C:\Windows\system32\SHLWAPI.dll' f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbcc0000 'C:\Windows\system32\MMDEVAPI.DLL' f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff1d0000 'C:\Windows\system32\ole32.dll' f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa2c0000 'C:\Windows\system32\winmm.dll' f6c.d54: supR3HardenedIsApiSetDll: '' -> true f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000003412790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'API-MS-WIN-Service-Management-L1-1-0.dll' f6c.d54: supR3HardenedIsApiSetDll: '' -> true f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000003412790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'API-MS-WIN-Service-winsvc-L1-1-0.dll' f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde60000 'C:\Windows\system32\RPCRT4.dll' f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbcc0000 'C:\Windows\system32\MMDevAPI.DLL' f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e20 pwszName=\Device\HarddiskVolume3\Windows\System32\wdmaud.drv f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=103A71CA09BB9A4F234C7136EEDBC1E4926C293C f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\wdmaud.drv' f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ksuser.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'avrt.dll'. f6c.d54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wdmaud.drv) WinVerifyTrust f6c.d54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wdmaud.drv f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e4c pwszName=\Device\HarddiskVolume3\Windows\System32\avrt.dll f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1362C343929DD08AB918B38DE195D1A11B1D1365 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\avrt.dll' f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.d54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\avrt.dll) WinVerifyTrust f6c.d54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\avrt.dll f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume3\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e50 pwszName=\Device\HarddiskVolume3\Windows\System32\ksuser.dll f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EC3873F9ACBE279185D3540F02128F42D21D0856 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\ksuser.dll' f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.d54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ksuser.dll) WinVerifyTrust f6c.d54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ksuser.dll f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv f6c.d54: supR3HardenedDllNotificationCallback: load 000007fef6f50000 LB 0x0003b000 C:\Windows\system32\wdmaud.drv [fFlags=0x0] f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv f6c.d54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll f6c.d54: supR3HardenedDllNotificationCallback: load 0000000074190000 LB 0x00006000 C:\Windows\system32\ksuser.dll [fFlags=0x0] f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll f6c.d54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll f6c.d54: supR3HardenedDllNotificationCallback: load 000007fefb310000 LB 0x00009000 C:\Windows\system32\AVRT.dll [fFlags=0x0] f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6f50000 'C:\Windows\system32\wdmaud.drv' f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6f50000 'C:\Windows\system32\wdmaud.drv' f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6f50000 'C:\Windows\system32\wdmaud.drv' f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412c10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6f50000 'C:\Windows\system32\wdmaud.drv' f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412c10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6f50000 'C:\Windows\system32\wdmaud.drv' f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e78 pwszName=\Device\HarddiskVolume3\Windows\System32\AudioSes.dll f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7CD903FCBEF1C4CEA76A8749243ABDBC9CB53290 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\AudioSes.dll' f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'. f6c.d54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\AudioSes.dll) WinVerifyTrust f6c.d54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\AudioSes.dll f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412c10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll f6c.d54: supR3HardenedDllNotificationCallback: load 000007fef6320000 LB 0x0004f000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0] f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6320000 'C:\Windows\system32\AUDIOSES.DLL' f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e58 pwszName=\Device\HarddiskVolume3\Windows\System32\msacm32.drv f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=522563F5384AD4C93CF5CF4EEA899D3267552328 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\msacm32.drv' f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'. f6c.d54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.drv) WinVerifyTrust f6c.d54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.drv f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e84 pwszName=\Device\HarddiskVolume3\Windows\System32\msacm32.dll f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCA0A8AEE81B82C402AA72A300B2C8D2DC17C1DA f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\msacm32.dll' f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'. f6c.d54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.dll) WinVerifyTrust f6c.d54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.dll f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412c10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv f6c.d54: supR3HardenedDllNotificationCallback: load 000007fef6310000 LB 0x0000a000 C:\Windows\system32\msacm32.drv [fFlags=0x0] f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv f6c.d54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll f6c.d54: supR3HardenedDllNotificationCallback: load 000007fef5f90000 LB 0x00018000 C:\Windows\system32\MSACM32.dll [fFlags=0x0] f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6310000 'C:\Windows\system32\msacm32.drv' f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412c10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6310000 'C:\Windows\system32\msacm32.drv' f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412c10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6310000 'C:\Windows\system32\msacm32.drv' f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412c10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6310000 'C:\Windows\system32\msacm32.drv' f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412c10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6310000 'C:\Windows\system32\msacm32.drv' f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412c10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6310000 'C:\Windows\system32\msacm32.drv' f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412c10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6310000 'C:\Windows\system32\msacm32.drv' f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6310000 'C:\Windows\system32\msacm32.drv' f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6310000 'C:\Windows\system32\msacm32.drv' f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6310000 'C:\Windows\system32\msacm32.drv' f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e68 pwszName=\Device\HarddiskVolume3\Windows\System32\midimap.dll f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43116C5C719A4751DA70B12932084D73D7AACEA3 f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\midimap.dll' f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'. f6c.d54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\midimap.dll) WinVerifyTrust f6c.d54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\midimap.dll f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412c10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll f6c.d54: supR3HardenedDllNotificationCallback: load 000007fef5f80000 LB 0x00009000 C:\Windows\system32\midimap.dll [fFlags=0x0] f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5f80000 'C:\Windows\system32\midimap.dll' f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412c10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5f80000 'C:\Windows\system32\midimap.dll' f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412c10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5f80000 'C:\Windows\system32\midimap.dll' f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412c10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5f80000 'C:\Windows\system32\midimap.dll' f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa2c0000 'C:\Windows\system32\winmm.dll' f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412c10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7150000 'C:\Windows\system32\dsound.dll' f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa2c0000 'C:\Windows\system32\winmm.dll' f6c.1110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeff0000 'C:\Windows\system32\OLEAUT32.dll' f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000955910:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff490000 'C:\Windows\system32\MSCTF.dll' f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeff0000 'C:\Windows\system32\OLEAUT32.DLL' f6c.12a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll f6c.12a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ed6c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.12a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7150000 'C:\Windows\system32\dsound.dll' f6c.12a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa2c0000 'C:\Windows\system32\winmm.dll' f6c.750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll f6c.750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\audioses.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000955910:C:\Windows\System32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6320000 'C:\Windows\System32\audioses.dll' f6c.b60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll f6c.b60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ecb80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.b60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb310000 'C:\Windows\system32\avrt.dll' f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ed630:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7150000 'C:\Windows\system32\dsound.dll' f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ed630:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa2c0000 'C:\Windows\system32\winmm.dll' f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ed090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling] f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7150000 'C:\Windows\system32\dsound.dll' f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa2c0000 'C:\Windows\system32\winmm.dll'