when i go to the place where whonix is installed , i find a profile called logs , which has my logs to the whonix. images:-
[url=http://s30.postimg.org/fmjc3pb9s/logs_1.jpg]http://s30.postimg.org/fmjc3pb9s/logs_1.jpg[/url]
[url=http://s15.postimg.org/s22onj9ru/log_2.jpg]http://s15.postimg.org/s22onj9ru/log_2.jpg[/url]
the two readable text files contains:-
1- Vbox:-
VirtualBox VM 4.3.26 r98988 win.amd64 (Mar 16 2015 17:35:35) release log
00:00:01.542761 Log opened 2015-04-29T10:48:47.816301200Z
00:00:01.542761 Build Type: release
00:00:01.542764 OS Product: Windows 8.1
00:00:01.542765 OS Release: 6.3.9600
00:00:01.542765 OS Service Pack:
00:00:01.615346 DMI Product Name: N550JK
00:00:01.617420 DMI Product Version: 1.0
00:00:01.617425 Host RAM: 8075MB total, 6456MB available
00:00:01.617427 Executable: C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
00:00:01.617428 Process ID: 4696
00:00:01.617428 Package type: WINDOWS_64BITS_GENERIC
00:00:01.625885 Installed Extension Packs:
00:00:01.625921 None installed!
00:00:01.629449 UIMediumEnumerator: Medium-enumeration finished!
00:00:01.730139 SUP: Opened VMMR0.r0 (C:\Program Files\Oracle\VirtualBox\VMMR0.r0) at 0xfffff8010e800000.
00:00:01.730152 SUP: windbg> .reload /f C:\Program Files\Oracle\VirtualBox\VMMR0.r0=0xfffff8010e800000
00:00:01.733194 Guest OS type: 'Debian'
00:00:01.735646 fHMForced=true - 64-bit guest
00:00:01.743669 File system of 'D:\Whonix-Workstation 10\Snapshots' (snapshots) is unknown
00:00:01.743679 File system of 'D:\Whonix-Workstation 10\Whonix-Workstation-10.0.0.5.5-disk1.vmdk' is ntfs
00:00:01.777463 Shared clipboard mode: Off
00:00:01.790264 Drag'n'drop mode: Off
00:00:01.817132 ************************* CFGM dump *************************
00:00:01.817134 [/] (level 0)
00:00:01.817136 CSAMEnabled <integer> = 0x0000000000000001 (1)
00:00:01.817138 CpuExecutionCap <integer> = 0x0000000000000064 (100)
00:00:01.817139 EnablePAE <integer> = 0x0000000000000001 (1)
00:00:01.817140 HMEnabled <integer> = 0x0000000000000001 (1)
00:00:01.817141 MemBalloonSize <integer> = 0x0000000000000000 (0)
00:00:01.817142 Name <string> = "Whonix-Workstation 10" (cb=22)
00:00:01.817143 NumCPUs <integer> = 0x0000000000000001 (1)
00:00:01.817143 PATMEnabled <integer> = 0x0000000000000001 (1)
00:00:01.817144 PageFusion <integer> = 0x0000000000000000 (0)
00:00:01.817145 RamHoleSize <integer> = 0x0000000020000000 (536 870 912, 512 MB)
00:00:01.817146 RamSize <integer> = 0x0000000030000000 (805 306 368, 768 MB)
00:00:01.817148 RawR0Enabled <integer> = 0x0000000000000001 (1)
00:00:01.817148 RawR3Enabled <integer> = 0x0000000000000001 (1)
00:00:01.817149 TimerMillies <integer> = 0x000000000000000a (10)
00:00:01.817150 UUID <bytes> = "db 0b cc f4 e2 2b f7 49 b0 0c d4 ae 59 9b 92 fe" (cb=16)
00:00:01.817152
00:00:01.817152 [/CPUM/] (level 1)
00:00:01.817153 SyntheticCpu <integer> = 0x0000000000000001 (1)
00:00:01.817154
00:00:01.817154 [/DBGF/] (level 1)
00:00:01.817155 Path <string> = "D:\Whonix-Workstation 10/debug/;D:\Whonix-Workstation 10/;C:\Users\TNT BOM BOM/" (cb=80)
00:00:01.817156
00:00:01.817156 [/Devices/] (level 1)
00:00:01.817156
00:00:01.817157 [/Devices/8237A/] (level 2)
00:00:01.817157
00:00:01.817158 [/Devices/8237A/0/] (level 3)
00:00:01.817159 Trusted <integer> = 0x0000000000000001 (1)
00:00:01.817160
00:00:01.817160 [/Devices/AudioSniffer/] (level 2)
00:00:01.817161
00:00:01.817161 [/Devices/AudioSniffer/0/] (level 3)
00:00:01.817162
00:00:01.817162 [/Devices/AudioSniffer/0/Config/] (level 4)
00:00:01.817163
00:00:01.817163 [/Devices/AudioSniffer/0/LUN#0/] (level 4)
00:00:01.817164 Driver <string> = "MainAudioSniffer" (cb=17)
00:00:01.817165
00:00:01.817165 [/Devices/AudioSniffer/0/LUN#0/Config/] (level 5)
00:00:01.817166 Object <integer> = 0x0000000003d98980 (64 588 160)
00:00:01.817167
00:00:01.817167 [/Devices/VMMDev/] (level 2)
00:00:01.817168
00:00:01.817168 [/Devices/VMMDev/0/] (level 3)
00:00:01.817169 PCIBusNo <integer> = 0x0000000000000000 (0)
00:00:01.817170 PCIDeviceNo <integer> = 0x0000000000000004 (4)
00:00:01.817171 PCIFunctionNo <integer> = 0x0000000000000000 (0)
00:00:01.817171 Trusted <integer> = 0x0000000000000001 (1)
00:00:01.817172
00:00:01.817172 [/Devices/VMMDev/0/Config/] (level 4)
00:00:01.817173 GetHostTimeDisabled <integer> = 0x0000000000000001 (1)
00:00:01.817173 GuestCoreDumpDir <string> = "D:\Whonix-Workstation 10\Snapshots" (cb=35)
00:00:01.817174 RamSize <integer> = 0x0000000030000000 (805 306 368, 768 MB)
00:00:01.817176
00:00:01.817176 [/Devices/VMMDev/0/LUN#0/] (level 4)
00:00:01.817177 Driver <string> = "HGCM" (cb=5)
00:00:01.817177
00:00:01.817178 [/Devices/VMMDev/0/LUN#0/Config/] (level 5)
00:00:01.817179 Object <integer> = 0x0000000004bd8910 (79 530 256)
00:00:01.817180
00:00:01.817180 [/Devices/VMMDev/0/LUN#999/] (level 4)
00:00:01.817181 Driver <string> = "MainStatus" (cb=11)
00:00:01.817181
00:00:01.817182 [/Devices/VMMDev/0/LUN#999/Config/] (level 5)
00:00:01.817183 First <integer> = 0x0000000000000000 (0)
00:00:01.817183 Last <integer> = 0x0000000000000000 (0)
00:00:01.817184 papLeds <integer> = 0x0000000003ddb8a8 (64 862 376)
00:00:01.817185
00:00:01.817185 [/Devices/acpi/] (level 2)
00:00:01.817186
00:00:01.817186 [/Devices/acpi/0/] (level 3)
00:00:01.817187 PCIBusNo <integer> = 0x0000000000000000 (0)
00:00:01.817188 PCIDeviceNo <integer> = 0x0000000000000007 (7)
00:00:01.817188 PCIFunctionNo <integer> = 0x0000000000000000 (0)
00:00:01.817189 Trusted <integer> = 0x0000000000000001 (1)
00:00:01.817189
00:00:01.817190 [/Devices/acpi/0/Config/] (level 4)
00:00:01.817190 CpuHotPlug <integer> = 0x0000000000000000 (0)
00:00:01.817191 FdcEnabled <integer> = 0x0000000000000000 (0)
00:00:01.817192 HostBusPciAddress <integer> = 0x0000000000000000 (0)
00:00:01.817192 HpetEnabled <integer> = 0x0000000000000000 (0)
00:00:01.817193 IOAPIC <integer> = 0x0000000000000001 (1)
00:00:01.817193 IocPciAddress <integer> = 0x0000000000010000 (65 536)
00:00:01.817194 NumCPUs <integer> = 0x0000000000000001 (1)
00:00:01.817195 RamHoleSize <integer> = 0x0000000020000000 (536 870 912, 512 MB)
00:00:01.817196 RamSize <integer> = 0x0000000030000000 (805 306 368, 768 MB)
00:00:01.817197 Serial0IoPortBase <integer> = 0x0000000000000000 (0)
00:00:01.817198 Serial0Irq <integer> = 0x0000000000000000 (0)
00:00:01.817198 Serial1IoPortBase <integer> = 0x0000000000000000 (0)
00:00:01.817199 Serial1Irq <integer> = 0x0000000000000000 (0)
00:00:01.817199 ShowCpu <integer> = 0x0000000000000001 (1)
00:00:01.817200 ShowRtc <integer> = 0x0000000000000000 (0)
00:00:01.817201 SmcEnabled <integer> = 0x0000000000000000 (0)
00:00:01.817201
00:00:01.817201 [/Devices/acpi/0/LUN#0/] (level 4)
00:00:01.817202 Driver <string> = "ACPIHost" (cb=9)
00:00:01.817203
00:00:01.817203 [/Devices/acpi/0/LUN#0/Config/] (level 5)
00:00:01.817204
00:00:01.817204 [/Devices/ahci/] (level 2)
00:00:01.817205
00:00:01.817205 [/Devices/ahci/0/] (level 3)
00:00:01.817206 PCIBusNo <integer> = 0x0000000000000000 (0)
00:00:01.817207 PCIDeviceNo <integer> = 0x000000000000000d (13)
00:00:01.817207 PCIFunctionNo <integer> = 0x0000000000000000 (0)
00:00:01.817208 Trusted <integer> = 0x0000000000000001 (1)
00:00:01.817208
00:00:01.817209 [/Devices/ahci/0/Config/] (level 4)
00:00:01.817210 Bootable <integer> = 0x0000000000000001 (1)
00:00:01.817210 PortCount <integer> = 0x0000000000000004 (4)
00:00:01.817211
00:00:01.817211 [/Devices/ahci/0/Config/Port1/] (level 5)
00:00:01.817212 Hotpluggable <integer> = 0x0000000000000000 (0)
00:00:01.817213 NonRotationalMedium <integer> = 0x0000000000000000 (0)
00:00:01.817213
00:00:01.817213 [/Devices/ahci/0/LUN#1/] (level 4)
00:00:01.817214 Driver <string> = "Block" (cb=6)
00:00:01.817215
00:00:01.817215 [/Devices/ahci/0/LUN#1/Config/] (level 5)
00:00:01.817216 Mountable <integer> = 0x0000000000000001 (1)
00:00:01.817217 Type <string> = "DVD" (cb=4)
00:00:01.817217
00:00:01.817218 [/Devices/ahci/0/LUN#999/] (level 4)
00:00:01.817218 Driver <string> = "MainStatus" (cb=11)
00:00:01.817219
00:00:01.817219 [/Devices/ahci/0/LUN#999/Config/] (level 5)
00:00:01.817220 DeviceInstance <string> = "ahci/0" (cb=7)
00:00:01.817221 First <integer> = 0x0000000000000000 (0)
00:00:01.817222 Last <integer> = 0x0000000000000003 (3)
00:00:01.817222 pConsole <integer> = 0x0000000003ddb290 (64 860 816)
00:00:01.817223 papLeds <integer> = 0x0000000003ddb5d8 (64 861 656)
00:00:01.817224 pmapMediumAttachments <integer> = 0x0000000003ddb8c0 (64 862 400)
00:00:01.817225
00:00:01.817225 [/Devices/apic/] (level 2)
00:00:01.817226
00:00:01.817226 [/Devices/apic/0/] (level 3)
00:00:01.817227 Trusted <integer> = 0x0000000000000001 (1)
00:00:01.817228
00:00:01.817228 [/Devices/apic/0/Config/] (level 4)
00:00:01.817229 IOAPIC <integer> = 0x0000000000000001 (1)
00:00:01.817230 NumCPUs <integer> = 0x0000000000000001 (1)
00:00:01.817230
00:00:01.817230 [/Devices/e1000/] (level 2)
00:00:01.817231
00:00:01.817231 [/Devices/i8254/] (level 2)
00:00:01.817232
00:00:01.817232 [/Devices/i8254/0/] (level 3)
00:00:01.817233
00:00:01.817233 [/Devices/i8254/0/Config/] (level 4)
00:00:01.817234
00:00:01.817234 [/Devices/i8259/] (level 2)
00:00:01.817235
00:00:01.817235 [/Devices/i8259/0/] (level 3)
00:00:01.817236 Trusted <integer> = 0x0000000000000001 (1)
00:00:01.817237
00:00:01.817237 [/Devices/i8259/0/Config/] (level 4)
00:00:01.817238
00:00:01.817238 [/Devices/ichac97/] (level 2)
00:00:01.817239
00:00:01.817239 [/Devices/ichac97/0/] (level 3)
00:00:01.817240 PCIBusNo <integer> = 0x0000000000000000 (0)
00:00:01.817241 PCIDeviceNo <integer> = 0x0000000000000005 (5)
00:00:01.817241 PCIFunctionNo <integer> = 0x0000000000000000 (0)
00:00:01.817242 Trusted <integer> = 0x0000000000000001 (1)
00:00:01.817242
00:00:01.817242 [/Devices/ichac97/0/Config/] (level 4)
00:00:01.817243
00:00:01.817244 [/Devices/ichac97/0/LUN#0/] (level 4)
00:00:01.817244 Driver <string> = "AUDIO" (cb=6)
00:00:01.817245
00:00:01.817245 [/Devices/ichac97/0/LUN#0/Config/] (level 5)
00:00:01.817246 AudioDriver <string> = "dsound" (cb=7)
00:00:01.817247 StreamName <string> = "Whonix-Workstation 10" (cb=22)
00:00:01.817247
00:00:01.817248 [/Devices/ioapic/] (level 2)
00:00:01.817249
00:00:01.817249 [/Devices/ioapic/0/] (level 3)
00:00:01.817250 Trusted <integer> = 0x0000000000000001 (1)
00:00:01.817250
00:00:01.817250 [/Devices/ioapic/0/Config/] (level 4)
00:00:01.817251 NumCPUs <integer> = 0x0000000000000001 (1)
00:00:01.817252
00:00:01.817252 [/Devices/lsilogicsas/] (level 2)
00:00:01.817253
00:00:01.817253 [/Devices/lsilogicsas/0/] (level 3)
00:00:01.817254 PCIBusNo <integer> = 0x0000000000000000 (0)
00:00:01.817255 PCIDeviceNo <integer> = 0x0000000000000016 (22)
00:00:01.817256 PCIFunctionNo <integer> = 0x0000000000000000 (0)
00:00:01.817256 Trusted <integer> = 0x0000000000000001 (1)
00:00:01.817257
00:00:01.817257 [/Devices/lsilogicsas/0/Config/] (level 4)
00:00:01.817258 Bootable <integer> = 0x0000000000000001 (1)
00:00:01.817259 ControllerType <string> = "SAS1068" (cb=8)
00:00:01.817259 NumPorts <integer> = 0x0000000000000008 (8)
00:00:01.817260
00:00:01.817260 [/Devices/lsilogicsas/0/Config/Port0/] (level 5)
00:00:01.817261 Hotpluggable <integer> = 0x0000000000000000 (0)
00:00:01.817262
00:00:01.817262 [/Devices/lsilogicsas/0/LUN#0/] (level 4)
00:00:01.817263 Driver <string> = "SCSI" (cb=5)
00:00:01.817263
00:00:01.817263 [/Devices/lsilogicsas/0/LUN#0/AttachedDriver/] (level 5)
00:00:01.817264 Driver <string> = "Block" (cb=6)
00:00:01.817265
00:00:01.817265 [/Devices/lsilogicsas/0/LUN#0/AttachedDriver/AttachedDriver/] (level 6)
00:00:01.817267 Driver <string> = "VD" (cb=3)
00:00:01.817267
00:00:01.817267 [/Devices/lsilogicsas/0/LUN#0/AttachedDriver/AttachedDriver/Config/] (level 7)
00:00:01.817269 BlockCache <integer> = 0x0000000000000001 (1)
00:00:01.817269 Format <string> = "VMDK" (cb=5)
00:00:01.817270 Path <string> = "D:\Whonix-Workstation 10\Whonix-Workstation-10.0.0.5.5-disk1.vmdk" (cb=66)
00:00:01.817271 Type <string> = "HardDisk" (cb=9)
00:00:01.817271 UseNewIo <integer> = 0x0000000000000001 (1)
00:00:01.817272
00:00:01.817272 [/Devices/lsilogicsas/0/LUN#0/AttachedDriver/Config/] (level 6)
00:00:01.817274 Mountable <integer> = 0x0000000000000000 (0)
00:00:01.817274 Type <string> = "HardDisk" (cb=9)
00:00:01.817275
00:00:01.817275 [/Devices/lsilogicsas/0/LUN#0/Config/] (level 5)
00:00:01.817276 NonRotationalMedium <integer> = 0x0000000000000000 (0)
00:00:01.817276
00:00:01.817277 [/Devices/lsilogicsas/0/LUN#999/] (level 4)
00:00:01.817278 Driver <string> = "MainStatus" (cb=11)
00:00:01.817278
00:00:01.817278 [/Devices/lsilogicsas/0/LUN#999/Config/] (level 5)
00:00:01.817279 DeviceInstance <string> = "lsilogicsas/0" (cb=14)
00:00:01.817280 First <integer> = 0x0000000000000000 (0)
00:00:01.817281 Last <integer> = 0x0000000000000007 (7)
00:00:01.817282 pConsole <integer> = 0x0000000003ddb290 (64 860 816)
00:00:01.817282 papLeds <integer> = 0x0000000003ddb748 (64 862 024)
00:00:01.817283 pmapMediumAttachments <integer> = 0x0000000003ddb8c0 (64 862 400)
00:00:01.817284
00:00:01.817284 [/Devices/mc146818/] (level 2)
00:00:01.817285
00:00:01.817285 [/Devices/mc146818/0/] (level 3)
00:00:01.817286
00:00:01.817286 [/Devices/mc146818/0/Config/] (level 4)
00:00:01.817287 UseUTC <integer> = 0x0000000000000001 (1)
00:00:01.817288
00:00:01.817288 [/Devices/parallel/] (level 2)
00:00:01.817289
00:00:01.817289 [/Devices/pcarch/] (level 2)
00:00:01.817295
00:00:01.817295 [/Devices/pcarch/0/] (level 3)
00:00:01.817296 Trusted <integer> = 0x0000000000000001 (1)
00:00:01.817297
00:00:01.817297 [/Devices/pcarch/0/Config/] (level 4)
00:00:01.817298
00:00:01.817298 [/Devices/pcbios/] (level 2)
00:00:01.817299
00:00:01.817299 [/Devices/pcbios/0/] (level 3)
00:00:01.817300 Trusted <integer> = 0x0000000000000001 (1)
00:00:01.817300
00:00:01.817301 [/Devices/pcbios/0/Config/] (level 4)
00:00:01.817302 BootDevice0 <string> = "FLOPPY" (cb=7)
00:00:01.817303 BootDevice1 <string> = "DVD" (cb=4)
00:00:01.817304 BootDevice2 <string> = "IDE" (cb=4)
00:00:01.817304 BootDevice3 <string> = "NONE" (cb=5)
00:00:01.817305 FloppyDevice <string> = "i82078" (cb=7)
00:00:01.817305 HardDiskDevice <string> = "piix3ide" (cb=9)
00:00:01.817306 IOAPIC <integer> = 0x0000000000000001 (1)
00:00:01.817307 McfgBase <integer> = 0x0000000000000000 (0)
00:00:01.817307 McfgLength <integer> = 0x0000000000000000 (0)
00:00:01.817308 NumCPUs <integer> = 0x0000000000000001 (1)
00:00:01.817309 PXEDebug <integer> = 0x0000000000000000 (0)
00:00:01.817309 RamHoleSize <integer> = 0x0000000020000000 (536 870 912, 512 MB)
00:00:01.817310 RamSize <integer> = 0x0000000030000000 (805 306 368, 768 MB)
00:00:01.817312 SataHardDiskDevice <string> = "ahci" (cb=5)
00:00:01.817312 ScsiHardDiskDevice <string> = "lsilogicsas" (cb=12)
00:00:01.817313 ScsiLUN1 <integer> = 0x0000000000000000 (0)
00:00:01.817314 UUID <bytes> = "db 0b cc f4 e2 2b f7 49 b0 0c d4 ae 59 9b 92 fe" (cb=16)
00:00:01.817315
00:00:01.817316 [/Devices/pcbios/0/Config/NetBoot/] (level 5)
00:00:01.817316
00:00:01.817317 [/Devices/pcbios/0/Config/NetBoot/0/] (level 6)
00:00:01.817318 NIC <integer> = 0x0000000000000000 (0)
00:00:01.817319 PCIBusNo <integer> = 0x0000000000000000 (0)
00:00:01.817319 PCIDeviceNo <integer> = 0x0000000000000003 (3)
00:00:01.817320 PCIFunctionNo <integer> = 0x0000000000000000 (0)
00:00:01.817320
00:00:01.817320 [/Devices/pci/] (level 2)
00:00:01.817321
00:00:01.817321 [/Devices/pci/0/] (level 3)
00:00:01.817322 Trusted <integer> = 0x0000000000000001 (1)
00:00:01.817323
00:00:01.817323 [/Devices/pci/0/Config/] (level 4)
00:00:01.817324 IOAPIC <integer> = 0x0000000000000001 (1)
00:00:01.817324
00:00:01.817325 [/Devices/pckbd/] (level 2)
00:00:01.817325
00:00:01.817325 [/Devices/pckbd/0/] (level 3)
00:00:01.817326 Trusted <integer> = 0x0000000000000001 (1)
00:00:01.817327
00:00:01.817327 [/Devices/pckbd/0/Config/] (level 4)
00:00:01.817328
00:00:01.817328 [/Devices/pckbd/0/LUN#0/] (level 4)
00:00:01.817329 Driver <string> = "KeyboardQueue" (cb=14)
00:00:01.817330
00:00:01.817330 [/Devices/pckbd/0/LUN#0/AttachedDriver/] (level 5)
00:00:01.817331 Driver <string> = "MainKeyboard" (cb=13)
00:00:01.817331
00:00:01.817332 [/Devices/pckbd/0/LUN#0/AttachedDriver/Config/] (level 6)
00:00:01.817333 Object <integer> = 0x0000000003cbdaf0 (63 691 504)
00:00:01.817333
00:00:01.817334 [/Devices/pckbd/0/LUN#0/Config/] (level 5)
00:00:01.817335 QueueSize <integer> = 0x0000000000000040 (64)
00:00:01.817335
00:00:01.817336 [/Devices/pckbd/0/LUN#1/] (level 4)
00:00:01.817336 Driver <string> = "MouseQueue" (cb=11)
00:00:01.817337
00:00:01.817337 [/Devices/pckbd/0/LUN#1/AttachedDriver/] (level 5)
00:00:01.817338 Driver <string> = "MainMouse" (cb=10)
00:00:01.817339
00:00:01.817339 [/Devices/pckbd/0/LUN#1/AttachedDriver/Config/] (level 6)
00:00:01.817340 Object <integer> = 0x0000000003d0f290 (64 025 232)
00:00:01.817341
00:00:01.817341 [/Devices/pckbd/0/LUN#1/Config/] (level 5)
00:00:01.817342 QueueSize <integer> = 0x0000000000000080 (128)
00:00:01.817343
00:00:01.817343 [/Devices/pcnet/] (level 2)
00:00:01.817343
00:00:01.817344 [/Devices/pcnet/0/] (level 3)
00:00:01.817345 PCIBusNo <integer> = 0x0000000000000000 (0)
00:00:01.817345 PCIDeviceNo <integer> = 0x0000000000000003 (3)
00:00:01.817346 PCIFunctionNo <integer> = 0x0000000000000000 (0)
00:00:01.817346 Trusted <integer> = 0x0000000000000001 (1)
00:00:01.817347
00:00:01.817347 [/Devices/pcnet/0/Config/] (level 4)
00:00:01.817348 Am79C973 <integer> = 0x0000000000000001 (1)
00:00:01.817349 CableConnected <integer> = 0x0000000000000001 (1)
00:00:01.817349 LineSpeed <integer> = 0x0000000000000000 (0)
00:00:01.817350 MAC <bytes> = "08 00 27 11 4d b1" (cb=6)
00:00:01.817351
00:00:01.817351 [/Devices/pcnet/0/LUN#0/] (level 4)
00:00:01.817352 Driver <string> = "IntNet" (cb=7)
00:00:01.817352
00:00:01.817353 [/Devices/pcnet/0/LUN#0/Config/] (level 5)
00:00:01.817354 IfPolicyPromisc <string> = "deny" (cb=5)
00:00:01.817354 Network <string> = "Whonix" (cb=7)
00:00:01.817355 TrunkType <integer> = 0x0000000000000002 (2)
00:00:01.817355
00:00:01.817356 [/Devices/pcnet/0/LUN#999/] (level 4)
00:00:01.817356 Driver <string> = "MainStatus" (cb=11)
00:00:01.817357
00:00:01.817357 [/Devices/pcnet/0/LUN#999/Config/] (level 5)
00:00:01.817358 First <integer> = 0x0000000000000000 (0)
00:00:01.817359 Last <integer> = 0x0000000000000000 (0)
00:00:01.817359 papLeds <integer> = 0x0000000003ddb788 (64 862 088)
00:00:01.817360
00:00:01.817360 [/Devices/serial/] (level 2)
00:00:01.817361
00:00:01.817361 [/Devices/vga/] (level 2)
00:00:01.817362
00:00:01.817362 [/Devices/vga/0/] (level 3)
00:00:01.817363 PCIBusNo <integer> = 0x0000000000000000 (0)
00:00:01.817363 PCIDeviceNo <integer> = 0x0000000000000002 (2)
00:00:01.817364 PCIFunctionNo <integer> = 0x0000000000000000 (0)
00:00:01.817364 Trusted <integer> = 0x0000000000000001 (1)
00:00:01.817365
00:00:01.817365 [/Devices/vga/0/Config/] (level 4)
00:00:01.817366 CustomVideoModes <integer> = 0x0000000000000000 (0)
00:00:01.817367 FadeIn <integer> = 0x0000000000000001 (1)
00:00:01.817367 FadeOut <integer> = 0x0000000000000001 (1)
00:00:01.817368 HeightReduction <integer> = 0x0000000000000000 (0)
00:00:01.817368 LogoFile <string> = "" (cb=1)
00:00:01.817369 LogoTime <integer> = 0x0000000000000000 (0)
00:00:01.817370 MonitorCount <integer> = 0x0000000000000001 (1)
00:00:01.817370 ShowBootMenu <integer> = 0x0000000000000002 (2)
00:00:01.817371 VRamSize <integer> = 0x0000000008000000 (134 217 728, 128 MB)
00:00:01.817372
00:00:01.817372 [/Devices/vga/0/LUN#0/] (level 4)
00:00:01.817373 Driver <string> = "MainDisplay" (cb=12)
00:00:01.817374
00:00:01.817374 [/Devices/vga/0/LUN#0/Config/] (level 5)
00:00:01.817375 Object <integer> = 0x0000000003df7080 (64 974 976)
00:00:01.817376
00:00:01.817376 [/Devices/virtio-net/] (level 2)
00:00:01.817377
00:00:01.817377 [/EM/] (level 1)
00:00:01.817377 TripleFaultReset <integer> = 0x0000000000000000 (0)
00:00:01.817378
00:00:01.817378 [/HM/] (level 1)
00:00:01.817379 64bitEnabled <integer> = 0x0000000000000001 (1)
00:00:01.817380 EnableLargePages <integer> = 0x0000000000000000 (0)
00:00:01.817381 EnableNestedPaging <integer> = 0x0000000000000001 (1)
00:00:01.817381 EnableUX <integer> = 0x0000000000000001 (1)
00:00:01.817382 EnableVPID <integer> = 0x0000000000000001 (1)
00:00:01.817383 Exclusive <integer> = 0x0000000000000000 (0)
00:00:01.817384 HMForced <integer> = 0x0000000000000001 (1)
00:00:01.817384
00:00:01.817384 [/MM/] (level 1)
00:00:01.817385 CanUseLargerHeap <integer> = 0x0000000000000000 (0)
00:00:01.817386
00:00:01.817386 [/PDM/] (level 1)
00:00:01.817387
00:00:01.817387 [/PDM/AsyncCompletion/] (level 2)
00:00:01.817388
00:00:01.817388 [/PDM/AsyncCompletion/File/] (level 3)
00:00:01.817389
00:00:01.817389 [/PDM/AsyncCompletion/File/BwGroups/] (level 4)
00:00:01.817390
00:00:01.817390 [/PDM/BlkCache/] (level 2)
00:00:01.817391 CacheSize <integer> = 0x0000000000500000 (5 242 880, 5 MB)
00:00:01.817392
00:00:01.817392 [/PDM/Devices/] (level 2)
00:00:01.817393
00:00:01.817393 [/PDM/Drivers/] (level 2)
00:00:01.817393
00:00:01.817394 [/PDM/Drivers/VBoxC/] (level 3)
00:00:01.817394 Path <string> = "VBoxC" (cb=6)
00:00:01.817395
00:00:01.817395 [/PDM/NetworkShaper/] (level 2)
00:00:01.817396
00:00:01.817396 [/PDM/NetworkShaper/BwGroups/] (level 3)
00:00:01.817397
00:00:01.817397 [/TM/] (level 1)
00:00:01.817398 UTCOffset <integer> = 0x0000000000000000 (0)
00:00:01.817399
00:00:01.817399 ********************* End of CFGM dump **********************
00:00:01.817405 VM: fHMEnabled=true (configured) fRecompileUser=false fRecompileSupervisor=false
00:00:01.817407 VM: fRawRing1Enabled=false CSAM=true PATM=true
00:00:01.817505 HMR3Init: VT-x w/ nested paging
00:00:01.817552 MM: cbHyperHeap=0x100000 (1048576)
00:00:01.821034 CPUM: Matched host CPU INTEL 0x6/0x3c/0x3 Intel_Core7_Haswell with CPU DB entry 'Intel Core i5-3570' (INTEL 0x6/0x3a/0x9 Intel_Core7_IvyBridge).
00:00:01.821070 PortableCpuId: pStdFeatureLeaf->uEcx[SSSE3]: 1 -> 0
00:00:01.821074 PortableCpuId: pStdFeatureLeaf->uEcx[SSE3]: 1 -> 0
00:00:01.821077 PortableCpuId: pExtFeatureLeaf->uEdx[RDTSCP]: 1 -> 0
00:00:01.821101 CPUM: SetGuestCpuIdFeature: Enabled PAE
00:00:01.822712 Debug: HCPhysInterPD=00000000c8bf2000 HCPhysInterPaePDPT=00000000c8bef000 HCPhysInterPaePML4=00000000c8bed000
00:00:01.822721 Debug: apInterPTs={00000000c8bf1000,00000000c8bf0000} apInterPaePTs={000000011d57f000,000000015ce00000} apInterPaePDs={0000000135d01000,000000000e802000,0000000056783000,000000016b584000} pInterPaePDPT64=00000000c8bee000
00:00:01.822727 Host paging mode: AMD64+PGE+NX
00:00:01.822732 PGMPool: cMaxPages=416 (u64MaxPages=416)
00:00:01.822736 pgmR3PoolInit: cMaxPages=0x1a0 cMaxUsers=0x340 cMaxPhysExts=0x340 fCacheEnable=true
00:00:01.830355 TM: GIP - u32Mode=1 (SyncTSC) u32UpdateHz=92
00:00:01.862906 TM: cTSCTicksPerSecond=0x94b241fe (2 494 710 270) fTSCVirtualized=true fTSCUseRealTSC=false
00:00:01.862919 TM: fMaybeUseOffsettedHostTSC=true TSCTiedToExecution=false TSCNotTiedToHalt=false
00:00:01.863402 CoreCode: R3=00000000082b0000 R0=ffffd00028df5000 RC=a044e000 Phys=00000000c8b90000 cb=0x1000
00:00:01.863551 AIOMgr: Default manager type is "Async"
00:00:01.863557 AIOMgr: Default file backend is "NonBuffered"
00:00:01.863752 BlkCache: Cache successfully initialised. Cache size is 5242880 bytes
00:00:01.863762 BlkCache: Cache commit interval is 10000 ms
00:00:01.863765 BlkCache: Cache commit threshold is 2621440 bytes
00:00:02.105934 [SMP] BIOS with 1 CPUs
00:00:02.120967 SUP: Opened VBoxDDR0.r0 (C:\Program Files\Oracle\VirtualBox\VBoxDDR0.r0) at 0xfffff8010e910000.
00:00:02.120978 SUP: windbg> .reload /f C:\Program Files\Oracle\VirtualBox\VBoxDDR0.r0=0xfffff8010e910000
00:00:02.133508 SUP: Opened VBoxDD2R0.r0 (C:\Program Files\Oracle\VirtualBox\VBoxDD2R0.r0) at 0xfffff8010e939000.
00:00:02.133517 SUP: windbg> .reload /f C:\Program Files\Oracle\VirtualBox\VBoxDD2R0.r0=0xfffff8010e939000
00:00:02.133543 Activating Local APIC
00:00:02.133547 CPUM: SetGuestCpuIdFeature: Enabled APIC
00:00:02.133911 PIT: mode=3 count=0x10000 (65536) - 18.20 Hz (ch=0)
00:00:02.148426 Shared Folders service loaded.
00:00:02.181762 Port0: no driver attached
00:00:02.181787 DrvBlock: Flushes will be ignored
00:00:02.181791 DrvBlock: Async flushes will be passed to the disk
00:00:02.181799 AHCI LUN#1: CD/DVD, total number of sectors 0, passthrough disabled
00:00:02.181805 AHCI: LUN#1: using normal I/O
00:00:02.181931 Port2: no driver attached
00:00:02.181937 Port3: no driver attached
00:00:02.181953 AHCI#0: Reset the HBA
00:00:02.182073 DrvBlock: Flushes will be ignored
00:00:02.182079 DrvBlock: Async flushes will be passed to the disk
00:00:02.182199 VDInit finished
00:00:02.184245 AIOMgr: Endpoint for file 'D:\Whonix-Workstation 10\Whonix-Workstation-10.0.0.5.5-disk1.vmdk' (flags 000c0723) created successfully
00:00:02.775529 AIOMgr: Preparing flush failed with VERR_NOT_SUPPORTED, disabling async flushes
00:00:02.775591 VD: Opening the disk took 593495695 ns
00:00:02.775639 SCSI#0: using async I/O
00:00:02.775763 IntNet#0: szNetwork={Whonix} enmTrunkType=2 szTrunk={} fFlags=0x8000 cbRecv=325632 cbSend=196608 fIgnoreConnectFailure=false
00:00:02.776078 Audio: Trying driver 'dsound'.
00:00:02.858265 Audio: set_record_source ars=0 als=0 (not implemented)
00:00:03.114003 DevPcBios: SCSI LUN#0 LCHS not provided
00:00:03.117310 PGM: The CPU physical address width is 39 bits
00:00:03.117318 PGMR3InitFinalize: 4 MB PSE mask 0000007fffffffff
00:00:03.136208 VMM: Thread-context hooks unavailable.
00:00:03.136219 HM: Using VT-x implementation 2.0!
00:00:03.136220 HM: Host CR4 = 0x1506f8
00:00:03.136221 HM: Host EFER = 0xd01
00:00:03.136222 HM: MSR_IA32_FEATURE_CONTROL = 0x5
00:00:03.136222 HM: MSR_IA32_VMX_BASIC_INFO = 0xda040000000012
00:00:03.136223 HM: VMCS id = 0x12
00:00:03.136224 HM: VMCS size = 1024 bytes
00:00:03.136224 HM: VMCS physical address limit = None
00:00:03.136225 HM: VMCS memory type = 0x6
00:00:03.136225 HM: Dual-monitor treatment support = true
00:00:03.136226 HM: OUTS & INS instruction-info = true
00:00:03.136226 HM: Max resume loops = 1024
00:00:03.136227 HM: MSR_IA32_VMX_PINBASED_CTLS = 0x7f00000016
00:00:03.136227 HM: VMX_VMCS_CTRL_PIN_EXEC_EXT_INT_EXIT
00:00:03.136230 HM: VMX_VMCS_CTRL_PIN_EXEC_NMI_EXIT
00:00:03.136230 HM: VMX_VMCS_CTRL_PIN_EXEC_VIRTUAL_NMI
00:00:03.136231 HM: VMX_VMCS_CTRL_PIN_EXEC_PREEMPT_TIMER
00:00:03.136231 HM: MSR_IA32_VMX_PROCBASED_CTLS = 0xfff9fffe0401e172
00:00:03.136232 HM: VMX_VMCS_CTRL_PROC_EXEC_INT_WINDOW_EXIT
00:00:03.136232 HM: VMX_VMCS_CTRL_PROC_EXEC_USE_TSC_OFFSETTING
00:00:03.136233 HM: VMX_VMCS_CTRL_PROC_EXEC_HLT_EXIT
00:00:03.136233 HM: VMX_VMCS_CTRL_PROC_EXEC_INVLPG_EXIT
00:00:03.136233 HM: VMX_VMCS_CTRL_PROC_EXEC_MWAIT_EXIT
00:00:03.136234 HM: VMX_VMCS_CTRL_PROC_EXEC_RDPMC_EXIT
00:00:03.136235 HM: VMX_VMCS_CTRL_PROC_EXEC_RDTSC_EXIT
00:00:03.136235 HM: VMX_VMCS_CTRL_PROC_EXEC_CR3_LOAD_EXIT
00:00:03.136235 HM: VMX_VMCS_CTRL_PROC_EXEC_CR3_LOAD_EXIT (must be set)
00:00:03.136236 HM: VMX_VMCS_CTRL_PROC_EXEC_CR3_STORE_EXIT
00:00:03.136236 HM: VMX_VMCS_CTRL_PROC_EXEC_CR3_STORE_EXIT (must be set)
00:00:03.136236 HM: VMX_VMCS_CTRL_PROC_EXEC_CR8_LOAD_EXIT
00:00:03.136237 HM: VMX_VMCS_CTRL_PROC_EXEC_CR8_STORE_EXIT
00:00:03.136237 HM: VMX_VMCS_CTRL_PROC_EXEC_USE_TPR_SHADOW
00:00:03.136237 HM: VMX_VMCS_CTRL_PROC_EXEC_NMI_WINDOW_EXIT
00:00:03.136238 HM: VMX_VMCS_CTRL_PROC_EXEC_MOV_DR_EXIT
00:00:03.136238 HM: VMX_VMCS_CTRL_PROC_EXEC_UNCOND_IO_EXIT
00:00:03.136238 HM: VMX_VMCS_CTRL_PROC_EXEC_USE_IO_BITMAPS
00:00:03.136239 HM: VMX_VMCS_CTRL_PROC_EXEC_MONITOR_TRAP_FLAG
00:00:03.136239 HM: VMX_VMCS_CTRL_PROC_EXEC_USE_MSR_BITMAPS
00:00:03.136239 HM: VMX_VMCS_CTRL_PROC_EXEC_MONITOR_EXIT
00:00:03.136240 HM: VMX_VMCS_CTRL_PROC_EXEC_PAUSE_EXIT
00:00:03.136241 HM: VMX_VMCS_CTRL_PROC_EXEC_USE_SECONDARY_EXEC_CTRL
00:00:03.136241 HM: MSR_IA32_VMX_PROCBASED_CTLS2 = 0x3cff00000000
00:00:03.136242 HM: VMX_VMCS_CTRL_PROC_EXEC2_VIRT_APIC
00:00:03.136242 HM: VMX_VMCS_CTRL_PROC_EXEC2_EPT
00:00:03.136243 HM: VMX_VMCS_CTRL_PROC_EXEC2_DESCRIPTOR_TABLE_EXIT
00:00:03.136243 HM: VMX_VMCS_CTRL_PROC_EXEC2_RDTSCP
00:00:03.136243 HM: VMX_VMCS_CTRL_PROC_EXEC2_VIRT_X2APIC
00:00:03.136244 HM: VMX_VMCS_CTRL_PROC_EXEC2_VPID
00:00:03.136244 HM: VMX_VMCS_CTRL_PROC_EXEC2_WBINVD_EXIT
00:00:03.136244 HM: VMX_VMCS_CTRL_PROC_EXEC2_UNRESTRICTED_GUEST
00:00:03.136245 HM: VMX_VMCS_CTRL_PROC_EXEC2_PAUSE_LOOP_EXIT
00:00:03.136245 HM: VMX_VMCS_CTRL_PROC_EXEC2_RDRAND_EXIT
00:00:03.136245 HM: VMX_VMCS_CTRL_PROC_EXEC2_INVPCID
00:00:03.136246 HM: VMX_VMCS_CTRL_PROC_EXEC2_VMFUNC
00:00:03.136246 HM: MSR_IA32_VMX_ENTRY_CTLS = 0xffff000011ff
00:00:03.136247 HM: VMX_VMCS_CTRL_ENTRY_LOAD_DEBUG
00:00:03.136247 HM: VMX_VMCS_CTRL_ENTRY_LOAD_DEBUG (must be set)
00:00:03.136247 HM: VMX_VMCS_CTRL_ENTRY_IA32E_MODE_GUEST
00:00:03.136248 HM: VMX_VMCS_CTRL_ENTRY_ENTRY_SMM
00:00:03.136249 HM: VMX_VMCS_CTRL_ENTRY_DEACTIVATE_DUALMON
00:00:03.136249 HM: VMX_VMCS_CTRL_ENTRY_LOAD_GUEST_PERF_MSR
00:00:03.136250 HM: VMX_VMCS_CTRL_ENTRY_LOAD_GUEST_PAT_MSR
00:00:03.136250 HM: VMX_VMCS_CTRL_ENTRY_LOAD_GUEST_EFER_MSR
00:00:03.136250 HM: MSR_IA32_VMX_EXIT_CTLS = 0x7fffff00036dff
00:00:03.136251 HM: VMX_VMCS_CTRL_EXIT_SAVE_DEBUG
00:00:03.136251 HM: VMX_VMCS_CTRL_EXIT_SAVE_DEBUG (must be set)
00:00:03.136252 HM: VMX_VMCS_CTRL_EXIT_HOST_ADDR_SPACE_SIZE
00:00:03.136252 HM: VMX_VMCS_CTRL_EXIT_LOAD_PERF_MSR
00:00:03.136253 HM: VMX_VMCS_CTRL_EXIT_ACK_EXT_INT
00:00:03.136254 HM: VMX_VMCS_CTRL_EXIT_SAVE_GUEST_PAT_MSR
00:00:03.136254 HM: VMX_VMCS_CTRL_EXIT_LOAD_HOST_PAT_MSR
00:00:03.136254 HM: VMX_VMCS_CTRL_EXIT_SAVE_GUEST_EFER_MSR
00:00:03.136255 HM: VMX_VMCS_CTRL_EXIT_LOAD_HOST_EFER_MSR
00:00:03.136255 HM: VMX_VMCS_CTRL_EXIT_SAVE_VMX_PREEMPT_TIMER
00:00:03.136255 HM: MSR_IA32_VMX_EPT_VPID_CAP = 0xf0106334141
00:00:03.136256 HM: MSR_IA32_VMX_EPT_VPID_CAP_RWX_X_ONLY
00:00:03.136256 HM: MSR_IA32_VMX_EPT_VPID_CAP_GAW_48_BITS
00:00:03.136257 HM: MSR_IA32_VMX_EPT_VPID_CAP_EMT_UC
00:00:03.136257 HM: MSR_IA32_VMX_EPT_VPID_CAP_EMT_WB
00:00:03.136257 HM: MSR_IA32_VMX_EPT_VPID_CAP_SP_21_BITS
00:00:03.136258 HM: MSR_IA32_VMX_EPT_VPID_CAP_SP_30_BITS
00:00:03.136258 HM: MSR_IA32_VMX_EPT_VPID_CAP_INVEPT
00:00:03.136258 HM: MSR_IA32_VMX_EPT_VPID_CAP_INVEPT_SINGLE_CONTEXT
00:00:03.136259 HM: MSR_IA32_VMX_EPT_VPID_CAP_INVEPT_ALL_CONTEXTS
00:00:03.136259 HM: MSR_IA32_VMX_EPT_VPID_CAP_INVVPID
00:00:03.136259 HM: MSR_IA32_VMX_EPT_VPID_CAP_INVVPID_INDIV_ADDR
00:00:03.136260 HM: MSR_IA32_VMX_EPT_VPID_CAP_INVVPID_SINGLE_CONTEXT
00:00:03.136260 HM: MSR_IA32_VMX_EPT_VPID_CAP_INVVPID_ALL_CONTEXTS
00:00:03.136260 HM: MSR_IA32_VMX_EPT_VPID_CAP_INVVPID_SINGLE_CONTEXT_RETAIN_GLOBALS
00:00:03.136261 HM: MSR_IA32_VMX_MISC = 0x300481e5
00:00:03.136261 HM: MSR_IA32_VMX_MISC_PREEMPT_TSC_BIT = 0x5
00:00:03.136262 HM: MSR_IA32_VMX_MISC_STORE_EFERLMA_VMEXIT = true
00:00:03.136262 HM: MSR_IA32_VMX_MISC_ACTIVITY_STATES = 0x7
00:00:03.136263 HM: MSR_IA32_VMX_MISC_CR3_TARGET = 0x4
00:00:03.136263 HM: MSR_IA32_VMX_MISC_MAX_MSR = 512
00:00:03.136263 HM: MSR_IA32_VMX_MISC_RDMSR_SMBASE_MSR_SMM = true
00:00:03.136264 HM: MSR_IA32_VMX_MISC_SMM_MONITOR_CTL_B2 = true
00:00:03.136264 HM: MSR_IA32_VMX_MISC_VMWRITE_VMEXIT_INFO = true
00:00:03.136265 HM: MSR_IA32_VMX_MISC_MSEG_ID = 0x0
00:00:03.136265 HM: MSR_IA32_VMX_CR0_FIXED0 = 0x80000021
00:00:03.136266 HM: MSR_IA32_VMX_CR0_FIXED1 = 0xffffffff
00:00:03.136266 HM: MSR_IA32_VMX_CR4_FIXED0 = 0x2000
00:00:03.136267 HM: MSR_IA32_VMX_CR4_FIXED1 = 0x1727ff
00:00:03.136267 HM: MSR_IA32_VMX_VMCS_ENUM = 0x2a
00:00:03.136268 HM: MSR_IA32_VMX_VMCS_ENUM_HIGHEST_INDEX = 0x15
00:00:03.136269 HM: MSR_A32_VMX_VMFUNC = 0x1
00:00:03.136269 HM: VMX_VMCS_CTRL_VMFUNC_EPTP_SWITCHING
00:00:03.136270 HM: APIC-access page physaddr = 0x00000000c8b8d000
00:00:03.136270 HM: VCPU 0: MSR bitmap physaddr = 0x00000000c8b89000
00:00:03.136271 HM: VCPU 0: VMCS physaddr = 0x00000000c8b8c000
00:00:03.136272 HM: Guest support: 32-bit and 64-bit.
00:00:03.136275 HM: Supports VMCS EFER fields = true
00:00:03.136276 HM: VMX enabled!
00:00:03.136282 CPUM: SetGuestCpuIdFeature: Enabled SYSENTER/EXIT
00:00:03.136283 CPUM: SetGuestCpuIdFeature: Enabled PAE
00:00:03.136283 CPUM: SetGuestCpuIdFeature: Enabled LONG MODE
00:00:03.136283 CPUM: SetGuestCpuIdFeature: Enabled SYSCALL/RET
00:00:03.136284 CPUM: SetGuestCpuIdFeature: Enabled LAHF/SAHF
00:00:03.136284 CPUM: SetGuestCpuIdFeature: Enabled NX
00:00:03.136284 HM: Nested paging enabled!
00:00:03.136285 HM: EPT flush type = VMX_FLUSH_EPT_SINGLE_CONTEXT
00:00:03.136285 HM: Unrestricted guest execution enabled!
00:00:03.136286 HM: VPID enabled!
00:00:03.136286 HM: VPID flush type = VMX_FLUSH_VPID_SINGLE_CONTEXT
00:00:03.136287 HM: VMX-preemption timer enabled (cPreemptTimerShift=5).
00:00:03.136288 HM: VT-x/AMD-V init method: LOCAL
00:00:03.136289 VMM: fUsePeriodicPreemptionTimers=false
00:00:03.136328 Logical host processors: 8 present, 8 max, 8 online, online mask: 00000000000000ff
00:00:03.141463 Physical host cores: 4
00:00:03.141465 ************************* CPUID dump ************************
00:00:03.141474 RAW Standard CPUIDs
00:00:03.141474 Function eax ebx ecx edx
00:00:03.141475 Gst: 00000000 00000005 756e6547 6c65746e 49656e69
00:00:03.141476 Hst: 0000000d 756e6547 6c65746e 49656e69
00:00:03.141477 Gst: 00000001 000306c3 00000800 00000008 078bfbff
00:00:03.141478 Hst: 000306c3 02100800 7ffafbbf bfebfbff
00:00:03.141479 Gst: 00000002 76036301 00f0b5ff 00000000 00c10000
00:00:03.141480 Hst: 76036301 00f0b5ff 00000000 00c10000
00:00:03.141481 Gst: 00000003 00000000 00000000 00000000 00000000
00:00:03.141481 Hst: 00000000 00000000 00000000 00000000
00:00:03.141496 Gst: 00000004 00000000 00000000 00000000 00000000
00:00:03.141497 Hst: 1c004121 01c0003f 0000003f 00000000
00:00:03.141498 Gst: 00000005 00000040 00000040 00000000 00000000
00:00:03.141498 Hst: 00000040 00000040 00000003 00042120
00:00:03.141499 Hst: 00000006 00000077 00000002 00000009 00000000
00:00:03.141500 Hst: 00000007 00000000 000027ab 00000000 00000000
00:00:03.141501 Hst: 00000008 00000000 00000000 00000000 00000000
00:00:03.141501 Hst: 00000009 00000000 00000000 00000000 00000000
00:00:03.141502 Hst: 0000000a 07300403 00000000 00000000 00000603
00:00:03.141503 Hst: 0000000b 00000001 00000002 00000100 00000002
00:00:03.141503 Hst: 0000000c 00000000 00000000 00000000 00000000
00:00:03.141504 Hst: 0000000d 00000007 00000340 00000340 00000000
00:00:03.141505 Name: GenuineIntel
00:00:03.141518 Supports: 0-5
00:00:03.141519 Family: 6 Extended: 0 Effective: 6
00:00:03.141520 Model: 12 Extended: 3 Effective: 60
00:00:03.141520 Stepping: 3
00:00:03.141521 Type: 0 (primary)
00:00:03.141521 APIC ID: 0x00
00:00:03.141522 Logical CPUs: 0
00:00:03.141522 CLFLUSH Size: 8
00:00:03.141522 Brand ID: 0x00
00:00:03.141523 Mnemonic - Description = guest (host)
00:00:03.141523 FPU - x87 FPU on Chip = 1 (1)
00:00:03.141524 VME - Virtual 8086 Mode Enhancements = 1 (1)
00:00:03.141524 DE - Debugging extensions = 1 (1)
00:00:03.141524 PSE - Page Size Extension = 1 (1)
00:00:03.141525 TSC - Time Stamp Counter = 1 (1)
00:00:03.141525 MSR - Model Specific Registers = 1 (1)
00:00:03.141526 PAE - Physical Address Extension = 1 (1)
00:00:03.141526 MCE - Machine Check Exception = 1 (1)
00:00:03.141527 CX8 - CMPXCHG8B instruction = 1 (1)
00:00:03.141527 APIC - APIC On-Chip = 1 (1)
00:00:03.141527 10 - Reserved = 0 (0)
00:00:03.141528 SEP - SYSENTER and SYSEXIT = 1 (1)
00:00:03.141528 MTRR - Memory Type Range Registers = 1 (1)
00:00:03.141529 PGE - PTE Global Bit = 1 (1)
00:00:03.141529 MCA - Machine Check Architecture = 1 (1)
00:00:03.141530 CMOV - Conditional Move Instructions = 1 (1)
00:00:03.141531 PAT - Page Attribute Table = 1 (1)
00:00:03.141531 PSE-36 - 36-bit Page Size Extention = 1 (1)
00:00:03.141531 PSN - Processor Serial Number = 0 (0)
00:00:03.141532 CLFSH - CLFLUSH Instruction. = 1 (1)
00:00:03.141532 20 - Reserved = 0 (0)
00:00:03.141533 DS - Debug Store = 0 (1)
00:00:03.141533 ACPI - Thermal Mon. & Soft. Clock Ctrl.= 0 (1)
00:00:03.141534 MMX - Intel MMX Technology = 1 (1)
00:00:03.141534 FXSR - FXSAVE and FXRSTOR Instructions = 1 (1)
00:00:03.141534 SSE - SSE Support = 1 (1)
00:00:03.141535 SSE2 - SSE2 Support = 1 (1)
00:00:03.141536 SS - Self Snoop = 0 (1)
00:00:03.141536 HTT - Hyper-Threading Technology = 0 (1)
00:00:03.141536 TM - Thermal Monitor = 0 (1)
00:00:03.141537 30 - Reserved = 0 (0)
00:00:03.141537 PBE - Pending Break Enable = 0 (1)
00:00:03.141537 Supports SSE3 = 0 (1)
00:00:03.141538 PCLMULQDQ = 0 (1)
00:00:03.141538 DS Area 64-bit layout = 0 (1)
00:00:03.141539 Supports MONITOR/MWAIT = 1 (1)
00:00:03.141539 CPL-DS - CPL Qualified Debug Store = 0 (1)
00:00:03.141539 VMX - Virtual Machine Technology = 0 (1)
00:00:03.141540 SMX - Safer Mode Extensions = 0 (0)
00:00:03.141540 Enhanced SpeedStep Technology = 0 (1)
00:00:03.141540 Terminal Monitor 2 = 0 (1)
00:00:03.141541 Supplemental SSE3 instructions = 0 (1)
00:00:03.141541 L1 Context ID = 0 (0)
00:00:03.141542 11 - Reserved = 0 (1)
00:00:03.141542 FMA extensions using YMM state = 0 (1)
00:00:03.141542 CMPXCHG16B instruction = 0 (1)
00:00:03.141543 xTPR Update Control = 0 (1)
00:00:03.141543 Perf/Debug Capability MSR = 0 (1)
00:00:03.141543 16 - Reserved = 0 (0)
00:00:03.141544 PCID - Process-context identifiers = 0 (1)
00:00:03.141544 DCA - Direct Cache Access = 0 (0)
00:00:03.141545 SSE4.1 instruction extensions = 0 (1)
00:00:03.141545 SSE4.2 instruction extensions = 0 (1)
00:00:03.141546 Supports the x2APIC extensions = 0 (1)
00:00:03.141547 MOVBE instruction = 0 (1)
00:00:03.141547 POPCNT instruction = 0 (1)
00:00:03.141547 TSC-Deadline LAPIC timer mode = 0 (1)
00:00:03.141548 AESNI instruction extensions = 0 (1)
00:00:03.141548 XSAVE/XRSTOR extended state feature = 0 (1)
00:00:03.141549 Supports OSXSAVE = 0 (1)
00:00:03.141549 AVX instruction extensions = 0 (1)
00:00:03.141549 16-bit floating point conversion instr = 0 (1)
00:00:03.141550 RDRAND instruction = 0 (1)
00:00:03.141550 Hypervisor Present (we're a guest) = 0 (0)
00:00:03.141551
00:00:03.141551 RAW Extended CPUIDs
00:00:03.141551 Function eax ebx ecx edx
00:00:03.141551 Gst: 80000000 80000008 00000000 00000000 00000000
00:00:03.141552 Hst: 80000008 00000000 00000000 00000000
00:00:03.141553 Gst: 80000001 00000000 00000000 00000001 20100800
00:00:03.141554 Hst: 00000000 00000000 00000021 2c100800
00:00:03.141555 Gst: 80000002 65746e49 2952286c 726f4320 4d542865
00:00:03.141570 Hst: 65746e49 2952286c 726f4320 4d542865
00:00:03.141571 Gst: 80000003 37692029 3137342d 20514830 20555043
00:00:03.141572 Hst: 37692029 3137342d 20514830 20555043
00:00:03.141573 Gst: 80000004 2e322040 48473035 0000007a 00000000
00:00:03.141574 Hst: 2e322040 48473035 0000007a 00000000
00:00:03.141575 Gst: 80000005 00000000 00000000 00000000 00000000
00:00:03.141575 Hst: 00000000 00000000 00000000 00000000
00:00:03.141576 Gst: 80000006 00000000 00000000 01006040 00000000
00:00:03.141576 Hst: 00000000 00000000 01006040 00000000
00:00:03.141577 Gst: 80000007 00000000 00000000 00000000 00000000
00:00:03.141578 Hst: 00000000 00000000 00000000 00000100
00:00:03.141592 Gst: 80000008 00003027 00000000 00000000 00000000
00:00:03.141592 Hst: 00003027 00000000 00000000 00000000
00:00:03.141593 Gst: 80000009 00000007 00000340 00000340 00000000*
00:00:03.141594 Hst: 00000007 00000340 00000340 00000000
00:00:03.141594 Ext Name:
00:00:03.141595 Ext Supports: 0x80000000-0x80000008
00:00:03.141595 Family: 0 Extended: 0 Effective: 0
00:00:03.141596 Model: 0 Extended: 0 Effective: 0
00:00:03.141596 Stepping: 0
00:00:03.141597 Brand ID: 0x000
00:00:03.141597 Mnemonic - Description = guest (host)
00:00:03.141598 FPU - x87 FPU on Chip = 0 (0)
00:00:03.141598 VME - Virtual 8086 Mode Enhancements = 0 (0)
00:00:03.141598 DE - Debugging extensions = 0 (0)
00:00:03.141599 PSE - Page Size Extension = 0 (0)
00:00:03.141599 TSC - Time Stamp Counter = 0 (0)
00:00:03.141600 MSR - K86 Model Specific Registers = 0 (0)
00:00:03.141600 PAE - Physical Address Extension = 0 (0)
00:00:03.141600 MCE - Machine Check Exception = 0 (0)
00:00:03.141601 CX8 - CMPXCHG8B instruction = 0 (0)
00:00:03.141601 APIC - APIC On-Chip = 0 (0)
00:00:03.141601 10 - Reserved = 0 (0)
00:00:03.141602 SEP - SYSCALL and SYSRET = 1 (1)
00:00:03.141602 MTRR - Memory Type Range Registers = 0 (0)
00:00:03.141603 PGE - PTE Global Bit = 0 (0)
00:00:03.141603 MCA - Machine Check Architecture = 0 (0)
00:00:03.141603 CMOV - Conditional Move Instructions = 0 (0)
00:00:03.141604 PAT - Page Attribute Table = 0 (0)
00:00:03.141604 PSE-36 - 36-bit Page Size Extention = 0 (0)
00:00:03.141605 18 - Reserved = 0 (0)
00:00:03.141605 19 - Reserved = 0 (0)
00:00:03.141605 NX - No-Execute Page Protection = 1 (1)
00:00:03.141606 DS - Debug Store = 0 (0)
00:00:03.141606 AXMMX - AMD Extensions to MMX Instr. = 0 (0)
00:00:03.141606 MMX - Intel MMX Technology = 0 (0)
00:00:03.141607 FXSR - FXSAVE and FXRSTOR Instructions = 0 (0)
00:00:03.141607 25 - AMD fast FXSAVE and FXRSTOR Instr.= 0 (0)
00:00:03.141608 26 - 1 GB large page support = 0 (1)
00:00:03.141608 27 - RDTSCP instruction = 0 (1)
00:00:03.141608 28 - Reserved = 0 (0)
00:00:03.141609 29 - AMD Long Mode = 1 (1)
00:00:03.141609 30 - AMD Extensions to 3DNow! = 0 (0)
00:00:03.141610 31 - AMD 3DNow! = 0 (0)
00:00:03.141611 LahfSahf - LAHF/SAHF in 64-bit mode = 1 (1)
00:00:03.141611 CmpLegacy - Core MP legacy mode (depr) = 0 (0)
00:00:03.141611 SVM - AMD VM Extensions = 0 (0)
00:00:03.141612 APIC registers starting at 0x400 = 0 (0)
00:00:03.141612 AltMovCR8 - LOCK MOV CR0 means MOV CR8 = 0 (0)
00:00:03.141613 5 - Advanced bit manipulation = 0 (1)
00:00:03.141613 6 - SSE4A instruction support = 0 (0)
00:00:03.141614 7 - Misaligned SSE mode = 0 (0)
00:00:03.141614 8 - PREFETCH and PREFETCHW instruction= 0 (0)
00:00:03.141614 9 - OS visible workaround = 0 (0)
00:00:03.141615 10 - Instruction based sampling = 0 (0)
00:00:03.141615 11 - SSE5 support = 0 (0)
00:00:03.141616 12 - SKINIT, STGI, and DEV support = 0 (0)
00:00:03.141616 13 - Watchdog timer support. = 0 (0)
00:00:03.141616 31:14 - Reserved = 0x0 (0x0)
00:00:03.141617 Full Name: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
00:00:03.141617 TLB 2/4M Instr/Uni: res0 0 entries
00:00:03.141618 TLB 2/4M Data: res0 0 entries
00:00:03.141619 TLB 4K Instr/Uni: res0 0 entries
00:00:03.141619 TLB 4K Data: res0 0 entries
00:00:03.141620 L1 Instr Cache Line Size: 0 bytes
00:00:03.141620 L1 Instr Cache Lines Per Tag: 0
00:00:03.141620 L1 Instr Cache Associativity: res0
00:00:03.141620 L1 Instr Cache Size: 0 KB
00:00:03.141621 L1 Data Cache Line Size: 0 bytes
00:00:03.141621 L1 Data Cache Lines Per Tag: 0
00:00:03.141621 L1 Data Cache Associativity: res0
00:00:03.141622 L1 Data Cache Size: 0 KB
00:00:03.141622 L2 TLB 2/4M Instr/Uni: off 0 entries
00:00:03.141623 L2 TLB 2/4M Data: off 0 entries
00:00:03.141623 L2 TLB 4K Instr/Uni: off 0 entries
00:00:03.141624 L2 TLB 4K Data: off 0 entries
00:00:03.141624 L2 Cache Line Size: 0 bytes
00:00:03.141624 L2 Cache Lines Per Tag: 0
00:00:03.141625 L2 Cache Associativity: off
00:00:03.141625 L2 Cache Size: 0 KB
00:00:03.141625 Host Invariant-TSC support: true
00:00:03.141626 APM Features:
00:00:03.141627 Physical Address Width: 39 bits
00:00:03.141627 Virtual Address Width: 48 bits
00:00:03.141627 Guest Physical Address Width: 0 bits
00:00:03.141628 Physical Core Count: 0
00:00:03.141628
00:00:03.141628 RAW Centaur CPUIDs
00:00:03.141628 Function eax ebx ecx edx
00:00:03.141629 Gst: c0000000 00000007 00000340 00000340 00000000
00:00:03.141644 Hst: 00000007 00000340 00000340 00000000
00:00:03.141645 Gst: c0000001 00000007 00000340 00000340 00000000
00:00:03.141645 Hst: 00000007 00000340 00000340 00000000
00:00:03.141646 Gst: c0000002 00000007 00000340 00000340 00000000
00:00:03.141646 Hst: 00000007 00000340 00000340 00000000
00:00:03.141647 Gst: c0000003 00000007 00000340 00000340 00000000
00:00:03.141648 Hst: 00000007 00000340 00000340 00000000
00:00:03.141648 Centaur Supports: 0xc0000000-0x00000007
00:00:03.141649 Mnemonic - Description = guest (host)
00:00:03.141649 AIS - Alternate Instruction Set = 0 (0)
00:00:03.141650 AIS-E - AIS enabled = 0 (0)
00:00:03.141650 RNG - Random Number Generator = 0 (0)
00:00:03.141650 RNG-E - RNG enabled = 0 (0)
00:00:03.141651 LH - LongHaul MSR 0000_110Ah = 0 (0)
00:00:03.141651 FEMMS - FEMMS = 0 (0)
00:00:03.141651 ACE - Advanced Cryptography Engine = 0 (0)
00:00:03.141652 ACE-E - ACE enabled = 0 (0)
00:00:03.141666 ACE2 - Advanced Cryptography Engine 2 = 0 (0)
00:00:03.141666 ACE2-E - ACE enabled = 0 (0)
00:00:03.141666 PHE - Padlock Hash Engine = 0 (0)
00:00:03.141667 PHE-E - PHE enabled = 0 (0)
00:00:03.141667 PMM - Montgomery Multiplier = 0 (0)
00:00:03.141667 PMM-E - PMM enabled = 0 (0)
00:00:03.141668 14 - Reserved = 0 (0)
00:00:03.141668 15 - Reserved = 0 (0)
00:00:03.141669 Parallax = 0 (0)
00:00:03.141669 Parallax enabled = 0 (0)
00:00:03.141669 Overstress = 0 (0)
00:00:03.141670 Overstress enabled = 0 (0)
00:00:03.141670 TM3 - Temperature Monitoring 3 = 0 (0)
00:00:03.141670 TM3-E - TM3 enabled = 0 (0)
00:00:03.141671 RNG2 - Random Number Generator 2 = 0 (0)
00:00:03.141671 RNG2-E - RNG2 enabled = 0 (0)
00:00:03.141672 24 - Reserved = 0 (0)
00:00:03.141672 PHE2 - Padlock Hash Engine 2 = 0 (0)
00:00:03.141672 PHE2-E - PHE2 enabled = 0 (0)
00:00:03.141673
00:00:03.141673
00:00:03.141673 ******************** End of CPUID dump **********************
00:00:03.159895 VM: Halt method global1 (5)
00:00:03.159906 HaltedGlobal1 config: cNsSpinBlockThresholdCfg=50000
00:00:03.159909 Changing the VM state from 'CREATING' to 'CREATED'.
00:00:03.159997 Changing the VM state from 'CREATED' to 'POWERING_ON'.
00:00:03.162797 AIOMgr: Endpoints without assigned bandwidth groups:
00:00:03.162805 AIOMgr: D:\Whonix-Workstation 10\Whonix-Workstation-10.0.0.5.5-disk1.vmdk
00:00:03.163094 Changing the VM state from 'POWERING_ON' to 'RUNNING'.
00:00:03.165175 Guest Log: BIOS: VirtualBox 4.3.26
00:00:03.165253 PIT: mode=2 count=0x10000 (65536) - 18.20 Hz (ch=0)
00:00:03.180765 AHCI#0: Reset the HBA
00:00:03.180823 AHCI#0: Port 0 reset
00:00:03.180893 AHCI#0: Port 1 reset
00:00:03.181112 AHCI#0: Port 2 reset
00:00:03.181182 AHCI#0: Port 3 reset
00:00:03.181629 Guest Log: BIOS: SCSI 0-ID#0: LCHS=13054/255/63 209715199 sectors
00:00:03.182609 PIT: mode=2 count=0x48d3 (18643) - 64.00 Hz (ch=0)
00:00:03.183298 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=640 h=480 bpp=32 cbLine=0xA00, flags=0x1
00:00:03.183306 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x480, Sending to async-handler..
00:00:03.183352 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x480
00:00:03.183364 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:00:03.414569 2D video acceleration is disabled.
00:00:03.414591 HID LEDs sync is disabled.
00:00:03.414596 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:00:05.655874 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000000000000 w=720 h=400 bpp=0 cbLine=0x0, flags=0x1
00:00:05.655901 UIFrameBuffer::RequestResize: Screen=0, Format=0, BitsPerPixel=0, BytesPerLine=0, Size=720x400, Sending to async-handler..
00:00:05.655962 UIFrameBufferQImage::resizeEvent: Format=0, BitsPerPixel=0, BytesPerLine=0, Size=720x400
00:00:05.655974 UIFrameBufferQImage::resizeEvent: Resizing to FALLBACK buffer due to format is invalid..
00:00:05.656797 PIT: mode=2 count=0x10000 (65536) - 18.20 Hz (ch=0)
00:00:05.656990 Guest Log: BIOS: Boot : bseqnr=1, bootseq=0231
00:00:05.657154 Guest Log: BIOS: Boot from Floppy 0 failed
00:00:05.657328 Guest Log: BIOS: Boot : bseqnr=2, bootseq=0023
00:00:05.657926 Guest Log: BIOS: CDROM boot failure code : 0003
00:00:05.658070 Guest Log: BIOS: Boot from CD-ROM failed
00:00:05.658251 Guest Log: BIOS: Boot : bseqnr=3, bootseq=0002
00:00:05.683222 Guest Log: BIOS: Booting from Hard Disk...
00:00:06.091263 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008cbc000 w=640 h=480 bpp=32 cbLine=0xA00, flags=0x1
00:00:06.091288 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x480, Sending to async-handler..
00:00:06.091350 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x480
00:00:06.091362 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:00:07.099767 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=640 h=480 bpp=32 cbLine=0xA00, flags=0x1
00:00:07.099791 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x480, Sending to async-handler..
00:00:07.099853 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x480
00:00:07.099865 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:00:08.089131 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008cbc000 w=640 h=480 bpp=32 cbLine=0xA00, flags=0x1
00:00:08.089154 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x480, Sending to async-handler..
00:00:08.089205 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x480
00:00:08.089217 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:00:09.102895 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=640 h=480 bpp=32 cbLine=0xA00, flags=0x1
00:00:09.102917 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x480, Sending to async-handler..
00:00:09.102968 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x480
00:00:09.102980 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:00:10.092885 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008cbc000 w=640 h=480 bpp=32 cbLine=0xA00, flags=0x1
00:00:10.093094 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x480, Sending to async-handler..
00:00:10.093386 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x480
00:00:10.093433 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:00:11.102164 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=640 h=480 bpp=32 cbLine=0xA00, flags=0x1
00:00:11.102188 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x480, Sending to async-handler..
00:00:11.102240 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x480
00:00:11.102252 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:00:11.383763 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008cbc000 w=640 h=480 bpp=32 cbLine=0xA00, flags=0x1
00:00:11.383782 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x480, Sending to async-handler..
00:00:11.383840 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x480
00:00:11.383851 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:00:11.838289 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=640 h=480 bpp=32 cbLine=0xA00, flags=0x1
00:00:11.838310 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x480, Sending to async-handler..
00:00:11.838363 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x480
00:00:11.838375 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:00:16.099623 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000000000000 w=720 h=400 bpp=0 cbLine=0x0, flags=0x1
00:00:16.099659 UIFrameBuffer::RequestResize: Screen=0, Format=0, BitsPerPixel=0, BytesPerLine=0, Size=720x400, Sending to async-handler..
00:00:16.099704 UIFrameBufferQImage::resizeEvent: Format=0, BitsPerPixel=0, BytesPerLine=0, Size=720x400
00:00:16.099715 UIFrameBufferQImage::resizeEvent: Resizing to FALLBACK buffer due to format is invalid..
00:00:16.187375 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=1024 h=768 bpp=16 cbLine=0x800, flags=0x1
00:00:16.187400 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=16, BytesPerLine=2048, Size=1024x768, Sending to async-handler..
00:00:16.187483 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=16, BytesPerLine=2048, Size=1024x768
00:00:16.187496 UIFrameBufferQImage::resizeEvent: Resizing to FALLBACK buffer due to format is invalid..
00:00:16.246582 PIT: mode=2 count=0x12a5 (4773) - 249.98 Hz (ch=0)
00:00:16.415344 PIT: mode=0 count=0x10000 (65536) - 18.20 Hz (ch=0)
00:00:17.298940 AHCI#0: Reset the HBA
00:00:17.630954 AHCI#0: Port 1 reset
00:00:20.505412 Guest Additions information report: Version 4.1.18 r78361 '4.1.18_Debian'
00:00:20.505456 Guest Additions information report: Interface = 0x00010004 osType = 0x00053000 (32-bit)
00:00:20.505522 Guest Additions capability report: (0x0 -> 0x0) seamless: no, hostWindowMapping: no, graphics: no
00:00:20.505547 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:00:20.505570 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:00:20.505583 Guest reported fixed hypervisor window at 000f1000000 (size = 0x800000, rc = VINF_SUCCESS)
00:00:20.505645 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:00:20.507518 Guest Log: vboxguest: major 0, IRQ 20, I/O port d020, MMIO at 00000000f0400000 (size 0x400000)
00:00:21.888106 Audio: set_record_source ars=0 als=0 (not implemented)
00:00:21.888399 Audio: set_record_source ars=0 als=0 (not implemented)
00:00:21.892167 Audio: set_record_source ars=0 als=0 (not implemented)
00:00:24.666383 PCNet#0: Init: ss32=1 GCRDRA=0x2f2e8000[32] GCTDRA=0x2f2e9000[16]
00:00:35.369182 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:00:35.375917 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:00:35.605197 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:00:35.877774 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:00:35.877802 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:00:59.077105 Guest Additions capability report: (0x0 -> 0x4) seamless: no, hostWindowMapping: no, graphics: yes
00:00:59.077248 UIMachineView::sltPerformGuestResize: Sending guest size-hint to screen 0 as 1920x929
00:00:59.077395 VMMDev::SetVideoModeHint: got a video mode hint (1920x929x0)@(0x0),(1;0) at 0
00:00:59.192515 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:00:59.195376 UIMediumEnumerator: Machine (or snapshot) event received, ID = f4cc0bdb-2be2-49f7-b00c-d4ae599b92fe
00:00:59.195411 UIMediumEnumerator: Old usage: 3d6d5e1c-86f8-425a-be50-3008319097fb
00:00:59.197342 UIMediumEnumerator: New usage: 3d6d5e1c-86f8-425a-be50-3008319097fb
00:00:59.197361 UIMediumEnumerator: Machine (or snapshot) event processed, ID = f4cc0bdb-2be2-49f7-b00c-d4ae599b92fe
00:01:00.763398 Guest Additions capability report: (0x4 -> 0x4) seamless: no, hostWindowMapping: no, graphics: yes
00:01:00.763477 VBVA_INFO_SCREEN: [0] @0,0 1920x1080, line 0x1e00, BPP 32, flags 0x1
00:01:00.763487 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=1920 h=1080 bpp=32 cbLine=0x1E00, flags=0x1
00:01:00.763492 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=1920x1080, Sending to async-handler..
00:01:00.763534 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:01:00.763581 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=1920x1080
00:01:00.763588 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:01:00.770945 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=1920 h=1080 bpp=32 cbLine=0x1E00, flags=0x1
00:01:00.770971 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=1920x1080, Sending to async-handler..
00:01:00.774359 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=1920x1080
00:01:00.774382 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:01:01.682007 Guest Additions capability report: (0x4 -> 0x4) seamless: no, hostWindowMapping: no, graphics: yes
00:01:01.696136 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:01:01.696209 VBVA_INFO_SCREEN: [0] @0,0 1920x1080, line 0x1e00, BPP 32, flags 0x1
00:05:24.198528 Guest Additions capability report: (0x4 -> 0x5) seamless: yes, hostWindowMapping: no, graphics: yes
00:05:24.256268 UIMachineView::sltPerformGuestResize: Sending guest size-hint to screen 0 as 1920x929
00:05:24.256450 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:05:24.304334 Guest Additions capability report: (0x5 -> 0x5) seamless: yes, hostWindowMapping: no, graphics: yes
00:05:24.304398 VBVA_INFO_SCREEN: [0] @0,0 1920x1080, line 0x1e00, BPP 32, flags 0x3
00:05:24.304407 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000000000000 w=1920 h=1080 bpp=0 cbLine=0x0, flags=0x3
00:05:24.304411 UIFrameBuffer::RequestResize: Screen=0, Format=0, BitsPerPixel=0, BytesPerLine=0, Size=1920x1080, Sending to async-handler..
00:05:24.304417 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:05:24.304446 UIFrameBufferQImage::resizeEvent: Format=0, BitsPerPixel=0, BytesPerLine=0, Size=1920x1080
00:05:24.304452 UIFrameBufferQImage::resizeEvent: Resizing to FALLBACK buffer due to format is invalid..
00:05:24.314965 Guest Additions capability report: (0x5 -> 0x5) seamless: yes, hostWindowMapping: no, graphics: yes
00:05:24.315134 VBVA_INFO_SCREEN: [0] @0,0 1920x1080, line 0x1e00, BPP 32, flags 0x3
00:05:24.315145 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000000000000 w=1920 h=1080 bpp=0 cbLine=0x0, flags=0x3
00:05:24.315152 UIFrameBuffer::RequestResize: Screen=0, Format=0, BitsPerPixel=0, BytesPerLine=0, Size=1920x1080, Sending to async-handler..
00:05:24.316865 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:05:24.316895 UIFrameBufferQImage::resizeEvent: Format=0, BitsPerPixel=0, BytesPerLine=0, Size=1920x1080
00:05:24.316900 UIFrameBufferQImage::resizeEvent: Resizing to FALLBACK buffer due to format is invalid..
00:05:24.327339 Guest Additions capability report: (0x5 -> 0x5) seamless: yes, hostWindowMapping: no, graphics: yes
00:05:24.327383 VBVA_INFO_SCREEN: [0] @0,0 1920x929, line 0x1e00, BPP 32, flags 0x1
00:05:24.327402 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=1920 h=929 bpp=32 cbLine=0x1E00, flags=0x1
00:05:24.327407 Display::handleDisplayResize(): Warning: resize postponed.
00:05:24.327777 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:05:24.327790 UIMachineLogic: Guest-screen count changed.
00:05:24.333287 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=1920 h=929 bpp=32 cbLine=0x1E00, flags=0x1
00:05:24.333327 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=1920x929, Sending to async-handler..
00:05:24.333390 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=1920x929
00:05:24.333403 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:05:24.354217 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=1920 h=929 bpp=32 cbLine=0x1E00, flags=0x1
00:05:24.354242 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=1920x929, Sending to async-handler..
00:05:24.354303 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=1920x929
00:05:24.354314 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:06:22.895734 Guest Additions capability report: (0x5 -> 0x5) seamless: yes, hostWindowMapping: no, graphics: yes
00:06:22.895819 VBVA_INFO_SCREEN: [0] @0,0 1920x929, line 0x1e00, BPP 32, flags 0x1
00:06:22.895849 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:08:16.836915 UIMachineView::sltPerformGuestResize: Sending guest size-hint to screen 0 as 640x476
00:08:16.837070 VMMDev::SetVideoModeHint: got a video mode hint (640x476x0)@(0x0),(1;0) at 0
00:08:16.846875 Guest Additions capability report: (0x5 -> 0x5) seamless: yes, hostWindowMapping: no, graphics: yes
00:08:16.846942 VBVA_INFO_SCREEN: [0] @0,0 1920x929, line 0x1e00, BPP 32, flags 0x3
00:08:16.846952 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000000000000 w=1920 h=929 bpp=0 cbLine=0x0, flags=0x3
00:08:16.846956 UIFrameBuffer::RequestResize: Screen=0, Format=0, BitsPerPixel=0, BytesPerLine=0, Size=1920x929, Sending to async-handler..
00:08:16.846966 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:08:16.846992 UIFrameBufferQImage::resizeEvent: Format=0, BitsPerPixel=0, BytesPerLine=0, Size=1920x929
00:08:16.846997 UIFrameBufferQImage::resizeEvent: Resizing to FALLBACK buffer due to format is invalid..
00:08:16.857709 Guest Additions capability report: (0x5 -> 0x5) seamless: yes, hostWindowMapping: no, graphics: yes
00:08:16.857786 VBVA_INFO_SCREEN: [0] @0,0 640x929, line 0xa00, BPP 32, flags 0x3
00:08:16.857793 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000000000000 w=1920 h=929 bpp=0 cbLine=0x0, flags=0x3
00:08:16.857798 Display::handleDisplayResize(): Warning: resize postponed.
00:08:16.857843 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:08:16.858430 Guest Additions capability report: (0x5 -> 0x5) seamless: yes, hostWindowMapping: no, graphics: yes
00:08:16.858462 VBVA_INFO_SCREEN: [0] @0,0 640x476, line 0xa00, BPP 32, flags 0x1
00:08:16.858478 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=640 h=476 bpp=32 cbLine=0xA00, flags=0x1
00:08:16.858482 Display::handleDisplayResize(): Warning: resize postponed.
00:08:16.858593 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:08:16.858604 UIMachineLogic: Guest-screen count changed.
00:08:16.867419 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=640 h=476 bpp=32 cbLine=0xA00, flags=0x1
00:08:16.867452 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x476, Sending to async-handler..
00:08:16.867503 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x476
00:08:16.867516 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:08:16.886962 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=640 h=476 bpp=32 cbLine=0xA00, flags=0x1
00:08:16.886988 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x476, Sending to async-handler..
00:08:16.887031 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x476
00:08:16.887043 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:08:19.901804 UIMachineView::sltPerformGuestResize: Sending guest size-hint to screen 0 as 1920x929
00:08:19.901958 VMMDev::SetVideoModeHint: got a video mode hint (1920x929x0)@(0x0),(1;0) at 0
00:08:19.914220 Guest Additions capability report: (0x5 -> 0x5) seamless: yes, hostWindowMapping: no, graphics: yes
00:08:19.914299 VBVA_INFO_SCREEN: [0] @0,0 640x476, line 0x1e00, BPP 32, flags 0x1
00:08:19.914307 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=640 h=476 bpp=32 cbLine=0x1E00, flags=0x1
00:08:19.914312 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=640x476, Sending to async-handler..
00:08:19.914332 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:08:19.914385 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=640x476
00:08:19.914395 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:08:19.915395 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=640 h=476 bpp=32 cbLine=0x1E00, flags=0x1
00:08:19.915407 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=640x476, Sending to async-handler..
00:08:19.915447 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=640x476
00:08:19.915458 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:08:19.917514 Guest Additions capability report: (0x5 -> 0x5) seamless: yes, hostWindowMapping: no, graphics: yes
00:08:19.917573 VBVA_INFO_SCREEN: [0] @0,0 1920x929, line 0x1e00, BPP 32, flags 0x1
00:08:19.917582 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=1920 h=929 bpp=32 cbLine=0x1E00, flags=0x1
00:08:19.917586 Display::handleDisplayResize(): Warning: resize postponed.
00:08:19.917593 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:08:19.935596 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=1920 h=929 bpp=32 cbLine=0x1E00, flags=0x1
00:08:19.935622 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=1920x929, Sending to async-handler..
00:08:19.935687 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=1920x929
00:08:19.935699 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:08:19.955919 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=1920 h=929 bpp=32 cbLine=0x1E00, flags=0x1
00:08:19.955947 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=1920x929, Sending to async-handler..
00:08:19.956009 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=1920x929
00:08:19.956020 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:10:13.978036 UIMachineView::sltPerformGuestResize: Sending guest size-hint to screen 0 as 640x476
00:10:13.978195 VMMDev::SetVideoModeHint: got a video mode hint (640x476x0)@(0x0),(1;0) at 0
00:10:13.986685 Guest Additions capability report: (0x5 -> 0x5) seamless: yes, hostWindowMapping: no, graphics: yes
00:10:13.986746 VBVA_INFO_SCREEN: [0] @0,0 1920x929, line 0x1e00, BPP 32, flags 0x3
00:10:13.986756 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000000000000 w=1920 h=929 bpp=0 cbLine=0x0, flags=0x3
00:10:13.986760 UIFrameBuffer::RequestResize: Screen=0, Format=0, BitsPerPixel=0, BytesPerLine=0, Size=1920x929, Sending to async-handler..
00:10:13.986771 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:10:13.986798 UIFrameBufferQImage::resizeEvent: Format=0, BitsPerPixel=0, BytesPerLine=0, Size=1920x929
00:10:13.986804 UIFrameBufferQImage::resizeEvent: Resizing to FALLBACK buffer due to format is invalid..
00:10:13.995274 Guest Additions capability report: (0x5 -> 0x5) seamless: yes, hostWindowMapping: no, graphics: yes
00:10:13.995377 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:10:13.995758 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=640 h=929 bpp=32 cbLine=0xA00, flags=0x1
00:10:13.995768 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x929, Sending to async-handler..
00:10:13.995931 VBVA_INFO_SCREEN: [0] @0,0 640x929, line 0xa00, BPP 32, flags 0x3
00:10:13.995941 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000000000000 w=1920 h=929 bpp=0 cbLine=0x0, flags=0x3
00:10:13.995945 Display::handleDisplayResize(): Warning: resize postponed.
00:10:13.996378 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x929
00:10:13.996388 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:10:13.997030 Guest Additions capability report: (0x5 -> 0x5) seamless: yes, hostWindowMapping: no, graphics: yes
00:10:13.997096 VBVA_INFO_SCREEN: [0] @0,0 640x476, line 0xa00, BPP 32, flags 0x1
00:10:13.997127 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=640 h=476 bpp=32 cbLine=0xA00, flags=0x1
00:10:13.997136 Display::handleDisplayResize(): Warning: resize postponed.
00:10:14.000305 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:10:14.000322 UIMachineLogic: Guest-screen count changed.
00:10:14.015986 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=640 h=476 bpp=32 cbLine=0xA00, flags=0x1
00:10:14.016015 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x476, Sending to async-handler..
00:10:14.016059 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x476
00:10:14.016072 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:10:14.036654 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=640 h=476 bpp=32 cbLine=0xA00, flags=0x1
00:10:14.036684 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x476, Sending to async-handler..
00:10:14.036781 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x476
00:10:14.036798 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:11:24.196391 UIMachineView::sltPerformGuestResize: Sending guest size-hint to screen 0 as 1920x929
00:11:24.196545 VMMDev::SetVideoModeHint: got a video mode hint (1920x929x0)@(0x0),(1;0) at 0
00:11:24.209073 Guest Additions capability report: (0x5 -> 0x5) seamless: yes, hostWindowMapping: no, graphics: yes
00:11:24.209146 VBVA_INFO_SCREEN: [0] @0,0 640x476, line 0x1e00, BPP 32, flags 0x1
00:11:24.209155 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=640 h=476 bpp=32 cbLine=0x1E00, flags=0x1
00:11:24.209160 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=640x476, Sending to async-handler..
00:11:24.209166 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:11:24.209191 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=640x476
00:11:24.209196 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:11:24.211282 Guest Additions capability report: (0x5 -> 0x5) seamless: yes, hostWindowMapping: no, graphics: yes
00:11:24.211324 VBVA_INFO_SCREEN: [0] @0,0 1920x929, line 0x1e00, BPP 32, flags 0x1
00:11:24.211332 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=1920 h=929 bpp=32 cbLine=0x1E00, flags=0x1
00:11:24.211337 Display::handleDisplayResize(): Warning: resize postponed.
00:11:24.211343 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:11:24.222663 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=1920 h=929 bpp=32 cbLine=0x1E00, flags=0x1
00:11:24.222705 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=1920x929, Sending to async-handler..
00:11:24.222773 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=1920x929
00:11:24.222785 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:11:24.243348 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=1920 h=929 bpp=32 cbLine=0x1E00, flags=0x1
00:11:24.243376 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=1920x929, Sending to async-handler..
00:11:24.243420 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=1920x929
00:11:24.243432 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:12:01.431176 UIMachineView::sltPerformGuestResize: Sending guest size-hint to screen 0 as 640x476
00:12:01.431305 VMMDev::SetVideoModeHint: got a video mode hint (640x476x0)@(0x0),(1;0) at 0
00:12:01.440752 Guest Additions capability report: (0x5 -> 0x5) seamless: yes, hostWindowMapping: no, graphics: yes
00:12:01.455970 VBVA_INFO_SCREEN: [0] @0,0 1920x929, line 0x1e00, BPP 32, flags 0x3
00:12:01.456005 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000000000000 w=1920 h=929 bpp=0 cbLine=0x0, flags=0x3
00:12:01.456010 UIFrameBuffer::RequestResize: Screen=0, Format=0, BitsPerPixel=0, BytesPerLine=0, Size=1920x929, Sending to async-handler..
00:12:01.456373 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:12:01.456416 UIFrameBufferQImage::resizeEvent: Format=0, BitsPerPixel=0, BytesPerLine=0, Size=1920x929
00:12:01.456422 UIFrameBufferQImage::resizeEvent: Resizing to FALLBACK buffer due to format is invalid..
00:12:01.465229 Guest Additions capability report: (0x5 -> 0x5) seamless: yes, hostWindowMapping: no, graphics: yes
00:12:01.472671 VBVA_INFO_SCREEN: [0] @0,0 640x929, line 0xa00, BPP 32, flags 0x3
00:12:01.472691 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000000000000 w=1920 h=929 bpp=0 cbLine=0x0, flags=0x3
00:12:01.472695 Display::handleDisplayResize(): Warning: resize postponed.
00:12:01.473585 Guest Additions capability report: (0x5 -> 0x5) seamless: yes, hostWindowMapping: no, graphics: yes
00:12:01.473619 VBVA_INFO_SCREEN: [0] @0,0 640x476, line 0xa00, BPP 32, flags 0x1
00:12:01.473635 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=640 h=476 bpp=32 cbLine=0xA00, flags=0x1
00:12:01.473640 Display::handleDisplayResize(): Warning: resize postponed.
00:12:01.473677 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:12:01.475018 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=640 h=476 bpp=32 cbLine=0xA00, flags=0x1
00:12:01.475031 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x476, Sending to async-handler..
00:12:01.489287 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:12:01.489300 UIMachineLogic: Guest-screen count changed.
00:12:01.490269 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x476
00:12:01.490280 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:12:01.509628 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=640 h=476 bpp=32 cbLine=0xA00, flags=0x1
00:12:01.509655 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x476, Sending to async-handler..
00:12:01.509714 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x476
00:12:01.509726 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:12:04.790256 UIMachineView::sltPerformGuestResize: Sending guest size-hint to screen 0 as 1920x929
00:12:04.790347 VMMDev::SetVideoModeHint: got a video mode hint (1920x929x0)@(0x0),(1;0) at 0
00:12:04.802626 Guest Additions capability report: (0x5 -> 0x5) seamless: yes, hostWindowMapping: no, graphics: yes
00:12:04.802699 VBVA_INFO_SCREEN: [0] @0,0 640x476, line 0x1e00, BPP 32, flags 0x1
00:12:04.802708 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=640 h=476 bpp=32 cbLine=0x1E00, flags=0x1
00:12:04.802717 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:12:04.802746 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=640x476, Sending to async-handler..
00:12:04.802777 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=640x476
00:12:04.802783 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:12:04.803166 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=640 h=476 bpp=32 cbLine=0x1E00, flags=0x1
00:12:04.803175 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=640x476, Sending to async-handler..
00:12:04.803198 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=640x476
00:12:04.803209 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:12:04.808589 Guest Additions capability report: (0x5 -> 0x5) seamless: yes, hostWindowMapping: no, graphics: yes
00:12:04.808633 VBVA_INFO_SCREEN: [0] @0,0 1920x929, line 0x1e00, BPP 32, flags 0x1
00:12:04.808641 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=1920 h=929 bpp=32 cbLine=0x1E00, flags=0x1
00:12:04.808646 Display::handleDisplayResize(): Warning: resize postponed.
00:12:04.808654 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:12:04.823005 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=1920 h=929 bpp=32 cbLine=0x1E00, flags=0x1
00:12:04.823033 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=1920x929, Sending to async-handler..
00:12:04.823096 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=1920x929
00:12:04.823109 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:12:04.843662 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=1920 h=929 bpp=32 cbLine=0x1E00, flags=0x1
00:12:04.843691 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=1920x929, Sending to async-handler..
00:12:04.843750 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=1920x929
00:12:04.843762 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:13:28.072932 UIMachineView::sltPerformGuestResize: Sending guest size-hint to screen 0 as 640x476
00:13:28.073082 VMMDev::SetVideoModeHint: got a video mode hint (640x476x0)@(0x0),(1;0) at 0
00:13:28.081440 Guest Additions capability report: (0x5 -> 0x5) seamless: yes, hostWindowMapping: no, graphics: yes
00:13:28.081500 VBVA_INFO_SCREEN: [0] @0,0 1920x929, line 0x1e00, BPP 32, flags 0x3
00:13:28.081509 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000000000000 w=1920 h=929 bpp=0 cbLine=0x0, flags=0x3
00:13:28.081514 UIFrameBuffer::RequestResize: Screen=0, Format=0, BitsPerPixel=0, BytesPerLine=0, Size=1920x929, Sending to async-handler..
00:13:28.081525 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:13:28.081551 UIFrameBufferQImage::resizeEvent: Format=0, BitsPerPixel=0, BytesPerLine=0, Size=1920x929
00:13:28.081556 UIFrameBufferQImage::resizeEvent: Resizing to FALLBACK buffer due to format is invalid..
00:13:28.092582 Guest Additions capability report: (0x5 -> 0x5) seamless: yes, hostWindowMapping: no, graphics: yes
00:13:28.092658 VBVA_INFO_SCREEN: [0] @0,0 640x929, line 0xa00, BPP 32, flags 0x3
00:13:28.092671 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000000000000 w=1920 h=929 bpp=0 cbLine=0x0, flags=0x3
00:13:28.092678 UIFrameBuffer::RequestResize: Screen=0, Format=0, BitsPerPixel=0, BytesPerLine=0, Size=1920x929, Sending to async-handler..
00:13:28.092683 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:13:28.092770 UIFrameBufferQImage::resizeEvent: Format=0, BitsPerPixel=0, BytesPerLine=0, Size=1920x929
00:13:28.092779 UIFrameBufferQImage::resizeEvent: Resizing to FALLBACK buffer due to format is invalid..
00:13:28.094068 Guest Additions capability report: (0x5 -> 0x5) seamless: yes, hostWindowMapping: no, graphics: yes
00:13:28.094118 VBVA_INFO_SCREEN: [0] @0,0 640x476, line 0xa00, BPP 32, flags 0x1
00:13:28.094138 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=640 h=476 bpp=32 cbLine=0xA00, flags=0x1
00:13:28.094143 Display::handleDisplayResize(): Warning: resize postponed.
00:13:28.097067 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:13:28.097081 UIMachineLogic: Guest-screen count changed.
00:13:28.108652 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=640 h=476 bpp=32 cbLine=0xA00, flags=0x1
00:13:28.108679 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x476, Sending to async-handler..
00:13:28.108739 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x476
00:13:28.108751 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:13:28.130314 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=640 h=476 bpp=32 cbLine=0xA00, flags=0x1
00:13:28.130345 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x476, Sending to async-handler..
00:13:28.130444 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=2560, Size=640x476
00:13:28.130460 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:16:23.572003 UIMachineView::sltPerformGuestResize: Sending guest size-hint to screen 0 as 1920x929
00:16:23.572158 VMMDev::SetVideoModeHint: got a video mode hint (1920x929x0)@(0x0),(1;0) at 0
00:16:23.585025 Guest Additions capability report: (0x5 -> 0x5) seamless: yes, hostWindowMapping: no, graphics: yes
00:16:23.585104 VBVA_INFO_SCREEN: [0] @0,0 640x476, line 0x1e00, BPP 32, flags 0x1
00:16:23.585113 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=640 h=476 bpp=32 cbLine=0x1E00, flags=0x1
00:16:23.585118 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=640x476, Sending to async-handler..
00:16:23.585137 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:16:23.585165 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=640x476
00:16:23.585171 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:16:23.586349 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=640 h=476 bpp=32 cbLine=0x1E00, flags=0x1
00:16:23.586364 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=640x476, Sending to async-handler..
00:16:23.586409 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=640x476
00:16:23.586420 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:16:23.587591 Guest Additions capability report: (0x5 -> 0x5) seamless: yes, hostWindowMapping: no, graphics: yes
00:16:23.587629 VBVA_INFO_SCREEN: [0] @0,0 1920x929, line 0x1e00, BPP 32, flags 0x1
00:16:23.587637 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=1920 h=929 bpp=32 cbLine=0x1E00, flags=0x1
00:16:23.587641 Display::handleDisplayResize(): Warning: resize postponed.
00:16:23.587650 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:16:23.606062 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=1920 h=929 bpp=32 cbLine=0x1E00, flags=0x1
00:16:23.606102 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=1920x929, Sending to async-handler..
00:16:23.606164 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=1920x929
00:16:23.606176 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:16:23.625819 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=1920 h=929 bpp=32 cbLine=0x1E00, flags=0x1
00:16:23.625847 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=1920x929, Sending to async-handler..
00:16:23.625899 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=32, BytesPerLine=7680, Size=1920x929
00:16:23.625911 UIFrameBufferQImage::resizeEvent: Resizing to directly use VGA device content..
00:33:27.580923 Guest Additions capability report: (0x5 -> 0x4) seamless: no, hostWindowMapping: no, graphics: yes
00:33:27.581219 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:33:27.587913 Guest Additions capability report: (0x4 -> 0x4) seamless: no, hostWindowMapping: no, graphics: yes
00:33:27.587965 VBVA_INFO_SCREEN: [0] @0,0 1920x929, line 0x1e00, BPP 32, flags 0x1
00:33:27.587982 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:33:27.588004 Guest Additions capability report: (0x4 -> 0x0) seamless: no, hostWindowMapping: no, graphics: no
00:33:27.588062 UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:33:27.601726 Display::handleDisplayResize(): uScreenId = 0, pvVRAM=0000000008b90000 w=1024 h=768 bpp=16 cbLine=0x800, flags=0x1
00:33:27.601752 UIFrameBuffer::RequestResize: Screen=0, Format=843204434, BitsPerPixel=16, BytesPerLine=2048, Size=1024x768, Sending to async-handler..
00:33:27.601817 UIFrameBufferQImage::resizeEvent: Format=843204434, BitsPerPixel=16, BytesPerLine=2048, Size=1024x768
00:33:27.601829 UIFrameBufferQImage::resizeEvent: Resizing to FALLBACK buffer due to format is invalid..
00:33:33.183267 Entering S5 power state (power down)
00:33:33.183332 Changing the VM state from 'RUNNING' to 'POWERING_OFF'.
00:33:33.183339 ****************** Guest state at power off ******************
00:33:33.183343 Guest CPUM (VCPU 0) state:
00:33:33.183348 eax=00001401 ebx=00004004 ecx=00000010 edx=00004004 esi=00001401 edi=00001401
00:33:33.183350 eip=c119c010 esp=ef223e30 ebp=ef222000 iopl=0 nv up di pl nz na po nc
00:33:33.183352 cs={0060 base=0000000000000000 limit=ffffffff flags=0000c09b} dr0=00000000 dr1=00000000
00:33:33.183354 ds={007b base=0000000000000000 limit=ffffffff flags=0000c0f3} dr2=00000000 dr3=00000000
00:33:33.183355 es={007b base=0000000000000000 limit=ffffffff flags=0000c0f3} dr4=00000000 dr5=00000000
00:33:33.183356 fs={00d8 base=000000002e55d000 limit=ffffffff flags=00008093} dr6=ffff0ff0 dr7=00000400
00:33:33.183358 gs={00e0 base=00000000ef9e2980 limit=00000018 flags=00004091} cr0=8005003b cr2=b774a52c
00:33:33.183360 ss={0068 base=0000000000000000 limit=ffffffff flags=0000c093} cr3=2e946000 cr4=000006f0
00:33:33.183361 gdtr=00000000ef9db000:00ff idtr=00000000c13e0000:07ff eflags=00000046
00:33:33.183362 ldtr={0000 base=00000000 limit=ffffffff flags=0001c000}
00:33:33.183363 tr ={0080 base=ef9e07c0 limit=0000206b flags=0000008b}
00:33:33.183364 SysEnter={cs=0060 eip=c12c9fdc esp=ef9e2940}
00:33:33.183365 FCW=037f FSW=0000 FTW=0000 FOP=0000 MXCSR=00001f80 MXCSR_MASK=0000ffff
00:33:33.183366 FPUIP=0804bcd8 CS=0000 Rsrvd1=0000 FPUDP=bfbcfdd0 DS=0000 Rsvrd2=0000
00:33:33.183368 ST(0)=FPR0={0000'00000000'00000000} t0 +0.0000000000000000000000 ^ 0
00:33:33.183369 ST(1)=FPR1={0000'00000000'00000000} t0 +0.0000000000000000000000 ^ 0
00:33:33.183371 ST(2)=FPR2={0000'00000000'00000000} t0 +0.0000000000000000000000 ^ 0
00:33:33.183372 ST(3)=FPR3={0000'00000000'00000000} t0 +0.0000000000000000000000 ^ 0
00:33:33.183373 ST(4)=FPR4={0000'00000000'00000000} t0 +0.0000000000000000000000 ^ 0
00:33:33.183374 ST(5)=FPR5={0000'00000000'00000000} t0 +0.0000000000000000000000 ^ 0
00:33:33.183374 ST(6)=FPR6={0000'00000000'00000000} t0 +0.0000000000000000000000 ^ 0
00:33:33.183375 ST(7)=FPR7={0000'00000000'00000000} t0 +0.0000000000000000000000 ^ 0
00:33:33.183376 XMM0 =00000000'00000000'00000000'00000000 XMM1 =00000000'00000000'00000000'00000000
00:33:33.183378 XMM2 =00000000'00000000'00000000'00000000 XMM3 =00000000'00000000'00000000'00000000
00:33:33.183379 XMM4 =00000000'00000000'00000000'00000000 XMM5 =00000000'00000000'00000000'00000000
00:33:33.183381 XMM6 =00000000'00000000'00000000'00000000 XMM7 =00000000'00000000'00000000'00000000
00:33:33.183382 XMM8 =00000000'00000000'00000000'00000000 XMM9 =00000000'00000000'00000000'00000000
00:33:33.183383 XMM10=00000000'00000000'00000000'00000000 XMM11=00000000'00000000'00000000'00000000
00:33:33.183385 XMM12=00000000'00000000'00000000'00000000 XMM13=00000000'00000000'00000000'00000000
00:33:33.183386 XMM14=00000000'00000000'00000000'00000000 XMM15=00000000'00000000'00000000'00000000
00:33:33.183387 EFER =0000000000000800
00:33:33.183388 PAT =0007010600070106
00:33:33.183389 STAR =0000000000000000
00:33:33.183389 CSTAR =0000000000000000
00:33:33.183389 LSTAR =0000000000000000
00:33:33.183390 SFMASK =0000000000000000
00:33:33.183390 KERNELGSBASE =0000000000000000
00:33:33.183390 ***
00:33:33.183393 Guest paging mode: PAE+NX (changed 815569 times), A20 enabled (changed 2 times)
00:33:33.183395 Shadow paging mode: EPT
00:33:33.183396 Host paging mode: AMD64+G+NX
00:33:33.183397 ***
00:33:33.183399 Active Timers (pVM=0000000003ee0000)
00:33:33.183400 pTimerR3 offNext offPrev offSched Clock Time Expire HzHint State Description
00:33:33.183402 0000000006424b70 ffff1580 00000000 00000000 Real 84136019 84136027 0 2-ACTIVE CPU Load Timer
00:33:33.183405 00000000064160f0 0000eb00 0000ea80 00000000 Real 84136019 84136033 0 2-ACTIVE VGA Refresh Timer
00:33:33.183407 0000000006424bf0 00000000 ffff1500 00000000 Real 84136019 84136038 0 2-ACTIVE EMT Yielder
00:33:33.183410 0000000006421c10 00000000 00000000 00000000 Virt 2010020227016 2010020196417 0 2-ACTIVE Audio timer
00:33:33.183412 000000000640cdd0 00001280 00000000 00000000 VrSy 2010019771052 2010022239999 283 2-ACTIVE APIC Timer #0
00:33:33.183415 000000000640e050 00015800 ffffed80 00000000 VrSy 2010019773634 2010990000000 0 2-ACTIVE MC146818 RTC/CMOS - Second
00:33:33.183417 0000000006423850 00000000 fffea800 00000000 VrSy 2010019776133 2399728063764 0 2-ACTIVE ACPI PM Timer
00:33:33.183420 ***
00:33:33.183423 ***
00:33:33.183423 ************** End of Guest state at power off ***************
00:33:33.194720 PDMR3PowerOff: 11 274 814 ns run time
00:33:33.194772 Changing the VM state from 'POWERING_OFF' to 'OFF'.
00:33:33.196311 Console::powerDown(): A request to power off the VM has been issued (mMachineState=Stopping, InUninit=0)
00:33:33.198240 Changing the VM state from 'OFF' to 'DESTROYING'.
00:33:33.198277 ************************* Statistics *************************
00:33:33.198353 /CPUM/MSR-Totals/Reads 31 times
00:33:33.198359 /CPUM/MSR-Totals/ReadsRaisingGP 0 times
00:33:33.198362 /CPUM/MSR-Totals/ReadsUnknown 0 times
00:33:33.198365 /CPUM/MSR-Totals/Writes 9 times
00:33:33.198368 /CPUM/MSR-Totals/WritesRaisingGP 0 times
00:33:33.198371 /CPUM/MSR-Totals/WritesToIgnoredBits 0 times
00:33:33.198417 /CPUM/MSR-Totals/WritesUnknown 0 times
00:33:33.198423 /Devices/PCNet0/ReceiveBytes 7050 bytes
00:33:33.198426 /Devices/PCNet0/TransmitBytes 5705 bytes
00:33:33.198440 /Devices/SCSI0/0/IoDepth 0 count
00:33:33.198444 /Devices/SCSI0/0/ReadBytes 268204032 bytes
00:33:33.198447 /Devices/SCSI0/0/WrittenBytes 8253440 bytes
00:33:33.198450 /Devices/VMMDev/BalloonChunks 0 count
00:33:33.198453 /Drivers/IntNet-0/BadFrames 0 count
00:33:33.198456 /Drivers/IntNet-0/Bytes/Received 6424 bytes
00:33:33.198459 /Drivers/IntNet-0/Bytes/Sent 5705 bytes
00:33:33.198461 /Drivers/IntNet-0/Overflows/Recv 0 count
00:33:33.198464 /Drivers/IntNet-0/Overflows/Sent 0 count
00:33:33.198467 /Drivers/IntNet-0/Packets/Lost 0 count
00:33:33.198470 /Drivers/IntNet-0/Packets/Received 76 count
00:33:33.198473 /Drivers/IntNet-0/Packets/Received-Gso 0 count
00:33:33.198476 /Drivers/IntNet-0/Packets/Sent 92 count
00:33:33.198479 /Drivers/IntNet-0/Packets/Sent-Gso 0 count
00:33:33.198482 /Drivers/IntNet-0/Packets/Sent-R0 91 count
00:33:33.198485 /Drivers/IntNet-0/Recv1 0 ticks/call ( 0 ticks, 0 times, max 0, min -1)
00:33:33.198489 /Drivers/IntNet-0/Recv2 0 ticks/call ( 0 ticks, 0 times, max 0, min -1)
00:33:33.198493 /Drivers/IntNet-0/Reserved 0 ticks/call ( 0 ticks, 0 times, max 0, min -1)
00:33:33.198496 /Drivers/IntNet-0/Send1 4553 ticks/call ( 418915 ticks, 92 times, max 28413, min 836)
00:33:33.198500 /Drivers/IntNet-0/Send2 0 ticks/call ( 0 ticks, 0 times, max 0, min -1)
00:33:33.198503 /Drivers/IntNet-0/XmitProcessRing 0 count
00:33:33.198506 /Drivers/IntNet-0/XmitWakeup-R0 0 count
00:33:33.198509 /Drivers/IntNet-0/XmitWakeup-R3 0 count
00:33:33.198511 /Drivers/IntNet-0/YieldNok 0 count
00:33:33.198514 /Drivers/IntNet-0/YieldOk 0 count
00:33:33.198517 /FT/Checkpoint/Network 0 times
00:33:33.198520 /FT/Checkpoint/Storage 0 times
00:33:33.198523 /FT/Received/Mem 0 bytes
00:33:33.198526 /FT/Received/State 0 bytes
00:33:33.198529 /FT/Sent/Mem 0 bytes
00:33:33.198531 /FT/Sent/State 0 bytes
00:33:33.198534 /FT/Sync/DeltaMem 0 times
00:33:33.198537 /FT/Sync/DeltaVM 0 times
00:33:33.198540 /FT/Sync/Full 0 times
00:33:33.198543 /GMM/VM/Allocated/cBasePages 131102 pages
00:33:33.198546 /GMM/VM/Allocated/cFixedPages 0 pages
00:33:33.198549 /GMM/VM/Allocated/cShadowPages 0 pages
00:33:33.198552 /GMM/VM/Reserved/cBasePages 196766 pages
00:33:33.198555 /GMM/VM/Reserved/cFixedPages 33796 pages
00:33:33.198558 /GMM/VM/Reserved/cShadowPages 1 pages
00:33:33.198561 /GMM/VM/cBalloonedPages 0 pages
00:33:33.198564 /GMM/VM/cMaxBalloonedPages 0 pages
00:33:33.198567 /GMM/VM/cPrivatePages 131102 pages
00:33:33.198570 /GMM/VM/cReqActuallyBalloonedPages 0 pages
00:33:33.198572 /GMM/VM/cReqBalloonedPages 0 pages
00:33:33.198575 /GMM/VM/cReqDeflatePages 0 pages
00:33:33.198578 /GMM/VM/cShareableModules 0 count
00:33:33.198581 /GMM/VM/cSharedPages 0 pages
00:33:33.198584 /GMM/VM/enmPolicy 1
00:33:33.198587 /GMM/VM/enmPriority 2
00:33:33.198590 /GMM/VM/fBallooningEnabled false
00:33:33.198593 /GMM/VM/fMayAllocate true
00:33:33.198596 /GMM/VM/fSharedPagingEnabled false
00:33:33.198599 /GMM/cAllocatedPages 258644 pages
00:33:33.198601 /GMM/cBalloonedPages 0 pages
00:33:33.198605 /GMM/cChunks 507 count
00:33:33.198609 /GMM/cDuplicatePages 0 pages
00:33:33.198612 /GMM/cFreedChunks 0 count
00:33:33.198615 /GMM/cLeftBehindSharedPages 0 pages
00:33:33.198617 /GMM/cMaxPages 4294967295 pages
00:33:33.198621 /GMM/cOverCommittedPages 0 pages
00:33:33.198624 /GMM/cReservedPages 430406 pages
00:33:33.198627 /GMM/cShareableModules 0 count
00:33:33.198630 /GMM/cSharedPages 0 pages
00:33:33.198633 /GVMM/EMTs 2 calls
00:33:33.198636 /GVMM/HostCPUs 8 calls
00:33:33.198639 /GVMM/HostCpus/0 0
00:33:33.198642 /GVMM/HostCpus/0/CurTimerHz 0 Hz
00:33:33.198644 /GVMM/HostCpus/0/DesiredHz 0 Hz
00:33:33.198647 /GVMM/HostCpus/0/PPTChanges 0 times
00:33:33.198650 /GVMM/HostCpus/0/PPTStarts 0 times
00:33:33.198653 /GVMM/HostCpus/0/idxCpuSet 0
00:33:33.198656 /GVMM/HostCpus/1 1
00:33:33.198658 /GVMM/HostCpus/1/CurTimerHz 0 Hz
00:33:33.198661 /GVMM/HostCpus/1/DesiredHz 0 Hz
00:33:33.198664 /GVMM/HostCpus/1/PPTChanges 0 times
00:33:33.198667 /GVMM/HostCpus/1/PPTStarts 0 times
00:33:33.198669 /GVMM/HostCpus/1/idxCpuSet 1
00:33:33.198672 /GVMM/HostCpus/2 2
00:33:33.198675 /GVMM/HostCpus/2/CurTimerHz 0 Hz
00:33:33.198678 /GVMM/HostCpus/2/DesiredHz 0 Hz
00:33:33.198683 /GVMM/HostCpus/2/PPTChanges 0 times
00:33:33.198687 /GVMM/HostCpus/2/PPTStarts 0 times
00:33:33.198690 /GVMM/HostCpus/2/idxCpuSet 2
00:33:33.198692 /GVMM/HostCpus/3 3
00:33:33.198695 /GVMM/HostCpus/3/CurTimerHz 0 Hz
00:33:33.198698 /GVMM/HostCpus/3/DesiredHz 0 Hz
00:33:33.198701 /GVMM/HostCpus/3/PPTChanges 0 times
00:33:33.198703 /GVMM/HostCpus/3/PPTStarts 0 times
00:33:33.198706 /GVMM/HostCpus/3/idxCpuSet 3
00:33:33.198709 /GVMM/HostCpus/4 4
00:33:33.198712 /GVMM/HostCpus/4/CurTimerHz 0 Hz
00:33:33.198715 /GVMM/HostCpus/4/DesiredHz 0 Hz
00:33:33.198717 /GVMM/HostCpus/4/PPTChanges 0 times
00:33:33.198720 /GVMM/HostCpus/4/PPTStarts 0 times
00:33:33.198723 /GVMM/HostCpus/4/idxCpuSet 4
00:33:33.198726 /GVMM/HostCpus/5 5
00:33:33.198728 /GVMM/HostCpus/5/CurTimerHz 0 Hz
00:33:33.198731 /GVMM/HostCpus/5/DesiredHz 0 Hz
00:33:33.198734 /GVMM/HostCpus/5/PPTChanges 0 times
00:33:33.198737 /GVMM/HostCpus/5/PPTStarts 0 times
00:33:33.198739 /GVMM/HostCpus/5/idxCpuSet 5
00:33:33.198742 /GVMM/HostCpus/6 6
00:33:33.198745 /GVMM/HostCpus/6/CurTimerHz 0 Hz
00:33:33.198747 /GVMM/HostCpus/6/DesiredHz 0 Hz
00:33:33.198750 /GVMM/HostCpus/6/PPTChanges 0 times
00:33:33.198753 /GVMM/HostCpus/6/PPTStarts 0 times
00:33:33.198756 /GVMM/HostCpus/6/idxCpuSet 6
00:33:33.198758 /GVMM/HostCpus/7 7
00:33:33.198761 /GVMM/HostCpus/7/CurTimerHz 0 Hz
00:33:33.198764 /GVMM/HostCpus/7/DesiredHz 0 Hz
00:33:33.198767 /GVMM/HostCpus/7/PPTChanges 0 times
00:33:33.198769 /GVMM/HostCpus/7/PPTStarts 0 times
00:33:33.198772 /GVMM/HostCpus/7/idxCpuSet 7
00:33:33.198775 /GVMM/Sum/HaltBlocking 1984183 calls
00:33:33.198778 /GVMM/Sum/HaltCalls 2054156 calls
00:33:33.198781 /GVMM/Sum/HaltNotBlocking 69973 calls
00:33:33.198784 /GVMM/Sum/HaltTimeouts 1790551 calls
00:33:33.198788 /GVMM/Sum/HaltWakeUps 0 calls
00:33:33.198791 /GVMM/Sum/PokeCalls 3805 calls
00:33:33.198795 /GVMM/Sum/PokeNotBusy 873 calls
00:33:33.198798 /GVMM/Sum/PollCalls 9002 calls
00:33:33.198801 /GVMM/Sum/PollHalts 0 calls
00:33:33.198804 /GVMM/Sum/PollWakeUps 0 calls
00:33:33.198807 /GVMM/Sum/WakeUpCalls 198650 calls
00:33:33.198810 /GVMM/Sum/WakeUpNotHalted 138963 calls
00:33:33.198812 /GVMM/Sum/WakeUpWakeUps 0 calls
00:33:33.198815 /GVMM/VM/HaltBlocking 1066638 calls
00:33:33.198818 /GVMM/VM/HaltCalls 1066897 calls
00:33:33.198821 /GVMM/VM/HaltNotBlocking 259 calls
00:33:33.198824 /GVMM/VM/HaltTimeouts 973113 calls
00:33:33.198827 /GVMM/VM/HaltWakeUps 0 calls
00:33:33.198830 /GVMM/VM/PokeCalls 1914 calls
00:33:33.198833 /GVMM/VM/PokeNotBusy 429 calls
00:33:33.198836 /GVMM/VM/PollCalls 6038 calls
00:33:33.198839 /GVMM/VM/PollHalts 0 calls
00:33:33.198842 /GVMM/VM/PollWakeUps 0 calls
00:33:33.198845 /GVMM/VM/WakeUpCalls 95504 calls
00:33:33.198848 /GVMM/VM/WakeUpNotHalted 64337 calls
00:33:33.198851 /GVMM/VM/WakeUpWakeUps 0 calls
00:33:33.198854 /GVMM/VMs 2 calls
00:33:33.198857 /HM/CPU0/Exit/HostNmiInGC 0 times
00:33:33.198860 /IEM/CPU0/cInstructions 1745 count
00:33:33.198863 /IEM/CPU0/cPotentialExits 12305 count
00:33:33.198866 /IEM/CPU0/cRetAspectNotImplemented 0 count
00:33:33.198869 /IEM/CPU0/cRetErrStatuses 0 count
00:33:33.198872 /IEM/CPU0/cRetInfStatuses 0 count
00:33:33.198874 /IEM/CPU0/cRetInstrNotImplemented 0 count
00:33:33.198877 /IEM/CPU0/cbWritten 12356 bytes
00:33:33.198880 /MM/HyperHeap/cbFree 842592 bytes
00:33:33.198883 /MM/HyperHeap/cbHeap 1048256 bytes
00:33:33.198886 /PDM/BlkCache/cbCached 5214208 bytes
00:33:33.198889 /PDM/BlkCache/cbCachedFru 36864 bytes
00:33:33.198892 /PDM/BlkCache/cbCachedMruIn 5177344 bytes
00:33:33.198895 /PDM/BlkCache/cbCachedMruOut 593920 bytes
00:33:33.198898 /PDM/BlkCache/cbMax 5242880 bytes
00:33:33.198901 /PDM/CritSects/8237A#0Auto/ContentionR3 0 times
00:33:33.198904 /PDM/CritSects/8237A#0Auto/ContentionRZLock 0 times
00:33:33.198906 /PDM/CritSects/8237A#0Auto/ContentionRZUnlock 0 times
00:33:33.198910 /PDM/CritSects/AHCI#0/ContentionR3 0 times
00:33:33.198912 /PDM/CritSects/AHCI#0/ContentionRZLock 0 times
00:33:33.198915 /PDM/CritSects/AHCI#0/ContentionRZUnlock 0 times
00:33:33.198918 /PDM/CritSects/AudioSniffer#0Auto/ContentionR3 0 times
00:33:33.198921 /PDM/CritSects/AudioSniffer#0Auto/ContentionRZLock 0 times
00:33:33.198924 /PDM/CritSects/AudioSniffer#0Auto/ContentionRZUnlock 0 times
00:33:33.198927 /PDM/CritSects/EM-REM/ContentionR3 0 times
00:33:33.198930 /PDM/CritSects/EM-REM/ContentionRZLock 0 times
00:33:33.198933 /PDM/CritSects/EM-REM/ContentionRZUnlock 0 times
00:33:33.198935 /PDM/CritSects/FTM/ContentionR3 0 times
00:33:33.198938 /PDM/CritSects/FTM/ContentionRZLock 0 times
00:33:33.198941 /PDM/CritSects/FTM/ContentionRZUnlock 0 times
00:33:33.198944 /PDM/CritSects/IntNetXmit_0/ContentionR3 0 times
00:33:33.198947 /PDM/CritSects/IntNetXmit_0/ContentionRZLock 0 times
00:33:33.198949 /PDM/CritSects/IntNetXmit_0/ContentionRZUnlock 0 times
00:33:33.198952 /PDM/CritSects/LSILOGICSAS-0RFQ/ContentionR3 0 times
00:33:33.198955 /PDM/CritSects/LSILOGICSAS-0RFQ/ContentionRZLock 0 times
00:33:33.198957 /PDM/CritSects/LSILOGICSAS-0RFQ/ContentionRZUnlock 0 times
00:33:33.198960 /PDM/CritSects/LSILOGICSAS-0RPQ/ContentionR3 0 times
00:33:33.198963 /PDM/CritSects/LSILOGICSAS-0RPQ/ContentionRZLock 0 times
00:33:33.198966 /PDM/CritSects/LSILOGICSAS-0RPQ/ContentionRZUnlock 0 times
00:33:33.198970 /PDM/CritSects/MM-HYPER/ContentionR3 0 times
00:33:33.198973 /PDM/CritSects/MM-HYPER/ContentionRZLock 0 times
00:33:33.198976 /PDM/CritSects/MM-HYPER/ContentionRZUnlock 0 times
00:33:33.198978 /PDM/CritSects/NOP/ContentionR3 0 times
00:33:33.198981 /PDM/CritSects/NOP/ContentionRZLock 0 times
00:33:33.198984 /PDM/CritSects/NOP/ContentionRZUnlock 0 times
00:33:33.198987 /PDM/CritSects/PCNet#0/ContentionR3 0 times
00:33:33.198990 /PDM/CritSects/PCNet#0/ContentionRZLock 0 times
00:33:33.198992 /PDM/CritSects/PCNet#0/ContentionRZUnlock 0 times
00:33:33.198995 /PDM/CritSects/PDM/ContentionR3 0 times
00:33:33.198998 /PDM/CritSects/PDM/ContentionRZLock 8 times
00:33:33.199001 /PDM/CritSects/PDM/ContentionRZUnlock 0 times
00:33:33.199004 /PDM/CritSects/PGM/ContentionR3 0 times
00:33:33.199006 /PDM/CritSects/PGM/ContentionRZLock 87 times
00:33:33.199009 /PDM/CritSects/PGM/ContentionRZUnlock 0 times
00:33:33.199012 /PDM/CritSects/REM-Register/ContentionR3 0 times
00:33:33.199015 /PDM/CritSects/REM-Register/ContentionRZLock 0 times
00:33:33.199017 /PDM/CritSects/REM-Register/ContentionRZUnlock 0 times
00:33:33.199020 /PDM/CritSects/TM Timer Lock/ContentionR3 0 times
00:33:33.199024 /PDM/CritSects/TM Timer Lock/ContentionRZLock 0 times
00:33:33.199026 /PDM/CritSects/TM Timer Lock/ContentionRZUnlock 0 times
00:33:33.199029 /PDM/CritSects/TM VirtualSync Lock/ContentionR3 0 times
00:33:33.199032 /PDM/CritSects/TM VirtualSync Lock/ContentionRZLock 0 times
00:33:33.199035 /PDM/CritSects/TM VirtualSync Lock/ContentionRZUnlock 0 times
00:33:33.199038 /PDM/CritSects/VGA#0/ContentionR3 0 times
00:33:33.199041 /PDM/CritSects/VGA#0/ContentionRZLock 0 times
00:33:33.199044 /PDM/CritSects/VGA#0/ContentionRZUnlock 0 times
00:33:33.199047 /PDM/CritSects/VMMDev#0/ContentionR3 0 times
00:33:33.199050 /PDM/CritSects/VMMDev#0/ContentionRZLock 0 times
00:33:33.199052 /PDM/CritSects/VMMDev#0/ContentionRZUnlock 0 times
00:33:33.199055 /PDM/CritSects/acpi#0/ContentionR3 0 times
00:33:33.199058 /PDM/CritSects/acpi#0/ContentionRZLock 0 times
00:33:33.199060 /PDM/CritSects/acpi#0/ContentionRZUnlock 0 times
00:33:33.199063 /PDM/CritSects/ichac97#0Auto/ContentionR3 0 times
00:33:33.199066 /PDM/CritSects/ichac97#0Auto/ContentionRZLock 0 times
00:33:33.199069 /PDM/CritSects/ichac97#0Auto/ContentionRZUnlock 0 times
00:33:33.199072 /PDM/CritSects/mc146818#0Auto/ContentionR3 0 times
00:33:33.199074 /PDM/CritSects/mc146818#0Auto/ContentionRZLock 0 times
00:33:33.199077 /PDM/CritSects/mc146818#0Auto/ContentionRZUnlock 0 times
00:33:33.199080 /PDM/CritSects/pcarch#0Auto/ContentionR3 0 times
00:33:33.199082 /PDM/CritSects/pcarch#0Auto/ContentionRZLock 0 times
00:33:33.199085 /PDM/CritSects/pcarch#0Auto/ContentionRZUnlock 0 times
00:33:33.199088 /PDM/CritSects/pcbios#0Auto/ContentionR3 0 times
00:33:33.199091 /PDM/CritSects/pcbios#0Auto/ContentionRZLock 0 times
00:33:33.199093 /PDM/CritSects/pcbios#0Auto/ContentionRZUnlock 0 times
00:33:33.199096 /PDM/CritSects/pckbd#0Auto/ContentionR3 0 times
00:33:33.199099 /PDM/CritSects/pckbd#0Auto/ContentionRZLock 0 times
00:33:33.199102 /PDM/CritSects/pckbd#0Auto/ContentionRZUnlock 0 times
00:33:33.199105 /PDM/CritSects/pit#0/ContentionR3 0 times
00:33:33.199108 /PDM/CritSects/pit#0/ContentionRZLock 0 times
00:33:33.199110 /PDM/CritSects/pit#0/ContentionRZUnlock 0 times
00:33:33.199113 /PDM/CritSectsRw/IOM Lock/ContentionR3EnterExcl 0 times
00:33:33.199116 /PDM/CritSectsRw/IOM Lock/ContentionR3EnterShared 0 times
00:33:33.199119 /PDM/CritSectsRw/IOM Lock/ContentionRZEnterExcl 0 times
00:33:33.199121 /PDM/CritSectsRw/IOM Lock/ContentionRZEnterShared 0 times
00:33:33.199125 /PDM/CritSectsRw/IOM Lock/ContentionRZLeaveExcl 0 times
00:33:33.199129 /PDM/CritSectsRw/IOM Lock/ContentionRZLeaveShared 0 times
00:33:33.199132 /PDM/CritSectsRw/IOM Lock/R3EnterExcl 666 times
00:33:33.199136 /PDM/CritSectsRw/IOM Lock/R3EnterShared 15435259 times
00:33:33.199140 /PDM/CritSectsRw/IOM Lock/RZEnterExcl 0 times
00:33:33.199143 /PDM/CritSectsRw/IOM Lock/RZEnterShared 1709772 times
00:33:33.199146 /PDM/Queue/AHCI-Xmit/AllocFailures 0 times
00:33:33.199149 /PDM/Queue/AHCI-Xmit/Flush 0 calls
00:33:33.199152 /PDM/Queue/AHCI-Xmit/FlushLeftovers 0 times
00:33:33.199155 /PDM/Queue/AHCI-Xmit/Insert 0 calls
00:33:33.199158 /PDM/Queue/AHCI-Xmit/cItems 60 count
00:33:33.199160 /PDM/Queue/AHCI-Xmit/cbItem 32 bytes
00:33:33.199163 /PDM/Queue/DevHlp/AllocFailures 0 times
00:33:33.199166 /PDM/Queue/DevHlp/Flush 0 calls
00:33:33.199169 /PDM/Queue/DevHlp/FlushLeftovers 0 times
00:33:33.199172 /PDM/Queue/DevHlp/Insert 0 calls
00:33:33.199174 /PDM/Queue/DevHlp/cItems 8 count
00:33:33.199177 /PDM/Queue/DevHlp/cbItem 56 bytes
00:33:33.199180 /PDM/Queue/Keyboard/AllocFailures 0 times
00:33:33.199183 /PDM/Queue/Keyboard/Flush 0 calls
00:33:33.199185 /PDM/Queue/Keyboard/FlushLeftovers 0 times
00:33:33.199189 /PDM/Queue/Keyboard/Insert 47 calls
00:33:33.199192 /PDM/Queue/Keyboard/cItems 64 count
00:33:33.199195 /PDM/Queue/Keyboard/cbItem 32 bytes
00:33:33.199198 /PDM/Queue/LSILOGICSAS-0-Task/AllocFailures 0 times
00:33:33.199201 /PDM/Queue/LSILOGICSAS-0-Task/Flush 0 calls
00:33:33.199204 /PDM/Queue/LSILOGICSAS-0-Task/FlushLeftovers 0 times
00:33:33.199207 /PDM/Queue/LSILOGICSAS-0-Task/Insert 0 calls
00:33:33.199209 /PDM/Queue/LSILOGICSAS-0-Task/cItems 2 count
00:33:33.199212 /PDM/Queue/LSILOGICSAS-0-Task/cbItem 24 bytes
00:33:33.199215 /PDM/Queue/Mouse/AllocFailures 0 times
00:33:33.199218 /PDM/Queue/Mouse/Flush 0 calls
00:33:33.199221 /PDM/Queue/Mouse/FlushLeftovers 0 times
00:33:33.199223 /PDM/Queue/Mouse/Insert 78 calls
00:33:33.199226 /PDM/Queue/Mouse/cItems 128 count
00:33:33.199229 /PDM/Queue/Mouse/cbItem 48 bytes
00:33:33.199232 /PDM/Queue/PCNet-Rcv/AllocFailures 0 times
00:33:33.199235 /PDM/Queue/PCNet-Rcv/Flush 0 calls
00:33:33.199238 /PDM/Queue/PCNet-Rcv/FlushLeftovers 0 times
00:33:33.199240 /PDM/Queue/PCNet-Rcv/Insert 0 calls
00:33:33.199243 /PDM/Queue/PCNet-Rcv/cItems 1 count
00:33:33.199246 /PDM/Queue/PCNet-Rcv/cbItem 24 bytes
00:33:33.199249 /PDM/Queue/PCNet-Xmit/AllocFailures 0 times
00:33:33.199252 /PDM/Queue/PCNet-Xmit/Flush 0 calls
00:33:33.199254 /PDM/Queue/PCNet-Xmit/FlushLeftovers 0 times
00:33:33.199257 /PDM/Queue/PCNet-Xmit/Insert 0 calls
00:33:33.199260 /PDM/Queue/PCNet-Xmit/cItems 1 count
00:33:33.199263 /PDM/Queue/PCNet-Xmit/cbItem 24 bytes
00:33:33.199265 /PGM/CPU0/cA20Changes 2 times
00:33:33.199268 /PGM/CPU0/cGuestModeChanges 815569 times
00:33:33.199271 /PGM/ChunkR3Map/Mapped 257 count
00:33:33.199274 /PGM/ChunkR3Map/Unmapped 0 count
00:33:33.199277 /PGM/ChunkR3Map/c 257 count
00:33:33.199280 /PGM/ChunkR3Map/cMax 4294967295 count
00:33:33.199283 /PGM/LargePage/Recheck 0 times
00:33:33.199286 /PGM/LargePage/Refused 0 times
00:33:33.199289 /PGM/LargePage/Reused 0 times
00:33:33.199293 /PGM/Page/cAllPages 230503 count
00:33:33.199296 /PGM/Page/cBalloonedPages 0 count
00:33:33.199299 /PGM/Page/cHandyPages 32 count
00:33:33.199302 /PGM/Page/cLargePages 0 count
00:33:33.199306 /PGM/Page/cLargePagesDisabled 0 count
00:33:33.199309 /PGM/Page/cMonitoredPages 0 count
00:33:33.199311 /PGM/Page/cPrivatePages 164866 count
00:33:33.199314 /PGM/Page/cPureMmioPages 69 count
00:33:33.199317 /PGM/Page/cReadLockedPages 0 count
00:33:33.199320 /PGM/Page/cReusedSharedPages 0 count
00:33:33.199323 /PGM/Page/cSharedPages 0 count
00:33:33.199326 /PGM/Page/cWriteLockedPages 0 count
00:33:33.199328 /PGM/Page/cWrittenToPages 0 count
00:33:33.199331 /PGM/Page/cZeroPages 65568 count
00:33:33.199334 /PGM/ShMod/Check 0 ticks/call ( 0 ticks, 0 times, max 0, min -1)
00:33:33.199338 /PGM/cRelocations 0 times
00:33:33.199340 /PROF/CPU0/EM/Capped 0 ticks/call ( 0 ticks, 0 times, max 0, min -1)
00:33:33.199344 /PROF/CPU0/EM/ForcedActions 2306440 times
00:33:33.199347 /PROF/CPU0/EM/Halted 130663 times
00:33:33.199350 /PROF/CPU0/EM/RAWTotal 0 times
00:33:33.199352 /PROF/CPU0/EM/REMTotal 0 times
00:33:33.199356 /PROF/CPU0/EM/Total 5013500312282 ticks/call (5013500312282 ticks, 1 times, max 5013500312282, min 5013500312282)
00:33:33.199360 /PROF/CPU0/VM/Halt/Block 1825796 ns/call (1947930894527 ticks, 1066894 times, max 6066488, min 1)
00:33:33.199365 /PROF/CPU0/VM/Halt/BlockInsomnia 0 ns/call ( 0 ticks, 0 times, max 0, min -1)
00:33:33.199368 /PROF/CPU0/VM/Halt/BlockOnTime 0 ns/call ( 0 ticks, 0 times, max 0, min -1)
00:33:33.199371 /PROF/CPU0/VM/Halt/BlockOverslept 0 ns/call ( 0 ticks, 0 times, max 0, min -1)
00:33:33.199375 /PROF/CPU0/VM/Halt/Timers 1960 ns/call ( 14712029058 ticks, 7506133 times, max 14116834, min 2)
00:33:33.199379 /PROF/CPU0/VM/Halt/Yield 7229 ns/call ( 43650018 ticks, 6038 times, max 53931, min 1)
00:33:33.199383 /Public/Net/PCNet0/BytesReceived 7050 bytes
00:33:33.199386 /Public/Net/PCNet0/BytesTransmitted 5705 bytes
00:33:33.199389 /REM/TbFlushCount 0 times
00:33:33.199392 /REM/TbPhysInvldCount 0 times
00:33:33.199395 /REM/TlbFlushCount 1 times
00:33:33.199398 /SELM/LoadHidSel/GstReadErrors 0 times
00:33:33.199400 /SELM/LoadHidSel/NoGoodGuest 0 times
00:33:33.199403 /TM/CPU/00/cNsExecuting 31596338171 ns
00:33:33.199406 /TM/CPU/00/cNsHalted 1964618744656 ns
00:33:33.199410 /TM/CPU/00/cNsOther 13817995068 ns
00:33:33.199413 /TM/CPU/00/cNsTotal 2010033077895 ns
00:33:33.199416 /TM/CPU/00/cPeriodsExecuting 3167391 count
00:33:33.199419 /TM/CPU/00/cPeriodsHalted 130362 count
00:33:33.199421 /TM/CPU/00/pctExecuting 0 %
00:33:33.199424 /TM/CPU/00/pctHalted 99 %
00:33:33.199429 /TM/CPU/00/pctOther 0 %
00:33:33.199433 /TM/CPU/pctExecuting 0 %
00:33:33.199436 /TM/CPU/pctHalted 99 %
00:33:33.199439 /TM/CPU/pctOther 0 %
00:33:33.199441 /TM/MaxHzHint 0 Hz
00:33:33.199444 /TM/R0/1nsSteps 1676 times
00:33:33.199447 /TM/R3/1nsSteps 8020 times
00:33:33.199450 /TM/TSC/offCPU0 0 ticks
00:33:33.199453 /TM/VirtualSync/CurrentOffset 458598 ns
00:33:33.199456 ********************* End of statistics **********************
00:33:33.477932 Changing the VM state from 'DESTROYING' to 'TERMINATED'.
00:33:33.718759 UIMachineView::storeGuestSizeHint: Storing guest size-hint for screen 0 as 1024x768
2-VBoxStartup
b90.1320: Log file opened: 4.3.26r98988 g_hStartupLog=0000000000000010 g_uNtVerCombined=0x63258000
b90.1320: \SystemRoot\System32\ntdll.dll:
b90.1320: CreationTime: 2015-04-23T19:36:15.400924000Z
b90.1320: LastWriteTime: 2015-03-23T21:59:25.551884100Z
b90.1320: ChangeTime: 2015-04-23T21:14:44.553149800Z
b90.1320: FileAttributes: 0x20
b90.1320: Size: 0x1a7540
b90.1320: NT Headers: 0xd8
b90.1320: Timestamp: 0x550f4336
b90.1320: Machine: 0x8664 - amd64
b90.1320: Timestamp: 0x550f4336
b90.1320: Image Version: 6.3
b90.1320: SizeOfImage: 0x1ac000 (1753088)
b90.1320: Resource Dir: 0x148000 LB 0x62450
b90.1320: ProductName: Microsoft® Windows® Operating System
b90.1320: ProductVersion: 6.3.9600.17736
b90.1320: FileVersion: 6.3.9600.17736 (winblue_r9.150322-1500)
b90.1320: FileDescription: NT Layer DLL
b90.1320: \SystemRoot\System32\kernel32.dll:
b90.1320: CreationTime: 2015-04-23T19:59:59.056995000Z
b90.1320: LastWriteTime: 2014-10-29T04:09:24.572407200Z
b90.1320: ChangeTime: 2015-04-23T21:16:05.681031700Z
b90.1320: FileAttributes: 0x20
b90.1320: Size: 0x13fc30
b90.1320: NT Headers: 0xf8
b90.1320: Timestamp: 0x545054ca
b90.1320: Machine: 0x8664 - amd64
b90.1320: Timestamp: 0x545054ca
b90.1320: Image Version: 6.3
b90.1320: SizeOfImage: 0x13e000 (1302528)
b90.1320: Resource Dir: 0x12e000 LB 0x518
b90.1320: ProductName: Microsoft® Windows® Operating System
b90.1320: ProductVersion: 6.3.9600.17415
b90.1320: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
b90.1320: FileDescription: Windows NT BASE API Client DLL
b90.1320: \SystemRoot\System32\KernelBase.dll:
b90.1320: CreationTime: 2015-04-23T20:00:18.963418600Z
b90.1320: LastWriteTime: 2014-10-29T03:55:08.402989600Z
b90.1320: ChangeTime: 2015-04-23T21:16:06.743557100Z
b90.1320: FileAttributes: 0x20
b90.1320: Size: 0x114a90
b90.1320: NT Headers: 0xf0
b90.1320: Timestamp: 0x54505737
b90.1320: Machine: 0x8664 - amd64
b90.1320: Timestamp: 0x54505737
b90.1320: Image Version: 6.3
b90.1320: SizeOfImage: 0x115000 (1134592)
b90.1320: Resource Dir: 0x110000 LB 0x3528
b90.1320: ProductName: Microsoft® Windows® Operating System
b90.1320: ProductVersion: 6.3.9600.17415
b90.1320: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
b90.1320: FileDescription: Windows NT BASE API Client DLL
b90.1320: \SystemRoot\System32\apisetschema.dll:
b90.1320: CreationTime: 2013-08-22T12:13:09.745625900Z
b90.1320: LastWriteTime: 2013-08-22T12:35:12.091034400Z
b90.1320: ChangeTime: 2015-04-23T15:30:04.196438300Z
b90.1320: FileAttributes: 0x20
b90.1320: Size: 0x11360
b90.1320: NT Headers: 0xd0
b90.1320: Timestamp: 0x52160049
b90.1320: Machine: 0x8664 - amd64
b90.1320: Timestamp: 0x52160049
b90.1320: Image Version: 6.3
b90.1320: SizeOfImage: 0x13000 (77824)
b90.1320: Resource Dir: 0x11000 LB 0x3f8
b90.1320: ProductName: Microsoft® Windows® Operating System
b90.1320: ProductVersion: 6.3.9600.16384
b90.1320: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
b90.1320: FileDescription: ApiSet Schema DLL
b90.1320: NtOpenDirectoryObject failed on \Driver: 0xc0000022
b90.1320: supR3HardenedWinFindAdversaries: 0x800
b90.1320: \SystemRoot\System32\drivers\cmdguard.sys:
b90.1320: CreationTime: 2015-04-02T01:50:14.000000000Z
b90.1320: LastWriteTime: 2015-04-02T01:50:14.000000000Z
b90.1320: ChangeTime: 2015-04-27T21:39:26.328323200Z
b90.1320: FileAttributes: 0x20
b90.1320: Size: 0xc86d8
b90.1320: NT Headers: 0xe0
b90.1320: Timestamp: 0x551c273e
b90.1320: Machine: 0x8664 - amd64
b90.1320: Timestamp: 0x551c273e
b90.1320: Image Version: 6.2
b90.1320: SizeOfImage: 0xd4000 (868352)
b90.1320: Resource Dir: 0xd1000 LB 0x3c8
b90.1320: ProductName: COMODO Internet Security Sandbox Driver
b90.1320: ProductVersion: 8, 2, 0, 4508
b90.1320: FileVersion: 8, 2, 0, 4508
b90.1320: FileDescription: COMODO Internet Security Sandbox Driver
b90.1320: \SystemRoot\System32\drivers\cmderd.sys:
b90.1320: CreationTime: 2015-04-02T01:50:10.000000000Z
b90.1320: LastWriteTime: 2015-04-02T01:50:10.000000000Z
b90.1320: ChangeTime: 2015-04-27T21:39:25.307611600Z
b90.1320: FileAttributes: 0x20
b90.1320: Size: 0x50d8
b90.1320: NT Headers: 0xe8
b90.1320: Timestamp: 0x551c26f3
b90.1320: Machine: 0x8664 - amd64
b90.1320: Timestamp: 0x551c26f3
b90.1320: Image Version: 6.1
b90.1320: SizeOfImage: 0x9000 (36864)
b90.1320: Resource Dir: 0x7000 LB 0x3f0
b90.1320: ProductName: COMODO Internet Security Eradication Driver
b90.1320: ProductVersion: 8, 2, 0, 4508
b90.1320: FileVersion: 8, 2, 0, 4508 built by: WinDDK
b90.1320: FileDescription: COMODO Internet Security Eradication Driver
b90.1320: \SystemRoot\System32\drivers\inspect.sys:
b90.1320: CreationTime: 2015-04-02T01:50:20.000000000Z
b90.1320: LastWriteTime: 2015-04-02T01:50:20.000000000Z
b90.1320: ChangeTime: 2015-04-27T21:39:37.453002400Z
b90.1320: FileAttributes: 0x20
b90.1320: Size: 0x1ef00
b90.1320: NT Headers: 0xd8
b90.1320: Timestamp: 0x551c272a
b90.1320: Machine: 0x8664 - amd64
b90.1320: Timestamp: 0x551c272a
b90.1320: Image Version: 6.2
b90.1320: SizeOfImage: 0x21000 (135168)
b90.1320: Resource Dir: 0x1f000 LB 0x3c8
b90.1320: ProductName: COMODO Internet Security Firewall Driver
b90.1320: ProductVersion: 8, 2, 0, 4508
b90.1320: FileVersion: 8, 2, 0, 4508
b90.1320: FileDescription: COMODO Internet Security Firewall Driver
b90.1320: \SystemRoot\System32\drivers\cmdhlp.sys:
b90.1320: CreationTime: 2015-04-02T01:50:16.000000000Z
b90.1320: LastWriteTime: 2015-04-02T01:50:16.000000000Z
b90.1320: ChangeTime: 2015-04-27T21:39:30.321151400Z
b90.1320: FileAttributes: 0x20
b90.1320: Size: 0x8908
b90.1320: NT Headers: 0xd8
b90.1320: Timestamp: 0x551c272e
b90.1320: Machine: 0x8664 - amd64
b90.1320: Timestamp: 0x551c272e
b90.1320: Image Version: 6.2
b90.1320: SizeOfImage: 0xc000 (49152)
b90.1320: Resource Dir: 0xa000 LB 0x3c0
b90.1320: ProductName: COMODO Internet Security Helper Driver
b90.1320: ProductVersion: 8, 2, 0, 4508
b90.1320: FileVersion: 8, 2, 0, 4508
b90.1320: FileDescription: COMODO Internet Security Helper Driver
b90.1320: \SystemRoot\System32\guard64.dll:
b90.1320: CreationTime: 2015-04-02T01:48:16.000000000Z
b90.1320: LastWriteTime: 2015-04-02T01:48:16.000000000Z
b90.1320: ChangeTime: 2015-04-27T21:38:13.422823200Z
b90.1320: FileAttributes: 0x20
b90.1320: Size: 0x8cd50
b90.1320: NT Headers: 0x118
b90.1320: Timestamp: 0x551c2754
b90.1320: Machine: 0x8664 - amd64
b90.1320: Timestamp: 0x551c2754
b90.1320: Image Version: 0.0
b90.1320: SizeOfImage: 0x95000 (610304)
b90.1320: Resource Dir: 0x92000 LB 0xd80
b90.1320: ProductName: COMODO Internet Security
b90.1320: ProductVersion: 8, 2, 0, 4508
b90.1320: FileVersion: 8, 2, 0, 4508
b90.1320: FileDescription: COMODO Internet Security
b90.1320: \SystemRoot\System32\cmdvrt64.dll:
b90.1320: CreationTime: 2015-04-02T01:47:20.000000000Z
b90.1320: LastWriteTime: 2015-04-02T01:47:20.000000000Z
b90.1320: ChangeTime: 2015-04-27T21:38:13.418841300Z
b90.1320: FileAttributes: 0x20
b90.1320: Size: 0x576d8
b90.1320: NT Headers: 0x100
b90.1320: Timestamp: 0x551c2757
b90.1320: Machine: 0x8664 - amd64
b90.1320: Timestamp: 0x551c2757
b90.1320: Image Version: 0.0
b90.1320: SizeOfImage: 0x5d000 (380928)
b90.1320: Resource Dir: 0x5b000 LB 0x5ac
b90.1320: ProductName: COMODO Internet Security
b90.1320: ProductVersion: 8, 2, 0, 4508
b90.1320: FileVersion: 8, 2, 0, 4508
b90.1320: FileDescription: COMODO Internet Security
b90.1320: \SystemRoot\System32\cmdkbd64.dll:
b90.1320: CreationTime: 2015-04-02T01:46:52.000000000Z
b90.1320: LastWriteTime: 2015-04-02T01:46:52.000000000Z
b90.1320: ChangeTime: 2015-04-27T21:38:13.193387300Z
b90.1320: FileAttributes: 0x20
b90.1320: Size: 0xb2d8
b90.1320: NT Headers: 0xe8
b90.1320: Timestamp: 0x551c2750
b90.1320: Machine: 0x8664 - amd64
b90.1320: Timestamp: 0x551c2750
b90.1320: Image Version: 0.0
b90.1320: SizeOfImage: 0xf000 (61440)
b90.1320: Resource Dir: 0xd000 LB 0x5ac
b90.1320: ProductName: COMODO Internet Security
b90.1320: ProductVersion: 8, 2, 0, 4508
b90.1320: FileVersion: 8, 2, 0, 4508
b90.1320: FileDescription: COMODO Internet Security
b90.1320: \SystemRoot\System32\cmdcsr.dll:
b90.1320: CreationTime: 2015-04-02T01:48:26.000000000Z
b90.1320: LastWriteTime: 2015-04-02T01:48:26.000000000Z
b90.1320: ChangeTime: 2015-04-27T21:38:13.125383200Z
b90.1320: FileAttributes: 0x20
b90.1320: Size: 0xa120
b90.1320: NT Headers: 0xd8
b90.1320: Timestamp: 0x551c274d
b90.1320: Machine: 0x8664 - amd64
b90.1320: Timestamp: 0x551c274d
b90.1320: Image Version: 0.0
b90.1320: SizeOfImage: 0xc000 (49152)
b90.1320: Resource Dir: 0xa000 LB 0x4a8
b90.1320: ProductName: COMODO Internet Security
b90.1320: ProductVersion: 8, 2, 0, 4508
b90.1320: FileVersion: 8, 2, 0, 4508
b90.1320: FileDescription: COMODO Internet Security
b90.1320: Calling main()
b90.1320: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
b90.1320: SUPR3HardenedMain: Respawn #1
b90.1320: System32: \Device\HarddiskVolume2\Windows\System32
b90.1320: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
b90.1320: KnownDllPath: C:\Windows\system32
b90.1320: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
b90.1320: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
b90.1320: supR3HardNtEnableThreadCreation:
b90.1320: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa552d8eb0 pvNtTerminateThread=00007ffa553516f0
b90.1320: supR3HardenedWinDoReSpawn(1): New child 12b4.7e0 [kernel32].
b90.1320: supR3HardNtChildGatherData: PebBaseAddress=00007ff797fa6000 cbPeb=0x388
b90.1320: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffa552c0000 uNtDllChildAddr=00007ffa552c0000
b90.1320: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffa552d8eb0
b90.1320: supR3HardenedWinSetupChildInit: Start child.
b90.1320: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
b90.1320: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 60 sleeps
b90.1320: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
b90.1320: *0000000000000000-ffffffffffefffff 0x0001/0x0000 0x0000000
b90.1320: *0000000000100000-00000000000dffff 0x0004/0x0004 0x0020000
b90.1320: *0000000000120000-0000000000110fff 0x0002/0x0002 0x0040000
b90.1320: 000000000012f000-000000000012dfff 0x0001/0x0000 0x0000000
b90.1320: *0000000000130000-0000000000033fff 0x0000/0x0004 0x0020000
b90.1320: 000000000022c000-0000000000228fff 0x0104/0x0004 0x0020000
b90.1320: 000000000022f000-000000000022dfff 0x0004/0x0004 0x0020000
b90.1320: *0000000000230000-000000000022bfff 0x0002/0x0002 0x0040000
b90.1320: 0000000000234000-0000000000227fff 0x0001/0x0000 0x0000000
b90.1320: *0000000000240000-000000000023dfff 0x0004/0x0004 0x0020000
b90.1320: 0000000000242000-ffffffff804a3fff 0x0001/0x0000 0x0000000
b90.1320: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
b90.1320: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
b90.1320: 000000007fff0000-ffff80096805ffff 0x0001/0x0000 0x0000000
b90.1320: *00007ff797f80000-00007ff797f5cfff 0x0002/0x0002 0x0040000
b90.1320: 00007ff797fa3000-00007ff797f9ffff 0x0001/0x0000 0x0000000
b90.1320: *00007ff797fa6000-00007ff797fa4fff 0x0004/0x0004 0x0020000
b90.1320: 00007ff797fa7000-00007ff797f9ffff 0x0001/0x0000 0x0000000
b90.1320: *00007ff797fae000-00007ff797fabfff 0x0004/0x0004 0x0020000
b90.1320: 00007ff797fb0000-00007ff797c9ffff 0x0001/0x0000 0x0000000
b90.1320: *00007ff7982c0000-00007ff7982befff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
b90.1320: 00007ff7982c1000-00007ff79823cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
b90.1320: 00007ff798345000-00007ff798343fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
b90.1320: 00007ff798346000-00007ff798308fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
b90.1320: 00007ff798383000-00007ff798381fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
b90.1320: 00007ff798384000-00007ff798382fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
b90.1320: 00007ff798385000-00007ff798382fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
b90.1320: 00007ff798387000-00007ff798385fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
b90.1320: 00007ff798388000-00007ff798386fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
b90.1320: 00007ff798389000-00007ff798384fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
b90.1320: 00007ff79838d000-00007ff798353fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
b90.1320: 00007ff7983c6000-00007ff4db4cbfff 0x0001/0x0000 0x0000000
b90.1320: *00007ffa552c0000-00007ffa552befff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
b90.1320: 00007ffa552c1000-00007ffa55194fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
b90.1320: 00007ffa553ed000-00007ffa553e6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
b90.1320: 00007ffa553f3000-00007ffa553e5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
b90.1320: 00007ffa55400000-00007ffa553fefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
b90.1320: 00007ffa55401000-00007ffa553fdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
b90.1320: 00007ffa55404000-00007ffa55402fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
b90.1320: 00007ffa55405000-00007ffa5539dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
b90.1320: 00007ffa5546c000-00007ff4aa8f7fff 0x0001/0x0000 0x0000000
b90.1320: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
b90.1320: VirtualBox.exe: timestamp 0x550706a7 (rc=VINF_SUCCESS)
b90.1320: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
b90.1320: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
b90.1320: supR3HardNtChildPurify: Done after 541 ms and 0 fixes (loop #0).
b90.1320: supR3HardNtEnableThreadCreation:
12b4.7e0: Log file opened: 4.3.26r98988 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x63258000
12b4.7e0: supR3HardenedVmProcessInit: uNtDllAddr=00007ffa552c0000
12b4.7e0: ntdll.dll: timestamp 0x550f4336 (rc=VINF_SUCCESS)
12b4.7e0: New simple heap: #1 0000000000350000 LB 0x400000 (for 1753088 allocation)
12b4.7e0: System32: \Device\HarddiskVolume2\Windows\System32
12b4.7e0: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
12b4.7e0: KnownDllPath: C:\Windows\system32
12b4.7e0: supR3HardenedVmProcessInit: Opening vboxdrv stub...
12b4.7e0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
12b4.7e0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
12b4.7e0: Registered Dll notification callback with NTDLL.
12b4.7e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
12b4.7e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
12b4.7e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
12b4.7e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
12b4.7e0: supR3HardenedDllNotificationCallback: load 00007ffa524e0000 LB 0x00115000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
12b4.7e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
12b4.7e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
12b4.7e0: supR3HardenedDllNotificationCallback: load 00007ffa52fc0000 LB 0x0013e000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0]
12b4.7e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
12b4.7e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52fc0000 'C:\Windows\system32\KERNEL32.DLL'
12b4.7e0: supR3HardenedDllNotificationCallback: load 00007ff7982c0000 LB 0x00106000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
12b4.7e0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
12b4.7e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
12b4.7e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
12b4.7e0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa552d8eb0 pvNtTerminateThread=00007ffa553516f0
b90.1320: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 58 ms.
12b4.7e0: \SystemRoot\System32\ntdll.dll:
12b4.7e0: CreationTime: 2015-04-23T19:36:15.400924000Z
12b4.7e0: LastWriteTime: 2015-03-23T21:59:25.551884100Z
12b4.7e0: ChangeTime: 2015-04-23T21:14:44.553149800Z
12b4.7e0: FileAttributes: 0x20
12b4.7e0: Size: 0x1a7540
12b4.7e0: NT Headers: 0xd8
12b4.7e0: Timestamp: 0x550f4336
12b4.7e0: Machine: 0x8664 - amd64
12b4.7e0: Timestamp: 0x550f4336
12b4.7e0: Image Version: 6.3
12b4.7e0: SizeOfImage: 0x1ac000 (1753088)
12b4.7e0: Resource Dir: 0x148000 LB 0x62450
12b4.7e0: ProductName: Microsoft® Windows® Operating System
12b4.7e0: ProductVersion: 6.3.9600.17736
12b4.7e0: FileVersion: 6.3.9600.17736 (winblue_r9.150322-1500)
12b4.7e0: FileDescription: NT Layer DLL
12b4.7e0: \SystemRoot\System32\kernel32.dll:
12b4.7e0: CreationTime: 2015-04-23T19:59:59.056995000Z
12b4.7e0: LastWriteTime: 2014-10-29T04:09:24.572407200Z
12b4.7e0: ChangeTime: 2015-04-23T21:16:05.681031700Z
12b4.7e0: FileAttributes: 0x20
12b4.7e0: Size: 0x13fc30
12b4.7e0: NT Headers: 0xf8
12b4.7e0: Timestamp: 0x545054ca
12b4.7e0: Machine: 0x8664 - amd64
12b4.7e0: Timestamp: 0x545054ca
12b4.7e0: Image Version: 6.3
12b4.7e0: SizeOfImage: 0x13e000 (1302528)
12b4.7e0: Resource Dir: 0x12e000 LB 0x518
12b4.7e0: ProductName: Microsoft® Windows® Operating System
12b4.7e0: ProductVersion: 6.3.9600.17415
12b4.7e0: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
12b4.7e0: FileDescription: Windows NT BASE API Client DLL
12b4.7e0: \SystemRoot\System32\KernelBase.dll:
12b4.7e0: CreationTime: 2015-04-23T20:00:18.963418600Z
12b4.7e0: LastWriteTime: 2014-10-29T03:55:08.402989600Z
12b4.7e0: ChangeTime: 2015-04-23T21:16:06.743557100Z
12b4.7e0: FileAttributes: 0x20
12b4.7e0: Size: 0x114a90
12b4.7e0: NT Headers: 0xf0
12b4.7e0: Timestamp: 0x54505737
12b4.7e0: Machine: 0x8664 - amd64
12b4.7e0: Timestamp: 0x54505737
12b4.7e0: Image Version: 6.3
12b4.7e0: SizeOfImage: 0x115000 (1134592)
12b4.7e0: Resource Dir: 0x110000 LB 0x3528
12b4.7e0: ProductName: Microsoft® Windows® Operating System
12b4.7e0: ProductVersion: 6.3.9600.17415
12b4.7e0: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
12b4.7e0: FileDescription: Windows NT BASE API Client DLL
12b4.7e0: \SystemRoot\System32\apisetschema.dll:
12b4.7e0: CreationTime: 2013-08-22T12:13:09.745625900Z
12b4.7e0: LastWriteTime: 2013-08-22T12:35:12.091034400Z
12b4.7e0: ChangeTime: 2015-04-23T15:30:04.196438300Z
12b4.7e0: FileAttributes: 0x20
12b4.7e0: Size: 0x11360
12b4.7e0: NT Headers: 0xd0
12b4.7e0: Timestamp: 0x52160049
12b4.7e0: Machine: 0x8664 - amd64
12b4.7e0: Timestamp: 0x52160049
12b4.7e0: Image Version: 6.3
12b4.7e0: SizeOfImage: 0x13000 (77824)
12b4.7e0: Resource Dir: 0x11000 LB 0x3f8
12b4.7e0: ProductName: Microsoft® Windows® Operating System
12b4.7e0: ProductVersion: 6.3.9600.16384
12b4.7e0: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
12b4.7e0: FileDescription: ApiSet Schema DLL
12b4.7e0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
12b4.7e0: supR3HardenedWinFindAdversaries: 0x800
12b4.7e0: \SystemRoot\System32\drivers\cmdguard.sys:
12b4.7e0: CreationTime: 2015-04-02T01:50:14.000000000Z
12b4.7e0: LastWriteTime: 2015-04-02T01:50:14.000000000Z
12b4.7e0: ChangeTime: 2015-04-27T21:39:26.328323200Z
12b4.7e0: FileAttributes: 0x20
12b4.7e0: Size: 0xc86d8
12b4.7e0: NT Headers: 0xe0
12b4.7e0: Timestamp: 0x551c273e
12b4.7e0: Machine: 0x8664 - amd64
12b4.7e0: Timestamp: 0x551c273e
12b4.7e0: Image Version: 6.2
12b4.7e0: SizeOfImage: 0xd4000 (868352)
12b4.7e0: Resource Dir: 0xd1000 LB 0x3c8
12b4.7e0: ProductName: COMODO Internet Security Sandbox Driver
12b4.7e0: ProductVersion: 8, 2, 0, 4508
12b4.7e0: FileVersion: 8, 2, 0, 4508
12b4.7e0: FileDescription: COMODO Internet Security Sandbox Driver
12b4.7e0: \SystemRoot\System32\drivers\cmderd.sys:
12b4.7e0: CreationTime: 2015-04-02T01:50:10.000000000Z
12b4.7e0: LastWriteTime: 2015-04-02T01:50:10.000000000Z
12b4.7e0: ChangeTime: 2015-04-27T21:39:25.307611600Z
12b4.7e0: FileAttributes: 0x20
12b4.7e0: Size: 0x50d8
12b4.7e0: NT Headers: 0xe8
12b4.7e0: Timestamp: 0x551c26f3
12b4.7e0: Machine: 0x8664 - amd64
12b4.7e0: Timestamp: 0x551c26f3
12b4.7e0: Image Version: 6.1
12b4.7e0: SizeOfImage: 0x9000 (36864)
12b4.7e0: Resource Dir: 0x7000 LB 0x3f0
12b4.7e0: ProductName: COMODO Internet Security Eradication Driver
12b4.7e0: ProductVersion: 8, 2, 0, 4508
12b4.7e0: FileVersion: 8, 2, 0, 4508 built by: WinDDK
12b4.7e0: FileDescription: COMODO Internet Security Eradication Driver
12b4.7e0: \SystemRoot\System32\drivers\inspect.sys:
12b4.7e0: CreationTime: 2015-04-02T01:50:20.000000000Z
12b4.7e0: LastWriteTime: 2015-04-02T01:50:20.000000000Z
12b4.7e0: ChangeTime: 2015-04-27T21:39:37.453002400Z
12b4.7e0: FileAttributes: 0x20
12b4.7e0: Size: 0x1ef00
12b4.7e0: NT Headers: 0xd8
12b4.7e0: Timestamp: 0x551c272a
12b4.7e0: Machine: 0x8664 - amd64
12b4.7e0: Timestamp: 0x551c272a
12b4.7e0: Image Version: 6.2
12b4.7e0: SizeOfImage: 0x21000 (135168)
12b4.7e0: Resource Dir: 0x1f000 LB 0x3c8
12b4.7e0: ProductName: COMODO Internet Security Firewall Driver
12b4.7e0: ProductVersion: 8, 2, 0, 4508
12b4.7e0: FileVersion: 8, 2, 0, 4508
12b4.7e0: FileDescription: COMODO Internet Security Firewall Driver
12b4.7e0: \SystemRoot\System32\drivers\cmdhlp.sys:
12b4.7e0: CreationTime: 2015-04-02T01:50:16.000000000Z
12b4.7e0: LastWriteTime: 2015-04-02T01:50:16.000000000Z
12b4.7e0: ChangeTime: 2015-04-27T21:39:30.321151400Z
12b4.7e0: FileAttributes: 0x20
12b4.7e0: Size: 0x8908
12b4.7e0: NT Headers: 0xd8
12b4.7e0: Timestamp: 0x551c272e
12b4.7e0: Machine: 0x8664 - amd64
12b4.7e0: Timestamp: 0x551c272e
12b4.7e0: Image Version: 6.2
12b4.7e0: SizeOfImage: 0xc000 (49152)
12b4.7e0: Resource Dir: 0xa000 LB 0x3c0
12b4.7e0: ProductName: COMODO Internet Security Helper Driver
12b4.7e0: ProductVersion: 8, 2, 0, 4508
12b4.7e0: FileVersion: 8, 2, 0, 4508
12b4.7e0: FileDescription: COMODO Internet Security Helper Driver
12b4.7e0: \SystemRoot\System32\guard64.dll:
12b4.7e0: CreationTime: 2015-04-02T01:48:16.000000000Z
12b4.7e0: LastWriteTime: 2015-04-02T01:48:16.000000000Z
12b4.7e0: ChangeTime: 2015-04-27T21:38:13.422823200Z
12b4.7e0: FileAttributes: 0x20
12b4.7e0: Size: 0x8cd50
12b4.7e0: NT Headers: 0x118
12b4.7e0: Timestamp: 0x551c2754
12b4.7e0: Machine: 0x8664 - amd64
12b4.7e0: Timestamp: 0x551c2754
12b4.7e0: Image Version: 0.0
12b4.7e0: SizeOfImage: 0x95000 (610304)
12b4.7e0: Resource Dir: 0x92000 LB 0xd80
12b4.7e0: ProductName: COMODO Internet Security
12b4.7e0: ProductVersion: 8, 2, 0, 4508
12b4.7e0: FileVersion: 8, 2, 0, 4508
12b4.7e0: FileDescription: COMODO Internet Security
12b4.7e0: \SystemRoot\System32\cmdvrt64.dll:
12b4.7e0: CreationTime: 2015-04-02T01:47:20.000000000Z
12b4.7e0: LastWriteTime: 2015-04-02T01:47:20.000000000Z
12b4.7e0: ChangeTime: 2015-04-27T21:38:13.418841300Z
12b4.7e0: FileAttributes: 0x20
12b4.7e0: Size: 0x576d8
12b4.7e0: NT Headers: 0x100
12b4.7e0: Timestamp: 0x551c2757
12b4.7e0: Machine: 0x8664 - amd64
12b4.7e0: Timestamp: 0x551c2757
12b4.7e0: Image Version: 0.0
12b4.7e0: SizeOfImage: 0x5d000 (380928)
12b4.7e0: Resource Dir: 0x5b000 LB 0x5ac
12b4.7e0: ProductName: COMODO Internet Security
12b4.7e0: ProductVersion: 8, 2, 0, 4508
12b4.7e0: FileVersion: 8, 2, 0, 4508
12b4.7e0: FileDescription: COMODO Internet Security
12b4.7e0: \SystemRoot\System32\cmdkbd64.dll:
12b4.7e0: CreationTime: 2015-04-02T01:46:52.000000000Z
12b4.7e0: LastWriteTime: 2015-04-02T01:46:52.000000000Z
12b4.7e0: ChangeTime: 2015-04-27T21:38:13.193387300Z
12b4.7e0: FileAttributes: 0x20
12b4.7e0: Size: 0xb2d8
12b4.7e0: NT Headers: 0xe8
12b4.7e0: Timestamp: 0x551c2750
12b4.7e0: Machine: 0x8664 - amd64
12b4.7e0: Timestamp: 0x551c2750
12b4.7e0: Image Version: 0.0
12b4.7e0: SizeOfImage: 0xf000 (61440)
12b4.7e0: Resource Dir: 0xd000 LB 0x5ac
12b4.7e0: ProductName: COMODO Internet Security
12b4.7e0: ProductVersion: 8, 2, 0, 4508
12b4.7e0: FileVersion: 8, 2, 0, 4508
12b4.7e0: FileDescription: COMODO Internet Security
12b4.7e0: \SystemRoot\System32\cmdcsr.dll:
12b4.7e0: CreationTime: 2015-04-02T01:48:26.000000000Z
12b4.7e0: LastWriteTime: 2015-04-02T01:48:26.000000000Z
12b4.7e0: ChangeTime: 2015-04-27T21:38:13.125383200Z
12b4.7e0: FileAttributes: 0x20
12b4.7e0: Size: 0xa120
12b4.7e0: NT Headers: 0xd8
12b4.7e0: Timestamp: 0x551c274d
12b4.7e0: Machine: 0x8664 - amd64
12b4.7e0: Timestamp: 0x551c274d
12b4.7e0: Image Version: 0.0
12b4.7e0: SizeOfImage: 0xc000 (49152)
12b4.7e0: Resource Dir: 0xa000 LB 0x4a8
12b4.7e0: ProductName: COMODO Internet Security
12b4.7e0: ProductVersion: 8, 2, 0, 4508
12b4.7e0: FileVersion: 8, 2, 0, 4508
12b4.7e0: FileDescription: COMODO Internet Security
12b4.7e0: Calling main()
12b4.7e0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
12b4.7e0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
12b4.7e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
12b4.7e0: SUPR3HardenedMain: Respawn #2
12b4.7e0: supR3HardNtEnableThreadCreation:
12b4.7e0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa552d8eb0 pvNtTerminateThread=00007ffa553516f0
12b4.7e0: supR3HardenedWinDoReSpawn(2): New child 1258.1640 [kernel32].
12b4.7e0: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
12b4.7e0: supR3HardNtChildGatherData: PebBaseAddress=00007ff7981cd000 cbPeb=0x388
12b4.7e0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffa552c0000 uNtDllChildAddr=00007ffa552c0000
12b4.7e0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffa552d8eb0
12b4.7e0: supR3HardenedWinSetupChildInit: Start child.
12b4.7e0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
12b4.7e0: supR3HardNtChildPurify: Startup delay kludge #1/0: 514 ms, 59 sleeps
12b4.7e0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
12b4.7e0: *0000000000000000-ffffffffff41ffff 0x0001/0x0000 0x0000000
12b4.7e0: *0000000000be0000-0000000000bbffff 0x0004/0x0004 0x0020000
12b4.7e0: *0000000000c00000-0000000000bf0fff 0x0002/0x0002 0x0040000
12b4.7e0: 0000000000c0f000-0000000000c0dfff 0x0001/0x0000 0x0000000
12b4.7e0: *0000000000c10000-0000000000b13fff 0x0000/0x0004 0x0020000
12b4.7e0: 0000000000d0c000-0000000000d08fff 0x0104/0x0004 0x0020000
12b4.7e0: 0000000000d0f000-0000000000d0dfff 0x0004/0x0004 0x0020000
12b4.7e0: *0000000000d10000-0000000000d0bfff 0x0002/0x0002 0x0040000
12b4.7e0: 0000000000d14000-0000000000d07fff 0x0001/0x0000 0x0000000
12b4.7e0: *0000000000d20000-0000000000d1dfff 0x0004/0x0004 0x0020000
12b4.7e0: 0000000000d22000-ffffffff81a63fff 0x0001/0x0000 0x0000000
12b4.7e0: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
12b4.7e0: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
12b4.7e0: 000000007fff0000-ffff800967e3ffff 0x0001/0x0000 0x0000000
12b4.7e0: *00007ff7981a0000-00007ff79817cfff 0x0002/0x0002 0x0040000
12b4.7e0: 00007ff7981c3000-00007ff7981b8fff 0x0001/0x0000 0x0000000
12b4.7e0: *00007ff7981cd000-00007ff7981cbfff 0x0004/0x0004 0x0020000
12b4.7e0: *00007ff7981ce000-00007ff7981cbfff 0x0004/0x0004 0x0020000
12b4.7e0: 00007ff7981d0000-00007ff7980dffff 0x0001/0x0000 0x0000000
12b4.7e0: *00007ff7982c0000-00007ff7982befff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
12b4.7e0: 00007ff7982c1000-00007ff79823cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
12b4.7e0: 00007ff798345000-00007ff798343fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
12b4.7e0: 00007ff798346000-00007ff798308fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
12b4.7e0: 00007ff798383000-00007ff798381fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
12b4.7e0: 00007ff798384000-00007ff798382fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
12b4.7e0: 00007ff798385000-00007ff798382fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
12b4.7e0: 00007ff798387000-00007ff798385fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
12b4.7e0: 00007ff798388000-00007ff798386fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
12b4.7e0: 00007ff798389000-00007ff798384fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
12b4.7e0: 00007ff79838d000-00007ff798353fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
12b4.7e0: 00007ff7983c6000-00007ff4db4cbfff 0x0001/0x0000 0x0000000
12b4.7e0: *00007ffa552c0000-00007ffa552befff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
12b4.7e0: 00007ffa552c1000-00007ffa55194fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
12b4.7e0: 00007ffa553ed000-00007ffa553e6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
12b4.7e0: 00007ffa553f3000-00007ffa553e5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
12b4.7e0: 00007ffa55400000-00007ffa553fefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
12b4.7e0: 00007ffa55401000-00007ffa553fdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
12b4.7e0: 00007ffa55404000-00007ffa55402fff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
12b4.7e0: 00007ffa55405000-00007ffa5539dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
12b4.7e0: 00007ffa5546c000-00007ff4aa8f7fff 0x0001/0x0000 0x0000000
12b4.7e0: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
12b4.7e0: VirtualBox.exe: timestamp 0x550706a7 (rc=VINF_SUCCESS)
12b4.7e0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
12b4.7e0: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
12b4.7e0: supR3HardNtChildPurify: Done after 539 ms and 0 fixes (loop #0).
1258.1640: Log file opened: 4.3.26r98988 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x63258000
1258.1640: supR3HardenedVmProcessInit: uNtDllAddr=00007ffa552c0000
12b4.7e0: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000350000 LB 0x400000)
1258.1640: ntdll.dll: timestamp 0x550f4336 (rc=VINF_SUCCESS)
1258.1640: New simple heap: #1 0000000000e30000 LB 0x400000 (for 1753088 allocation)
12b4.7e0: supR3HardNtEnableThreadCreation:
1258.1640: System32: \Device\HarddiskVolume2\Windows\System32
1258.1640: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
1258.1640: KnownDllPath: C:\Windows\system32
1258.1640: supR3HardenedVmProcessInit: Opening vboxdrv...
1258.1640: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1258.1640: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1258.1640: Registered Dll notification callback with NTDLL.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
1258.1640: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa524e0000 LB 0x00115000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa52fc0000 LB 0x0013e000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52fc0000 'C:\Windows\system32\KERNEL32.DLL'
1258.1640: supR3HardenedDllNotificationCallback: load 00007ff7982c0000 LB 0x00106000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
1258.1640: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1258.1640: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa552d8eb0 pvNtTerminateThread=00007ffa553516f0
12b4.7e0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 61 ms.
1258.1640: \SystemRoot\System32\ntdll.dll:
1258.1640: CreationTime: 2015-04-23T19:36:15.400924000Z
1258.1640: LastWriteTime: 2015-03-23T21:59:25.551884100Z
1258.1640: ChangeTime: 2015-04-23T21:14:44.553149800Z
1258.1640: FileAttributes: 0x20
1258.1640: Size: 0x1a7540
1258.1640: NT Headers: 0xd8
1258.1640: Timestamp: 0x550f4336
1258.1640: Machine: 0x8664 - amd64
1258.1640: Timestamp: 0x550f4336
1258.1640: Image Version: 6.3
1258.1640: SizeOfImage: 0x1ac000 (1753088)
1258.1640: Resource Dir: 0x148000 LB 0x62450
1258.1640: ProductName: Microsoft® Windows® Operating System
1258.1640: ProductVersion: 6.3.9600.17736
1258.1640: FileVersion: 6.3.9600.17736 (winblue_r9.150322-1500)
1258.1640: FileDescription: NT Layer DLL
1258.1640: \SystemRoot\System32\kernel32.dll:
1258.1640: CreationTime: 2015-04-23T19:59:59.056995000Z
1258.1640: LastWriteTime: 2014-10-29T04:09:24.572407200Z
1258.1640: ChangeTime: 2015-04-23T21:16:05.681031700Z
1258.1640: FileAttributes: 0x20
1258.1640: Size: 0x13fc30
1258.1640: NT Headers: 0xf8
1258.1640: Timestamp: 0x545054ca
1258.1640: Machine: 0x8664 - amd64
1258.1640: Timestamp: 0x545054ca
1258.1640: Image Version: 6.3
1258.1640: SizeOfImage: 0x13e000 (1302528)
1258.1640: Resource Dir: 0x12e000 LB 0x518
1258.1640: ProductName: Microsoft® Windows® Operating System
1258.1640: ProductVersion: 6.3.9600.17415
1258.1640: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
1258.1640: FileDescription: Windows NT BASE API Client DLL
1258.1640: \SystemRoot\System32\KernelBase.dll:
1258.1640: CreationTime: 2015-04-23T20:00:18.963418600Z
1258.1640: LastWriteTime: 2014-10-29T03:55:08.402989600Z
1258.1640: ChangeTime: 2015-04-23T21:16:06.743557100Z
1258.1640: FileAttributes: 0x20
1258.1640: Size: 0x114a90
1258.1640: NT Headers: 0xf0
1258.1640: Timestamp: 0x54505737
1258.1640: Machine: 0x8664 - amd64
1258.1640: Timestamp: 0x54505737
1258.1640: Image Version: 6.3
1258.1640: SizeOfImage: 0x115000 (1134592)
1258.1640: Resource Dir: 0x110000 LB 0x3528
1258.1640: ProductName: Microsoft® Windows® Operating System
1258.1640: ProductVersion: 6.3.9600.17415
1258.1640: FileVersion: 6.3.9600.17415 (winblue_r4.141028-1500)
1258.1640: FileDescription: Windows NT BASE API Client DLL
1258.1640: \SystemRoot\System32\apisetschema.dll:
1258.1640: CreationTime: 2013-08-22T12:13:09.745625900Z
1258.1640: LastWriteTime: 2013-08-22T12:35:12.091034400Z
1258.1640: ChangeTime: 2015-04-23T15:30:04.196438300Z
1258.1640: FileAttributes: 0x20
1258.1640: Size: 0x11360
1258.1640: NT Headers: 0xd0
1258.1640: Timestamp: 0x52160049
1258.1640: Machine: 0x8664 - amd64
1258.1640: Timestamp: 0x52160049
1258.1640: Image Version: 6.3
1258.1640: SizeOfImage: 0x13000 (77824)
1258.1640: Resource Dir: 0x11000 LB 0x3f8
1258.1640: ProductName: Microsoft® Windows® Operating System
1258.1640: ProductVersion: 6.3.9600.16384
1258.1640: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
1258.1640: FileDescription: ApiSet Schema DLL
1258.1640: NtOpenDirectoryObject failed on \Driver: 0xc0000022
1258.1640: supR3HardenedWinFindAdversaries: 0x800
1258.1640: \SystemRoot\System32\drivers\cmdguard.sys:
1258.1640: CreationTime: 2015-04-02T01:50:14.000000000Z
1258.1640: LastWriteTime: 2015-04-02T01:50:14.000000000Z
1258.1640: ChangeTime: 2015-04-27T21:39:26.328323200Z
1258.1640: FileAttributes: 0x20
1258.1640: Size: 0xc86d8
1258.1640: NT Headers: 0xe0
1258.1640: Timestamp: 0x551c273e
1258.1640: Machine: 0x8664 - amd64
1258.1640: Timestamp: 0x551c273e
1258.1640: Image Version: 6.2
1258.1640: SizeOfImage: 0xd4000 (868352)
1258.1640: Resource Dir: 0xd1000 LB 0x3c8
1258.1640: ProductName: COMODO Internet Security Sandbox Driver
1258.1640: ProductVersion: 8, 2, 0, 4508
1258.1640: FileVersion: 8, 2, 0, 4508
1258.1640: FileDescription: COMODO Internet Security Sandbox Driver
1258.1640: \SystemRoot\System32\drivers\cmderd.sys:
1258.1640: CreationTime: 2015-04-02T01:50:10.000000000Z
1258.1640: LastWriteTime: 2015-04-02T01:50:10.000000000Z
1258.1640: ChangeTime: 2015-04-27T21:39:25.307611600Z
1258.1640: FileAttributes: 0x20
1258.1640: Size: 0x50d8
1258.1640: NT Headers: 0xe8
1258.1640: Timestamp: 0x551c26f3
1258.1640: Machine: 0x8664 - amd64
1258.1640: Timestamp: 0x551c26f3
1258.1640: Image Version: 6.1
1258.1640: SizeOfImage: 0x9000 (36864)
1258.1640: Resource Dir: 0x7000 LB 0x3f0
1258.1640: ProductName: COMODO Internet Security Eradication Driver
1258.1640: ProductVersion: 8, 2, 0, 4508
1258.1640: FileVersion: 8, 2, 0, 4508 built by: WinDDK
1258.1640: FileDescription: COMODO Internet Security Eradication Driver
1258.1640: \SystemRoot\System32\drivers\inspect.sys:
1258.1640: CreationTime: 2015-04-02T01:50:20.000000000Z
1258.1640: LastWriteTime: 2015-04-02T01:50:20.000000000Z
1258.1640: ChangeTime: 2015-04-27T21:39:37.453002400Z
1258.1640: FileAttributes: 0x20
1258.1640: Size: 0x1ef00
1258.1640: NT Headers: 0xd8
1258.1640: Timestamp: 0x551c272a
1258.1640: Machine: 0x8664 - amd64
1258.1640: Timestamp: 0x551c272a
1258.1640: Image Version: 6.2
1258.1640: SizeOfImage: 0x21000 (135168)
1258.1640: Resource Dir: 0x1f000 LB 0x3c8
1258.1640: ProductName: COMODO Internet Security Firewall Driver
1258.1640: ProductVersion: 8, 2, 0, 4508
1258.1640: FileVersion: 8, 2, 0, 4508
1258.1640: FileDescription: COMODO Internet Security Firewall Driver
1258.1640: \SystemRoot\System32\drivers\cmdhlp.sys:
1258.1640: CreationTime: 2015-04-02T01:50:16.000000000Z
1258.1640: LastWriteTime: 2015-04-02T01:50:16.000000000Z
1258.1640: ChangeTime: 2015-04-27T21:39:30.321151400Z
1258.1640: FileAttributes: 0x20
1258.1640: Size: 0x8908
1258.1640: NT Headers: 0xd8
1258.1640: Timestamp: 0x551c272e
1258.1640: Machine: 0x8664 - amd64
1258.1640: Timestamp: 0x551c272e
1258.1640: Image Version: 6.2
1258.1640: SizeOfImage: 0xc000 (49152)
1258.1640: Resource Dir: 0xa000 LB 0x3c0
1258.1640: ProductName: COMODO Internet Security Helper Driver
1258.1640: ProductVersion: 8, 2, 0, 4508
1258.1640: FileVersion: 8, 2, 0, 4508
1258.1640: FileDescription: COMODO Internet Security Helper Driver
1258.1640: \SystemRoot\System32\guard64.dll:
1258.1640: CreationTime: 2015-04-02T01:48:16.000000000Z
1258.1640: LastWriteTime: 2015-04-02T01:48:16.000000000Z
1258.1640: ChangeTime: 2015-04-27T21:38:13.422823200Z
1258.1640: FileAttributes: 0x20
1258.1640: Size: 0x8cd50
1258.1640: NT Headers: 0x118
1258.1640: Timestamp: 0x551c2754
1258.1640: Machine: 0x8664 - amd64
1258.1640: Timestamp: 0x551c2754
1258.1640: Image Version: 0.0
1258.1640: SizeOfImage: 0x95000 (610304)
1258.1640: Resource Dir: 0x92000 LB 0xd80
1258.1640: ProductName: COMODO Internet Security
1258.1640: ProductVersion: 8, 2, 0, 4508
1258.1640: FileVersion: 8, 2, 0, 4508
1258.1640: FileDescription: COMODO Internet Security
1258.1640: \SystemRoot\System32\cmdvrt64.dll:
1258.1640: CreationTime: 2015-04-02T01:47:20.000000000Z
1258.1640: LastWriteTime: 2015-04-02T01:47:20.000000000Z
1258.1640: ChangeTime: 2015-04-27T21:38:13.418841300Z
1258.1640: FileAttributes: 0x20
1258.1640: Size: 0x576d8
1258.1640: NT Headers: 0x100
1258.1640: Timestamp: 0x551c2757
1258.1640: Machine: 0x8664 - amd64
1258.1640: Timestamp: 0x551c2757
1258.1640: Image Version: 0.0
1258.1640: SizeOfImage: 0x5d000 (380928)
1258.1640: Resource Dir: 0x5b000 LB 0x5ac
1258.1640: ProductName: COMODO Internet Security
1258.1640: ProductVersion: 8, 2, 0, 4508
1258.1640: FileVersion: 8, 2, 0, 4508
1258.1640: FileDescription: COMODO Internet Security
1258.1640: \SystemRoot\System32\cmdkbd64.dll:
1258.1640: CreationTime: 2015-04-02T01:46:52.000000000Z
1258.1640: LastWriteTime: 2015-04-02T01:46:52.000000000Z
1258.1640: ChangeTime: 2015-04-27T21:38:13.193387300Z
1258.1640: FileAttributes: 0x20
1258.1640: Size: 0xb2d8
1258.1640: NT Headers: 0xe8
1258.1640: Timestamp: 0x551c2750
1258.1640: Machine: 0x8664 - amd64
1258.1640: Timestamp: 0x551c2750
1258.1640: Image Version: 0.0
1258.1640: SizeOfImage: 0xf000 (61440)
1258.1640: Resource Dir: 0xd000 LB 0x5ac
1258.1640: ProductName: COMODO Internet Security
1258.1640: ProductVersion: 8, 2, 0, 4508
1258.1640: FileVersion: 8, 2, 0, 4508
1258.1640: FileDescription: COMODO Internet Security
1258.1640: \SystemRoot\System32\cmdcsr.dll:
1258.1640: CreationTime: 2015-04-02T01:48:26.000000000Z
1258.1640: LastWriteTime: 2015-04-02T01:48:26.000000000Z
1258.1640: ChangeTime: 2015-04-27T21:38:13.125383200Z
1258.1640: FileAttributes: 0x20
1258.1640: Size: 0xa120
1258.1640: NT Headers: 0xd8
1258.1640: Timestamp: 0x551c274d
1258.1640: Machine: 0x8664 - amd64
1258.1640: Timestamp: 0x551c274d
1258.1640: Image Version: 0.0
1258.1640: SizeOfImage: 0xc000 (49152)
1258.1640: Resource Dir: 0xa000 LB 0x4a8
1258.1640: ProductName: COMODO Internet Security
1258.1640: ProductVersion: 8, 2, 0, 4508
1258.1640: FileVersion: 8, 2, 0, 4508
1258.1640: FileDescription: COMODO Internet Security
1258.1640: Calling main()
1258.1640: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
1258.1640: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1258.1640: SUPR3HardenedMain: Final process, opening VBoxDrv...
1258.1640: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000e30000 LB 0x400000)
1258.1640: supR3HardNtEnableThreadCreation:
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1258.1640: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa50810000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa50810000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa50810000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa50810000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'crypt32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'msasn1.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'msasn1.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1258.1640: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa54bc0000 LB 0x000aa000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa524c0000 LB 0x00011000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa52700000 LB 0x001df000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa54e00000 LB 0x00141000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa528e0000 LB 0x00051000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa528e0000 'C:\Windows\system32\Wintrust.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa528e0000 'C:\Windows\System32\WINTRUST.DLL'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa528e0000 'C:\Windows\System32\WINTRUST.DLL'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa528e0000 'C:\Windows\System32\WINTRUST.DLL'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa528e0000 'C:\Windows\System32\WINTRUST.DLL'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa528e0000 'C:\Windows\System32\WINTRUST.DLL'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa528e0000 'C:\Windows\System32\WINTRUST.DLL'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa528e0000 'C:\Windows\System32\WINTRUST.DLL'
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa51c70000 LB 0x00020000 C:\Windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa51ec0000 LB 0x00026000 C:\Windows\SYSTEM32\bcrypt.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa51890000 LB 0x00036000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa52200000 LB 0x00063000 C:\Windows\SYSTEM32\bcryptPrimitives.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa52270000 LB 0x0000b000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52fc0000 'C:\Windows\system32\kernel32.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa528e0000 'C:\Windows\System32\WINTRUST.DLL'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\CRYPT32.dll'
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa52940000 LB 0x00016000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'bcrypt.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ntasn1.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntasn1.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntasn1.dll
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa51e50000 LB 0x00037000 C:\Windows\SYSTEM32\NTASN1.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntasn1.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa51e90000 LB 0x00025000 C:\Windows\SYSTEM32\ncrypt.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntasn1.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntasn1.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntasn1.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52200000 'C:\Windows\system32\bcryptprimitives.dll'
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa53260000 LB 0x00059000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa51590000 LB 0x00024000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa52400000 LB 0x00015000 C:\Windows\SYSTEM32\profapi.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'crypt32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'wldap32.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa54f50000 LB 0x0005c000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa40b80000 LB 0x00039000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa40b80000 'C:\Windows\system32\cryptnet.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa40b80000 'C:\Windows\system32\cryptnet.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa40b80000 'C:\Windows\system32\cryptnet.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa40b80000 'C:\Windows\system32\cryptnet.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa40b80000 'C:\Windows\system32\cryptnet.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa40b80000 'C:\Windows\system32\cryptnet.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa40b80000 'C:\Windows\system32\cryptnet.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa40b80000 'C:\Windows\system32\cryptnet.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa40b80000 'C:\Windows\system32\cryptnet.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa40b80000 'C:\Windows\system32\cryptnet.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa40b80000 'C:\Windows\system32\cryptnet.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa40b80000 'C:\Windows\system32\cryptnet.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 2 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa40b80000 'C:\Windows\System32\cryptnet.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 2 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa52d20000 LB 0x000aa000 C:\Windows\SYSTEM32\advapi32.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0C388B9F1A03B08C9E0419963B4B8BEF1136190E
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54e00000 'C:\Windows\system32\rpcrt4.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa528e0000 'C:\Windows\System32\WINTRUST.DLL'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa528e0000 'C:\Windows\System32\WINTRUST.DLL'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa528e0000 'C:\Windows\System32\WINTRUST.DLL'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa528e0000 'C:\Windows\System32\WINTRUST.DLL'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa528e0000 'C:\Windows\System32\WINTRUST.DLL'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa528e0000 'C:\Windows\System32\WINTRUST.DLL'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa528e0000 'C:\Windows\System32\WINTRUST.DLL'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_31_for_KB3045999~31bf3856ad364e35~amd64~~6.3.1.3.cat'; file='\SystemRoot\System32\ntdll.dll'
1258.1640: g_pfnWinVerifyTrust=00007ffa528e1050
1258.1640: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1258.1640: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000378 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BBC3979054487C3D01C936AC44608445F3BDB24A
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1991_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000374 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CFA081F787F20E906CEFF5631F4EC1F5B874BBA5
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1991_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ntasn1.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1258.1640: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1258.1640: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1258.1640: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1258.1640: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1258.1640: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1258.1640: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1258.1640: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1258.1640: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1258.1640: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1258.1640: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1258.1640: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1258.1640: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1258.1640: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1258.1640: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1258.1640: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1258.1640: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1258.1640: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
1258.1640: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1258.1640: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1258.1640: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1258.1640: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1258.1640: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1258.1640: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=23
1258.1640: SUPR3HardenedMain: Load Runtime...
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll)WinVerifyTrust
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'nsi.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll)WinVerifyTrust
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1258.1640: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\nsi.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll)WinVerifyTrust
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1258.1640: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)WinVerifyTrust
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1258.1640: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1258.1640: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1258.1640: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1258.1640: supR3HardenedDllNotificationCallback: load 00000000601a0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1258.1640: supR3HardenedDllNotificationCallback: load 0000000060100000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa547e0000 LB 0x00009000 C:\Windows\system32\NSI.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa54970000 LB 0x0005a000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa3e1a0000 LB 0x00531000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\nsi.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3e1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3e1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3e1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3e1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3e1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3e1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3e1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3e1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3e1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3e1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3e1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3e1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3e1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3e1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3e1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3e1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3e1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3e1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3e1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3e1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3e1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3e1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3e1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3e1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3e1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3e1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3e1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3e1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3e1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3e1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3e1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3e1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3e1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa528e0000 'C:\Windows\system32\Wintrust.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: SUPR3HardenedMain: Load TrustedMain...
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll)WinVerifyTrust
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll)WinVerifyTrust
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000494 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A8D428FD3A844AF383E2EA2C23013320CECD6296
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1258.1640: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'gdi32.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
1258.1640: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'devobj.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmmbase.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
1258.1640: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\devobj.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'cfgmgr32.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1258.1640: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'user32.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1258.1640: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1358_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll)WinVerifyTrust
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1258.1640: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shell32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'user32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'shlwapi.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #59 'gdi32.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1258.1640: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1258.1640: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll)WinVerifyTrust
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1258.1640: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'gdi32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll)WinVerifyTrust
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [redoing WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll)WinVerifyTrust
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1258.1640: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1258.1640: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1258.1640: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1258.1640: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\ddraw.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'user32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'gdi32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'dciman32.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1258.1640: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1258.1640: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1258.1640: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\imm32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'msctf.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
1258.1640: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msctf.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'imm32.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1258.1640: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\dciman32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll)WinVerifyTrust
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [redoing WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.1640: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [redoing WinVerifyTrust]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.1640: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000458 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2C6D4490D969C3233E8843AD4B11DB3F390C0B16
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1537_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1258.1640: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
1258.1640: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1258.1640: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1258.1640: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1258.1640: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1258.1640: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1258.1640: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1258.1640: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1258.1640: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1258.1640: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
1258.1640: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
1258.1640: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll
1258.1640: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1258.1640: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
1258.1640: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
1258.1640: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'combase.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa54c80000 LB 0x00177000 C:\Windows\system32\USER32.dll [fFlags=0x0]
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa55010000 LB 0x00151000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa4ccb0000 LB 0x00009000 C:\Windows\SYSTEM32\DCIMAN32.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa451d0000 LB 0x000f8000 C:\Windows\SYSTEM32\DDRAW.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa503f0000 LB 0x0002e000 C:\Windows\SYSTEM32\GLU32.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa42860000 LB 0x0012b000 C:\Windows\SYSTEM32\OPENGL32.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa52960000 LB 0x00211000 C:\Windows\SYSTEM32\combase.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [avoiding WinVerifyTrust]
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa52b80000 LB 0x00194000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1258.1640: supR3HardenedDllNotificationCallback: load 000000005fe20000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa54fb0000 LB 0x00054000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa4f7f0000 LB 0x000a4000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\COMCTL32.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll [avoiding WinVerifyTrust]
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa532c0000 LB 0x01518000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa50970000 LB 0x000b2000 C:\Windows\SYSTEM32\SHCORE.DLL [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\SHCore.dll [avoiding WinVerifyTrust]
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa548b0000 LB 0x000b6000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa551f0000 LB 0x000c1000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa53100000 LB 0x00152000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [avoiding WinVerifyTrust]
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa52f80000 LB 0x00036000 C:\Windows\system32\IMM32.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa52600000 LB 0x0004f000 C:\Windows\SYSTEM32\cfgmgr32.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa51220000 LB 0x00028000 C:\Windows\SYSTEM32\DEVOBJ.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa4d980000 LB 0x0002a000 C:\Windows\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa4f0b0000 LB 0x00022000 C:\Windows\SYSTEM32\WINMM.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa4d4b0000 LB 0x00082000 C:\Windows\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
1258.1640: supR3HardenedDllNotificationCallback: load 000000005f4b0000 LB 0x00969000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1258.1640: supR3HardenedDllNotificationCallback: load 000000005f3a0000 LB 0x00105000 C:\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
1258.1640: supR3HardenedDllNotificationCallback: load 000000005f2c0000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa36fb0000 LB 0x00875000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\SHCore.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000490 pwszName=\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D2439957F4F4E64F3771B4CC408D22259C95DE82
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1358_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000044c pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=090BF7C2666F3FF583BB59D31C1CC1CF305DE9C0
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3032323~31bf3856ad364e35~amd64~~6.3.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F29C5E10B41703F37F876FBDAF2EA1AEB908918
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1242_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winspool.drv'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000428 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=832AE7EFDC6DDBE1A3371D29771A385D19CE3E5A
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1537_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000438 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=46F3EC55D7EDCC524FCBA343C275D945026CBC93
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1534_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\combase.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000420 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D2439957F4F4E64F3771B4CC408D22259C95DE82
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1358_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devobj.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52f80000 'C:\Windows\system32\imm32.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa36fb0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
1258.1640: SUPR3HardenedMain: Calling TrustedMain (00007ffa36fb1ca0)...
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4f0b0000 'C:\Windows\system32\winmm.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000062c pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=011C79DEF7FEEC81838000B9664073BAE4A7CB92
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1357_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll)WinVerifyTrust
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1258.1640: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa510c0000 LB 0x00129000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa510c0000 'C:\Windows\system32\uxtheme.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa510c0000 'C:\Windows\system32\uxtheme.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa510c0000 'C:\Windows\system32\uxtheme.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa510c0000 'C:\Windows\system32\uxtheme.dll'
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'user32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'gdi32.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa50770000 LB 0x00021000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa511f0000 LB 0x0000b000 C:\Windows\SYSTEM32\kernel.appcore.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa532c0000 'C:\Windows\system32\shell32.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52fc0000 'C:\Windows\system32\kernel32.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa510c0000 'C:\Windows\system32\uxtheme.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa510c0000 'C:\Windows\system32\uxtheme.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54c80000 'C:\Windows\system32\user32.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa510c0000 'C:\Windows\system32\uxtheme.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54c80000 'C:\Windows\system32\user32.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52d20000 'C:\Windows\system32\advapi32.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'profapi.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)WinVerifyTrust
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa519a0000 LB 0x00021000 C:\Windows\system32\userenv.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa519a0000 'C:\Windows\system32\userenv.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52fc0000 'C:\Windows\system32\kernel32.dll'
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa547f0000 LB 0x000b6000 C:\Windows\SYSTEM32\clbcatq.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll [avoiding WinVerifyTrust]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa551f0000 'C:\Windows\System32\oleaut32.dll'
1258.1640: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sxs.dll)
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sxs.dll
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa52280000 LB 0x00099000 C:\Windows\SYSTEM32\sxs.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sxs.dll [avoiding WinVerifyTrust]
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000069c pwszName=\Device\HarddiskVolume2\Windows\System32\sxs.dll
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CE9E354C30F5B2A6EDC3DE9416DF14533BE89816
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_846_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\sxs.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1258.1640: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sxs.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa551f0000 'C:\Windows\system32\OLEAUT32.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa55010000 'C:\Windows\system32\gdi32.dll'
1258.ffc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.ffc: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.ffc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.ffc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.ffc: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.ffc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.ffc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.ffc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1258.ffc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1258.ffc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1258.ffc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1258.ffc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1258.ffc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1258.ffc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
1258.ffc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll)WinVerifyTrust
1258.ffc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
1258.ffc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1258.ffc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1258.ffc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1258.ffc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1258.ffc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1258.ffc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1258.ffc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1258.ffc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1258.ffc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1258.ffc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1258.ffc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1258.ffc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1258.ffc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1258.ffc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1258.ffc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1258.ffc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1258.ffc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1258.ffc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1258.ffc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1258.ffc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1258.ffc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
1258.ffc: supR3HardenedDllNotificationCallback: load 00007ffa3d000000 LB 0x004f8000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
1258.ffc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
1258.ffc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3d000000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa54c80000 'C:\Windows\system32\user32.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa532c0000 'C:\Windows\system32\shell32.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52b80000 'C:\Windows\system32\ole32.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa53100000 'C:\Windows\system32\MSCTF.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52b80000 'C:\Windows\system32\ole32.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa551f0000 'C:\Windows\system32\OLEAUT32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a74 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=423F3447A3399AF560C707709A03AE5E23FA1CAD
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_746_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll)WinVerifyTrust
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a88 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3E264B83DD0BC4A26011E964C5856C40BC4FD6A4
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_746_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'ws2_32.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll)WinVerifyTrust
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1258.1640: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
1258.1640: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa3ee60000 LB 0x00082000 C:\Windows\SYSTEM32\wbemcomn.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa3a830000 LB 0x00011000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa524e0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3a830000 'C:\Windows\system32\wbem\wbemprox.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000984 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=34CAAFAC191912291EB7000AE3D54335A7FD4C18
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_746_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll)WinVerifyTrust
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1258.1640: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa3eaa0000 LB 0x00015000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3eaa0000 'C:\Windows\system32\wbem\wbemsvc.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa524e0000 'api-ms-win-core-localization-l1-2-0.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa524e0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a04 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=92F5EA7DEF5292B930D85382B83309F563FFA69F
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_746_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll)WinVerifyTrust
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1258.1640: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa3eac0000 LB 0x000fb000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3eac0000 'C:\Windows\system32\wbem\fastprox.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll' [redir]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4f7f0000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll'
1258.cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.cd8: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.cd8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.cd8: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.cd8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1258.cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
1258.cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1258.cd8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll)WinVerifyTrust
1258.cd8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1258.cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1258.cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1258.cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
1258.cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
1258.cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.cd8: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.cd8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.cd8: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.cd8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
1258.cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
1258.cd8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
1258.cd8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll)WinVerifyTrust
1258.cd8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
1258.cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1258.cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1258.cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
1258.cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
1258.cd8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1258.cd8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1258.cd8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1258.cd8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.cd8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1258.cd8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
1258.cd8: supR3HardenedDllNotificationCallback: load 000000005f1b0000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
1258.cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
1258.cd8: supR3HardenedDllNotificationCallback: load 00007ffa41a30000 LB 0x00261000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
1258.cd8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1258.cd8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa41a30000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.1404: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1404: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.1404: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1404: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.1404: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.1404: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1404: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.1404: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1258.1404: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
1258.1404: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1258.1404: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1258.1404: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll)WinVerifyTrust
1258.1404: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
1258.1404: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1258.1404: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1258.1404: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1258.1404: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1258.1404: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
1258.1404: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
1258.1404: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1258.1404: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1258.1404: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1258.1404: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1404: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
1258.1404: supR3HardenedDllNotificationCallback: load 00007ffa50380000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
1258.1404: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
1258.1404: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa50380000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
1258.1368: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1368: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.1368: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1368: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.1368: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.1368: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1368: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.1368: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1258.1368: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1258.1368: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll)WinVerifyTrust
1258.1368: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
1258.1368: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1258.1368: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1258.1368: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1258.1368: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1258.1368: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1368: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
1258.1368: supR3HardenedDllNotificationCallback: load 00007ffa50340000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
1258.1368: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
1258.1368: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa50340000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
1258.8a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.8a4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.8a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.8a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.8a4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.8a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.8a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.8a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1258.8a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1258.8a4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1258.8a4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll)WinVerifyTrust
1258.8a4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
1258.8a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1258.8a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1258.8a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1258.8a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1258.8a4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1258.8a4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1258.8a4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1258.8a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.8a4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
1258.8a4: supR3HardenedDllNotificationCallback: load 00007ffa4fde0000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
1258.8a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
1258.8a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4fde0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
1258.e84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.e84: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.e84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.e84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.e84: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.e84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.e84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.e84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1258.e84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1258.e84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1258.e84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll)WinVerifyTrust
1258.e84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
1258.e84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1258.e84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1258.e84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1258.e84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1258.e84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1258.e84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1258.e84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1258.e84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.e84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
1258.e84: supR3HardenedDllNotificationCallback: load 00007ffa4fdd0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
1258.e84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
1258.e84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4fdd0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa532c0000 'C:\Windows\system32/Shell32.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
1258.514: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll)WinVerifyTrust
1258.514: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winnsi.dll'.
1258.514: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL)WinVerifyTrust
1258.514: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
1258.514: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winnsi.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
1258.514: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll)
1258.514: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'cfgmgr32.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
1258.514: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll)WinVerifyTrust
1258.514: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1258.514: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll)WinVerifyTrust
1258.514: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
1258.514: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll)WinVerifyTrust
1258.514: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume2\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c64 pwszName=\Device\HarddiskVolume2\Windows\System32\newdev.dll
1258.514: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001475710
1258.514: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001475710
1258.514: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9B90F53BC1E04734936A6993D9005F5A7C816F8F
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.514: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_868_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\newdev.dll'
1258.514: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'uxtheme.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'cfgmgr32.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'setupapi.dll'.
1258.514: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\newdev.dll)WinVerifyTrust
1258.514: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\newdev.dll
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
1258.514: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
1258.514: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
1258.514: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
1258.514: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
1258.514: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.514: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
1258.514: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
1258.514: supR3HardenedDllNotificationCallback: load 00007ffa549d0000 LB 0x001da000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1258.514: supR3HardenedDllNotificationCallback: load 00007ffa4a460000 LB 0x00016000 C:\Windows\SYSTEM32\devrtl.DLL [fFlags=0x0]
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
1258.514: supR3HardenedDllNotificationCallback: load 00007ffa3bf20000 LB 0x00056000 C:\Windows\SYSTEM32\newdev.dll [fFlags=0x0]
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll
1258.514: supR3HardenedDllNotificationCallback: load 00007ffa4fe70000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
1258.514: supR3HardenedDllNotificationCallback: load 00007ffa4f970000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
1258.514: supR3HardenedDllNotificationCallback: load 00007ffa4c270000 LB 0x0000a000 C:\Windows\SYSTEM32\WINNSI.DLL [fFlags=0x0]
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
1258.514: supR3HardenedDllNotificationCallback: load 00007ffa4c290000 LB 0x0002a000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
1258.514: supR3HardenedDllNotificationCallback: load 00007ffa366d0000 LB 0x008d1000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa366d0000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
1258.514: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c4c pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
1258.514: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001475710
1258.514: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001475710
1258.514: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1BD420FD87C527DD7764DD8C12C3F1C9F0448C71
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.514: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1966_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
1258.514: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1258.514: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.514: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa3d000000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4f970000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.15a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.15a8: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.15a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.15a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.15a8: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\certsentry.dll': 0 (NtPath=\??\C:\Windows\system32\certsentry.dll; Input=certsentry.dll; rcNtGetDll=0xc0000135
1258.15a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\certsentry.dll (Input=certsentry.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.15a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\certsentry.dll'
1258.15a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1258.15a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
1258.15a8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1258.15a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll)WinVerifyTrust
1258.15a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
1258.15a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1258.15a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1258.15a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
1258.15a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
1258.15a8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1258.15a8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1258.15a8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1258.15a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.15a8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
1258.15a8: supR3HardenedDllNotificationCallback: load 00007ffa4fdc0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
1258.15a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
1258.15a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4fdc0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
1258.514: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d68 pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
1258.514: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001475710
1258.514: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001475710
1258.514: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DF2CE4B6EA46F5759902C86AAA15DD883AC6DD4E
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.514: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_779_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
1258.514: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
1258.514: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll)WinVerifyTrust
1258.514: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
1258.514: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll)WinVerifyTrust
1258.514: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1258.514: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
1258.514: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
1258.514: supR3HardenedDllNotificationCallback: load 00007ffa523a0000 LB 0x00046000 C:\Windows\System32\POWRPROF.dll [fFlags=0x0]
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
1258.514: supR3HardenedDllNotificationCallback: load 00007ffa48490000 LB 0x0009d000 C:\Windows\System32\dsound.dll [fFlags=0x0]
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa48490000 'C:\Windows\System32\dsound.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa48490000 'C:\Windows\System32\dsound.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'rpcrt4.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'devobj.dll'.
1258.514: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll)WinVerifyTrust
1258.514: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
1258.514: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
1258.514: supR3HardenedDllNotificationCallback: load 00007ffa4f3a0000 LB 0x00070000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4f3a0000 'C:\Windows\System32\MMDevApi.dll'
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4f3a0000 'C:\Windows\system32\MMDEVAPI.DLL'
1258.c90: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.c90: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.c90: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.c90: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
1258.c90: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
1258.c90: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'mmdevapi.dll'.
1258.c90: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
1258.c90: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll)WinVerifyTrust
1258.c90: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
1258.c90: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
1258.c90: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
1258.c90: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll
1258.c90: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
1258.c90: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
1258.c90: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
1258.c90: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1258.c90: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1258.c90: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1258.c90: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1258.c90: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1258.c90: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.c90: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.c90: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.c90: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
1258.c90: supR3HardenedDllNotificationCallback: load 00007ffa44090000 LB 0x0007e000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0]
1258.c90: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
1258.c90: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa44090000 'C:\Windows\system32\AUDIOSES.DLL'
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4f0b0000 'C:\Windows\system32\winmm.dll'
1258.514: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e48 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
1258.514: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001475710
1258.514: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001475710
1258.514: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=39D0975C289FEE943955B8CE81B02A0395FAA747
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.514: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_779_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
1258.514: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'mmdevapi.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'user32.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'winmm.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ksuser.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'avrt.dll'.
1258.514: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv)WinVerifyTrust
1258.514: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.514: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll)WinVerifyTrust
1258.514: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.514: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll)WinVerifyTrust
1258.514: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
1258.514: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
1258.514: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
1258.514: supR3HardenedDllNotificationCallback: load 00007ffa4c510000 LB 0x00008000 C:\Windows\SYSTEM32\ksuser.dll [fFlags=0x0]
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
1258.514: supR3HardenedDllNotificationCallback: load 00007ffa50330000 LB 0x0000c000 C:\Windows\SYSTEM32\AVRT.dll [fFlags=0x0]
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
1258.514: supR3HardenedDllNotificationCallback: load 00007ffa4f930000 LB 0x0003e000 C:\Windows\system32\wdmaud.drv [fFlags=0x0]
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4f930000 'C:\Windows\system32\wdmaud.drv'
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4f930000 'C:\Windows\system32\wdmaud.drv'
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4f930000 'C:\Windows\system32\wdmaud.drv'
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4f930000 'C:\Windows\system32\wdmaud.drv'
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4f930000 'C:\Windows\system32\wdmaud.drv'
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4f930000 'C:\Windows\system32\wdmaud.drv'
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4f930000 'C:\Windows\system32\wdmaud.drv'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4f930000 'C:\Windows\system32\wdmaud.drv'
1258.514: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e74 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
1258.514: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001475710
1258.514: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001475710
1258.514: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FC41C5E1A841A83249581F1B29E14A708B8981A9
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.514: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_779_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
1258.514: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
1258.514: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv)WinVerifyTrust
1258.514: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.514: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll)WinVerifyTrust
1258.514: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
1258.514: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
1258.514: supR3HardenedDllNotificationCallback: load 00007ffa4f9c0000 LB 0x0001c000 C:\Windows\SYSTEM32\MSACM32.dll [fFlags=0x0]
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
1258.514: supR3HardenedDllNotificationCallback: load 00007ffa4fdb0000 LB 0x0000b000 C:\Windows\system32\msacm32.drv [fFlags=0x0]
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4fdb0000 'C:\Windows\system32\msacm32.drv'
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4fdb0000 'C:\Windows\system32\msacm32.drv'
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4fdb0000 'C:\Windows\system32\msacm32.drv'
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4fdb0000 'C:\Windows\system32\msacm32.drv'
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4fdb0000 'C:\Windows\system32\msacm32.drv'
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4fdb0000 'C:\Windows\system32\msacm32.drv'
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4fdb0000 'C:\Windows\system32\msacm32.drv'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4fdb0000 'C:\Windows\system32\msacm32.drv'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4fdb0000 'C:\Windows\system32\msacm32.drv'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4fdb0000 'C:\Windows\system32\msacm32.drv'
1258.514: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e78 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
1258.514: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001475710
1258.514: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001475710
1258.514: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A0F2984C30BFC77017EA7B9BF6F656853E29D991
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.514: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_779_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
1258.514: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1258.514: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
1258.514: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll)WinVerifyTrust
1258.514: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.514: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
1258.514: supR3HardenedDllNotificationCallback: load 00007ffa4fa70000 LB 0x0000a000 C:\Windows\system32\midimap.dll [fFlags=0x0]
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4fa70000 'C:\Windows\system32\midimap.dll'
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4fa70000 'C:\Windows\system32\midimap.dll'
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4fa70000 'C:\Windows\system32\midimap.dll'
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4fa70000 'C:\Windows\system32\midimap.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4f0b0000 'C:\Windows\system32\winmm.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4f0b0000 'C:\Windows\system32\winmm.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4f0b0000 'C:\Windows\system32\winmm.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4f0b0000 'C:\Windows\system32\winmm.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4f0b0000 'C:\Windows\system32\winmm.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4f0b0000 'C:\Windows\system32\winmm.dll'
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4f0b0000 'C:\Windows\system32\winmm.dll'
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4f0b0000 'C:\Windows\system32\winmm.dll'
1258.514: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1258.514: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.514: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52fc0000 'C:\Windows\system32/kernel32.dll'
1258.7cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
1258.7cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.7cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa50330000 'C:\Windows\system32\avrt.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f14 pwszName=\Device\HarddiskVolume2\Windows\System32\mscms.dll
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001475710
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa528e0000 'C:\Windows\System32\WINTRUST.DLL'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\CRYPT32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C01A2E8CE3347A322BF0830A5BC147EBA8BAD06F
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1529_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\mscms.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'userenv.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mscms.dll)WinVerifyTrust
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mscms.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume2\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mscms.dll (Input=mscms.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1258.1640: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mscms.dll
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa4f630000 LB 0x00092000 C:\Windows\system32\mscms.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mscms.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4f630000 'C:\Windows\system32\mscms.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f44 pwszName=\Device\HarddiskVolume2\Windows\System32\icm32.dll
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001475710
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=47D46A3D26A83E75181F440594F6DC145125C84E
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa51890000 'C:\Windows\system32\rsaenh.dll'
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa52700000 'C:\Windows\system32\crypt32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1529_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume2\Windows\System32\icm32.dll'
1258.1640: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1258.1640: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mscms.dll'.
1258.1640: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\icm32.dll)WinVerifyTrust
1258.1640: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\icm32.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mscms.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'mscms.dll' -> '\Device\HarddiskVolume2\Windows\System32\mscms.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mscms.dll
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1258.1640: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1258.1640: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\icm32.dll (Input=icm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1258.1640: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\icm32.dll
1258.1640: supR3HardenedDllNotificationCallback: load 00007ffa4dab0000 LB 0x00041000 C:\Windows\system32\icm32.dll [fFlags=0x0]
1258.1640: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\icm32.dll
1258.1640: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa4dab0000 'C:\Windows\system32\icm32.dll'
1258.15a8: supR3HardenedDllNotificationCallback: Unload 00007ffa4fdc0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
1258.e84: supR3HardenedDllNotificationCallback: Unload 00007ffa4fdd0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
1258.8a4: supR3HardenedDllNotificationCallback: Unload 00007ffa4fde0000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
1258.1368: supR3HardenedDllNotificationCallback: Unload 00007ffa50340000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
1258.1404: supR3HardenedDllNotificationCallback: Unload 00007ffa50380000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
1258.514: supR3HardenedDllNotificationCallback: Unload 00007ffa366d0000 LB 0x008d1000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
1258.514: supR3HardenedDllNotificationCallback: Unload 00007ffa4fe70000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
1258.514: supR3HardenedDllNotificationCallback: Unload 00007ffa3bf20000 LB 0x00056000 C:\Windows\SYSTEM32\newdev.dll [flags=0x0]
1258.514: supR3HardenedDllNotificationCallback: Unload 00007ffa4a460000 LB 0x00016000 C:\Windows\SYSTEM32\devrtl.DLL [flags=0x0]
1258.514: supR3HardenedDllNotificationCallback: Unload 00007ffa4f970000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
1258.514: supR3HardenedDllNotificationCallback: Unload 00007ffa549d0000 LB 0x001da000 C:\Windows\system32\SETUPAPI.dll [flags=0x0]
1258.514: supR3HardenedDllNotificationCallback: Unload 00007ffa4c290000 LB 0x0002a000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [flags=0x0]
1258.514: supR3HardenedDllNotificationCallback: Unload 00007ffa4c270000 LB 0x0000a000 C:\Windows\SYSTEM32\WINNSI.DLL [flags=0x0]
1258.1640: supR3HardenedDllNotificationCallback: Unload 00007ffa3eac0000 LB 0x000fb000 C:\Windows\system32\wbem\fastprox.dll [flags=0x0]
1258.1640: supR3HardenedDllNotificationCallback: Unload 00007ffa3eaa0000 LB 0x00015000 C:\Windows\system32\wbem\wbemsvc.dll [flags=0x0]
1258.1640: supR3HardenedDllNotificationCallback: Unload 00007ffa3a830000 LB 0x00011000 C:\Windows\system32\wbem\wbemprox.dll [flags=0x0]
1258.1640: supR3HardenedDllNotificationCallback: Unload 00007ffa3ee60000 LB 0x00082000 C:\Windows\SYSTEM32\wbemcomn.dll [flags=0x0]
1258.1640: supR3HardenedDllNotificationCallback: Unload 00007ffa3d000000 LB 0x004f8000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
1258.1640: Terminating the normal way: rcExit=0
12b4.7e0: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2014665 ms, the end);
b90.1320: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2015305 ms, the end);
![http://s30.postimg.org/fmjc3pb9s/logs_1.jpg[/url]](http://s30.postimg.org/fmjc3pb9s/logs_1.jpg%5B/url%5D){kind=link}
![http://s15.postimg.org/s22onj9ru/log_2.jpg[/url]](http://s15.postimg.org/s22onj9ru/log_2.jpg%5B/url%5D){kind=link}