191c.2148: Log file opened: 4.3.18r96516 g_hStartupLog=000000000000002c g_uNtVerCombined=0x611db110 191c.2148: \SystemRoot\System32\ntdll.dll: 191c.2148: CreationTime: 2013-11-03T11:01:59.244738900Z 191c.2148: LastWriteTime: 2013-11-03T11:01:59.245738400Z 191c.2148: ChangeTime: 2014-08-29T00:39:59.836030300Z 191c.2148: FileAttributes: 0x20 191c.2148: Size: 0x1a6dc0 191c.2148: NT Headers: 0xe0 191c.2148: Timestamp: 0x521eaf24 191c.2148: Machine: 0x8664 - amd64 191c.2148: Timestamp: 0x521eaf24 191c.2148: Image Version: 6.1 191c.2148: SizeOfImage: 0x1a9000 (1740800) 191c.2148: Resource Dir: 0x151000 LB 0x560d8 191c.2148: ProductName: Microsoft® Windows® Operating System 191c.2148: ProductVersion: 6.1.7601.18247 191c.2148: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532) 191c.2148: FileDescription: NT Layer DLL 191c.2148: \SystemRoot\System32\kernel32.dll: 191c.2148: CreationTime: 2014-07-10T06:14:03.134341500Z 191c.2148: LastWriteTime: 2014-07-10T06:14:03.136351000Z 191c.2148: ChangeTime: 2014-08-29T00:41:06.912595100Z 191c.2148: FileAttributes: 0x20 191c.2148: Size: 0x11c000 191c.2148: NT Headers: 0xe8 191c.2148: Timestamp: 0x5315a059 191c.2148: Machine: 0x8664 - amd64 191c.2148: Timestamp: 0x5315a059 191c.2148: Image Version: 6.1 191c.2148: SizeOfImage: 0x11f000 (1175552) 191c.2148: Resource Dir: 0x116000 LB 0x528 191c.2148: ProductName: Microsoft® Windows® Operating System 191c.2148: ProductVersion: 6.1.7601.18409 191c.2148: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 191c.2148: FileDescription: Windows NT BASE API Client DLL 191c.2148: \SystemRoot\System32\KernelBase.dll: 191c.2148: CreationTime: 2014-07-10T06:20:11.693506000Z 191c.2148: LastWriteTime: 2014-07-10T06:20:11.695512700Z 191c.2148: ChangeTime: 2014-08-29T00:41:06.928219900Z 191c.2148: FileAttributes: 0x20 191c.2148: Size: 0x67c00 191c.2148: NT Headers: 0xe8 191c.2148: Timestamp: 0x5315a05a 191c.2148: Machine: 0x8664 - amd64 191c.2148: Timestamp: 0x5315a05a 191c.2148: Image Version: 6.1 191c.2148: SizeOfImage: 0x6c000 (442368) 191c.2148: Resource Dir: 0x6a000 LB 0x530 191c.2148: ProductName: Microsoft® Windows® Operating System 191c.2148: ProductVersion: 6.1.7601.18409 191c.2148: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 191c.2148: FileDescription: Windows NT BASE API Client DLL 191c.2148: \SystemRoot\System32\apisetschema.dll: 191c.2148: CreationTime: 2013-10-15T05:09:13.656534900Z 191c.2148: LastWriteTime: 2013-10-15T05:09:13.657535900Z 191c.2148: ChangeTime: 2014-08-29T00:39:54.393257000Z 191c.2148: FileAttributes: 0x20 191c.2148: Size: 0x1a00 191c.2148: NT Headers: 0xc0 191c.2148: Timestamp: 0x51fb15ca 191c.2148: Machine: 0x8664 - amd64 191c.2148: Timestamp: 0x51fb15ca 191c.2148: Image Version: 6.1 191c.2148: SizeOfImage: 0x50000 (327680) 191c.2148: Resource Dir: 0x30000 LB 0x3f8 191c.2148: ProductName: Microsoft® Windows® Operating System 191c.2148: ProductVersion: 6.1.7601.18229 191c.2148: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533) 191c.2148: FileDescription: ApiSet Schema DLL 191c.2148: Found driver SymNetS (0x2) 191c.2148: Found driver SymDS (0x2) 191c.2148: Found driver SRTSPX (0x2) 191c.2148: Found driver SymEvent (0x2) 191c.2148: Found driver SymIRON (0x2) 191c.2148: supR3HardenedWinFindAdversaries: 0x2 191c.2148: \SystemRoot\System32\drivers\SysPlant.sys: 191c.2148: CreationTime: 2014-08-29T01:01:43.659507100Z 191c.2148: LastWriteTime: 2014-09-02T16:54:35.552810700Z 191c.2148: ChangeTime: 2014-09-02T16:54:35.552810700Z 191c.2148: FileAttributes: 0x20 191c.2148: Size: 0x25d18 191c.2148: NT Headers: 0xf8 191c.2148: Timestamp: 0x509521f1 191c.2148: Machine: 0x8664 - amd64 191c.2148: Timestamp: 0x509521f1 191c.2148: Image Version: 5.0 191c.2148: SizeOfImage: 0x2d000 (184320) 191c.2148: Resource Dir: 0x2b000 LB 0x498 191c.2148: ProductName: Symantec CMC Firewall 191c.2148: ProductVersion: 12.1.2015.2015 191c.2148: FileVersion: 12.1.2015.2015 191c.2148: FileDescription: Symantec CMC Firewall SysPlant 191c.2148: \SystemRoot\System32\sysfer.dll: 191c.2148: CreationTime: 2014-08-29T01:01:43.659507100Z 191c.2148: LastWriteTime: 2014-09-02T16:54:35.552810700Z 191c.2148: ChangeTime: 2014-09-02T16:54:35.552810700Z 191c.2148: FileAttributes: 0x20 191c.2148: Size: 0x6ffd0 191c.2148: NT Headers: 0xe8 191c.2148: Timestamp: 0x5095227d 191c.2148: Machine: 0x8664 - amd64 191c.2148: Timestamp: 0x5095227d 191c.2148: Image Version: 0.0 191c.2148: SizeOfImage: 0x87000 (552960) 191c.2148: Resource Dir: 0x85000 LB 0x630 191c.2148: ProductName: Symantec CMC Firewall 191c.2148: ProductVersion: 12.1.2015.2015 191c.2148: FileVersion: 12.1.2015.2015 191c.2148: FileDescription: Symantec CMC Firewall sysfer 191c.2148: \SystemRoot\System32\sysferThunk.dll: 191c.2148: CreationTime: 2014-08-29T01:01:43.659507100Z 191c.2148: LastWriteTime: 2014-09-02T16:54:35.552810700Z 191c.2148: ChangeTime: 2014-09-02T16:54:35.552810700Z 191c.2148: FileAttributes: 0x20 191c.2148: Size: 0x2dd0 191c.2148: NT Headers: 0xd0 191c.2148: Timestamp: 0x5095227e 191c.2148: Machine: 0x8664 - amd64 191c.2148: Timestamp: 0x5095227e 191c.2148: Image Version: 0.0 191c.2148: SizeOfImage: 0x8000 (32768) 191c.2148: Resource Dir: 0x6000 LB 0x648 191c.2148: ProductName: Symantec CMC Firewall 191c.2148: ProductVersion: 12.1.2015.2015 191c.2148: FileVersion: 12.1.2015.2015 191c.2148: FileDescription: Symantec CMC Firewall SysferThunk 191c.2148: \SystemRoot\System32\drivers\symevent64x86.sys: 191c.2148: CreationTime: 2014-08-29T01:01:56.670324100Z 191c.2148: LastWriteTime: 2014-09-02T16:54:02.671596400Z 191c.2148: ChangeTime: 2014-09-02T16:54:02.671596400Z 191c.2148: FileAttributes: 0x20 191c.2148: Size: 0x2b4a0 191c.2148: NT Headers: 0xe8 191c.2148: Timestamp: 0x50346f1e 191c.2148: Machine: 0x8664 - amd64 191c.2148: Timestamp: 0x50346f1e 191c.2148: Image Version: 6.0 191c.2148: SizeOfImage: 0x38000 (229376) 191c.2148: Resource Dir: 0x36000 LB 0x3c8 191c.2148: ProductName: SYMEVENT 191c.2148: ProductVersion: 12.9.3.1 191c.2148: FileVersion: 12.9.3.1 191c.2148: FileDescription: Symantec Event Library 191c.2148: Calling main() 191c.2148: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0 191c.2148: SUPR3HardenedMain: Respawn #1 191c.2148: System32: \Device\HarddiskVolume2\Windows\System32 191c.2148: WinSxS: \Device\HarddiskVolume2\Windows\winsxs 191c.2148: KnownDllPath: C:\WINDOWS\system32 191c.2148: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 191c.2148: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe) 191c.2148: supR3HardNtEnableThreadCreation: 191c.2148: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000778ec340 pvNtTerminateThread=00000000779117e0 191c.2148: supR3HardenedWinDoReSpawn(1): New child 4fc.22ec [kernel32]. 191c.2148: supR3HardNtChildGatherData: PebBaseAddress=000007fffffde000 cbPeb=0x380 191c.2148: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00000000778c0000 uNtDllChildAddr=00000000778c0000 191c.2148: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000778ec340 191c.2148: supR3HardenedWinSetupChildInit: Start child. 191c.2148: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 191c.2148: supR3HardNtChildPurify: Startup delay kludge #1/0: 522 ms, 52 sleeps 191c.2148: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 191c.2148: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000 191c.2148: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000 191c.2148: *0000000000030000-0000000000027fff 0x0040/0x0040 0x0020000 !! 191c.2148: supHardNtVpScanVirtualMemory: Freeing exec mem at 0000000000030000 (0000000000030000 LB 0x8000) 191c.2148: 0000000000038000-000000000002ffff 0x0001/0x0000 0x0000000 191c.2148: *0000000000040000-000000000003bfff 0x0002/0x0002 0x0040000 191c.2148: 0000000000044000-0000000000037fff 0x0001/0x0000 0x0000000 191c.2148: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000 191c.2148: 0000000000051000-ffffffffffee1fff 0x0001/0x0000 0x0000000 191c.2148: *00000000001c0000-00000000000c3fff 0x0000/0x0004 0x0020000 191c.2148: 00000000002bc000-00000000002b8fff 0x0104/0x0004 0x0020000 191c.2148: 00000000002bf000-00000000002bdfff 0x0004/0x0004 0x0020000 191c.2148: 00000000002c0000-ffffffff88cbffff 0x0001/0x0000 0x0000000 191c.2148: *00000000778c0000-00000000778befff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 191c.2148: 00000000778c1000-00000000777befff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 191c.2148: 00000000779c3000-0000000077993fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 191c.2148: 00000000779f2000-00000000779e9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 191c.2148: 00000000779fa000-00000000779f8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 191c.2148: 00000000779fb000-00000000779f7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 191c.2148: 00000000779fe000-0000000077992fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 191c.2148: 0000000077a69000-00000000704f1fff 0x0001/0x0000 0x0000000 191c.2148: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000 191c.2148: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 191c.2148: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 191c.2148: 000000007fff0000-ffffffffc051ffff 0x0001/0x0000 0x0000000 191c.2148: *000000013fac0000-000000013fabefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 191c.2148: 000000013fac1000-000000013fa3cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 191c.2148: 000000013fb45000-000000013fb43fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 191c.2148: 000000013fb46000-000000013fb08fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 191c.2148: 000000013fb83000-000000013fb81fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 191c.2148: 000000013fb84000-000000013fb82fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 191c.2148: 000000013fb85000-000000013fb82fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 191c.2148: 000000013fb87000-000000013fb85fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 191c.2148: 000000013fb88000-000000013fb86fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 191c.2148: 000000013fb89000-000000013fb84fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 191c.2148: 000000013fb8d000-000000013fb53fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 191c.2148: 000000013fbc6000-fffff8037fbabfff 0x0001/0x0000 0x0000000 191c.2148: *000007feffbe0000-000007feffbdefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll 191c.2148: 000007feffbe1000-000007fdff811fff 0x0001/0x0000 0x0000000 191c.2148: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000 191c.2148: 000007fffffd3000-000007fffffc9fff 0x0001/0x0000 0x0000000 191c.2148: *000007fffffdc000-000007fffffd9fff 0x0004/0x0004 0x0020000 191c.2148: *000007fffffde000-000007fffffdcfff 0x0004/0x0004 0x0020000 191c.2148: 000007fffffdf000-000007fffffddfff 0x0001/0x0000 0x0000000 191c.2148: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000 191c.2148: apisetschema.dll: timestamp 0x51fb15ca (rc=VINF_SUCCESS) 191c.2148: VBoxHeadless.exe: timestamp 0x5439147b (rc=VINF_SUCCESS) 191c.2148: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 191c.2148: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports 191c.2148: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 191c.2148: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x2 cPatchCount=0 191c.2148: supR3HardNtChildPurify: Startup delay kludge #1/1: 520 ms, 52 sleeps 191c.2148: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 191c.2148: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000 191c.2148: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000 191c.2148: 0000000000030000-000000000001ffff 0x0001/0x0000 0x0000000 191c.2148: *0000000000040000-000000000003bfff 0x0002/0x0002 0x0040000 191c.2148: 0000000000044000-0000000000037fff 0x0001/0x0000 0x0000000 191c.2148: *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000 191c.2148: 0000000000051000-ffffffffffee1fff 0x0001/0x0000 0x0000000 191c.2148: *00000000001c0000-00000000000c3fff 0x0000/0x0004 0x0020000 191c.2148: 00000000002bc000-00000000002b8fff 0x0104/0x0004 0x0020000 191c.2148: 00000000002bf000-00000000002bdfff 0x0004/0x0004 0x0020000 191c.2148: 00000000002c0000-ffffffff88cbffff 0x0001/0x0000 0x0000000 191c.2148: *00000000778c0000-00000000778befff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 191c.2148: 00000000778c1000-00000000777befff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 191c.2148: 00000000779c3000-0000000077993fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 191c.2148: 00000000779f2000-00000000779e9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 191c.2148: 00000000779fa000-00000000779f8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 191c.2148: 00000000779fb000-00000000779f9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 191c.2148: 00000000779fc000-00000000779f9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 191c.2148: 00000000779fe000-0000000077992fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 191c.2148: 0000000077a69000-00000000704f1fff 0x0001/0x0000 0x0000000 191c.2148: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000 191c.2148: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 191c.2148: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 191c.2148: 000000007fff0000-ffffffffc051ffff 0x0001/0x0000 0x0000000 191c.2148: *000000013fac0000-000000013fabefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 191c.2148: 000000013fac1000-000000013fa3cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 191c.2148: 000000013fb45000-000000013fb43fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 191c.2148: 000000013fb46000-000000013fb08fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 191c.2148: 000000013fb83000-000000013fb78fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 191c.2148: 000000013fb8d000-000000013fb53fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 191c.2148: 000000013fbc6000-fffff8037fbabfff 0x0001/0x0000 0x0000000 191c.2148: *000007feffbe0000-000007feffbdefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll 191c.2148: 000007feffbe1000-000007fdff811fff 0x0001/0x0000 0x0000000 191c.2148: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000 191c.2148: 000007fffffd3000-000007fffffc9fff 0x0001/0x0000 0x0000000 191c.2148: *000007fffffdc000-000007fffffd9fff 0x0004/0x0004 0x0020000 191c.2148: *000007fffffde000-000007fffffdcfff 0x0004/0x0004 0x0020000 191c.2148: 000007fffffdf000-000007fffffddfff 0x0001/0x0000 0x0000000 191c.2148: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000 191c.2148: supR3HardNtChildPurify: Done after 1092 ms and 1 fixes (loop #1). 191c.2148: supR3HardNtEnableThreadCreation: 4fc.22ec: Log file opened: 4.3.18r96516 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110 4fc.22ec: supR3HardenedVmProcessInit: uNtDllAddr=00000000778c0000 4fc.22ec: ntdll.dll: timestamp 0x521eaf24 (rc=VINF_SUCCESS) 4fc.22ec: New simple heap: #1 00000000002c0000 LB 0x400000 (for 1740800 allocation) 4fc.22ec: System32: \Device\HarddiskVolume2\Windows\System32 4fc.22ec: WinSxS: \Device\HarddiskVolume2\Windows\winsxs 4fc.22ec: KnownDllPath: C:\WINDOWS\system32 4fc.22ec: supR3HardenedVmProcessInit: Opening vboxdrv stub... 4fc.22ec: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 4fc.22ec: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 4fc.22ec: Registered Dll notification callback with NTDLL. 4fc.22ec: supR3HardenedMonitor_LdrLoadDll: 'kernel32.dll' -> 'C:\WINDOWS\system32\kernel32.dll' [rcNt=0xc0150008] 4fc.22ec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) 4fc.22ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll 4fc.22ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 4fc.22ec: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 4fc.22ec: supR3HardenedDllNotificationCallback: load 00000000777a0000 LB 0x0011f000 C:\WINDOWS\system32\kernel32.dll [fFlags=0x0] 4fc.22ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 4fc.22ec: supR3HardenedDllNotificationCallback: load 000007fefd990000 LB 0x0006c000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0] 4fc.22ec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) 4fc.22ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 4fc.22ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000777a0000 'C:\WINDOWS\system32\kernel32.dll' 4fc.22ec: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000778ec340 pvNtTerminateThread=00000000779117e0 191c.2148: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 60 ms. 4fc.22ec: \SystemRoot\System32\ntdll.dll: 4fc.22ec: CreationTime: 2013-11-03T11:01:59.244738900Z 4fc.22ec: LastWriteTime: 2013-11-03T11:01:59.245738400Z 4fc.22ec: ChangeTime: 2014-08-29T00:39:59.836030300Z 4fc.22ec: FileAttributes: 0x20 4fc.22ec: Size: 0x1a6dc0 4fc.22ec: NT Headers: 0xe0 4fc.22ec: Timestamp: 0x521eaf24 4fc.22ec: Machine: 0x8664 - amd64 4fc.22ec: Timestamp: 0x521eaf24 4fc.22ec: Image Version: 6.1 4fc.22ec: SizeOfImage: 0x1a9000 (1740800) 4fc.22ec: Resource Dir: 0x151000 LB 0x560d8 4fc.22ec: ProductName: Microsoft® Windows® Operating System 4fc.22ec: ProductVersion: 6.1.7601.18247 4fc.22ec: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532) 4fc.22ec: FileDescription: NT Layer DLL 4fc.22ec: \SystemRoot\System32\kernel32.dll: 4fc.22ec: CreationTime: 2014-07-10T06:14:03.134341500Z 4fc.22ec: LastWriteTime: 2014-07-10T06:14:03.136351000Z 4fc.22ec: ChangeTime: 2014-08-29T00:41:06.912595100Z 4fc.22ec: FileAttributes: 0x20 4fc.22ec: Size: 0x11c000 4fc.22ec: NT Headers: 0xe8 4fc.22ec: Timestamp: 0x5315a059 4fc.22ec: Machine: 0x8664 - amd64 4fc.22ec: Timestamp: 0x5315a059 4fc.22ec: Image Version: 6.1 4fc.22ec: SizeOfImage: 0x11f000 (1175552) 4fc.22ec: Resource Dir: 0x116000 LB 0x528 4fc.22ec: ProductName: Microsoft® Windows® Operating System 4fc.22ec: ProductVersion: 6.1.7601.18409 4fc.22ec: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 4fc.22ec: FileDescription: Windows NT BASE API Client DLL 4fc.22ec: \SystemRoot\System32\KernelBase.dll: 4fc.22ec: CreationTime: 2014-07-10T06:20:11.693506000Z 4fc.22ec: LastWriteTime: 2014-07-10T06:20:11.695512700Z 4fc.22ec: ChangeTime: 2014-08-29T00:41:06.928219900Z 4fc.22ec: FileAttributes: 0x20 4fc.22ec: Size: 0x67c00 4fc.22ec: NT Headers: 0xe8 4fc.22ec: Timestamp: 0x5315a05a 4fc.22ec: Machine: 0x8664 - amd64 4fc.22ec: Timestamp: 0x5315a05a 4fc.22ec: Image Version: 6.1 4fc.22ec: SizeOfImage: 0x6c000 (442368) 4fc.22ec: Resource Dir: 0x6a000 LB 0x530 4fc.22ec: ProductName: Microsoft® Windows® Operating System 4fc.22ec: ProductVersion: 6.1.7601.18409 4fc.22ec: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 4fc.22ec: FileDescription: Windows NT BASE API Client DLL 4fc.22ec: \SystemRoot\System32\apisetschema.dll: 4fc.22ec: CreationTime: 2013-10-15T05:09:13.656534900Z 4fc.22ec: LastWriteTime: 2013-10-15T05:09:13.657535900Z 4fc.22ec: ChangeTime: 2014-08-29T00:39:54.393257000Z 4fc.22ec: FileAttributes: 0x20 4fc.22ec: Size: 0x1a00 4fc.22ec: NT Headers: 0xc0 4fc.22ec: Timestamp: 0x51fb15ca 4fc.22ec: Machine: 0x8664 - amd64 4fc.22ec: Timestamp: 0x51fb15ca 4fc.22ec: Image Version: 6.1 4fc.22ec: SizeOfImage: 0x50000 (327680) 4fc.22ec: Resource Dir: 0x30000 LB 0x3f8 4fc.22ec: ProductName: Microsoft® Windows® Operating System 4fc.22ec: ProductVersion: 6.1.7601.18229 4fc.22ec: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533) 4fc.22ec: FileDescription: ApiSet Schema DLL 4fc.22ec: Found driver SymNetS (0x2) 4fc.22ec: Found driver SymDS (0x2) 4fc.22ec: Found driver SRTSPX (0x2) 4fc.22ec: Found driver SymEvent (0x2) 4fc.22ec: Found driver SymIRON (0x2) 4fc.22ec: supR3HardenedWinFindAdversaries: 0x2 4fc.22ec: \SystemRoot\System32\drivers\SysPlant.sys: 4fc.22ec: CreationTime: 2014-08-29T01:01:43.659507100Z 4fc.22ec: LastWriteTime: 2014-09-02T16:54:35.552810700Z 4fc.22ec: ChangeTime: 2014-09-02T16:54:35.552810700Z 4fc.22ec: FileAttributes: 0x20 4fc.22ec: Size: 0x25d18 4fc.22ec: NT Headers: 0xf8 4fc.22ec: Timestamp: 0x509521f1 4fc.22ec: Machine: 0x8664 - amd64 4fc.22ec: Timestamp: 0x509521f1 4fc.22ec: Image Version: 5.0 4fc.22ec: SizeOfImage: 0x2d000 (184320) 4fc.22ec: Resource Dir: 0x2b000 LB 0x498 4fc.22ec: ProductName: Symantec CMC Firewall 4fc.22ec: ProductVersion: 12.1.2015.2015 4fc.22ec: FileVersion: 12.1.2015.2015 4fc.22ec: FileDescription: Symantec CMC Firewall SysPlant 4fc.22ec: \SystemRoot\System32\sysfer.dll: 4fc.22ec: CreationTime: 2014-08-29T01:01:43.659507100Z 4fc.22ec: LastWriteTime: 2014-09-02T16:54:35.552810700Z 4fc.22ec: ChangeTime: 2014-09-02T16:54:35.552810700Z 4fc.22ec: FileAttributes: 0x20 4fc.22ec: Size: 0x6ffd0 4fc.22ec: NT Headers: 0xe8 4fc.22ec: Timestamp: 0x5095227d 4fc.22ec: Machine: 0x8664 - amd64 4fc.22ec: Timestamp: 0x5095227d 4fc.22ec: Image Version: 0.0 4fc.22ec: SizeOfImage: 0x87000 (552960) 4fc.22ec: Resource Dir: 0x85000 LB 0x630 4fc.22ec: ProductName: Symantec CMC Firewall 4fc.22ec: ProductVersion: 12.1.2015.2015 4fc.22ec: FileVersion: 12.1.2015.2015 4fc.22ec: FileDescription: Symantec CMC Firewall sysfer 4fc.22ec: \SystemRoot\System32\sysferThunk.dll: 4fc.22ec: CreationTime: 2014-08-29T01:01:43.659507100Z 4fc.22ec: LastWriteTime: 2014-09-02T16:54:35.552810700Z 4fc.22ec: ChangeTime: 2014-09-02T16:54:35.552810700Z 4fc.22ec: FileAttributes: 0x20 4fc.22ec: Size: 0x2dd0 4fc.22ec: NT Headers: 0xd0 4fc.22ec: Timestamp: 0x5095227e 4fc.22ec: Machine: 0x8664 - amd64 4fc.22ec: Timestamp: 0x5095227e 4fc.22ec: Image Version: 0.0 4fc.22ec: SizeOfImage: 0x8000 (32768) 4fc.22ec: Resource Dir: 0x6000 LB 0x648 4fc.22ec: ProductName: Symantec CMC Firewall 4fc.22ec: ProductVersion: 12.1.2015.2015 4fc.22ec: FileVersion: 12.1.2015.2015 4fc.22ec: FileDescription: Symantec CMC Firewall SysferThunk 4fc.22ec: \SystemRoot\System32\drivers\symevent64x86.sys: 4fc.22ec: CreationTime: 2014-08-29T01:01:56.670324100Z 4fc.22ec: LastWriteTime: 2014-09-02T16:54:02.671596400Z 4fc.22ec: ChangeTime: 2014-09-02T16:54:02.671596400Z 4fc.22ec: FileAttributes: 0x20 4fc.22ec: Size: 0x2b4a0 4fc.22ec: NT Headers: 0xe8 4fc.22ec: Timestamp: 0x50346f1e 4fc.22ec: Machine: 0x8664 - amd64 4fc.22ec: Timestamp: 0x50346f1e 4fc.22ec: Image Version: 6.0 4fc.22ec: SizeOfImage: 0x38000 (229376) 4fc.22ec: Resource Dir: 0x36000 LB 0x3c8 4fc.22ec: ProductName: SYMEVENT 4fc.22ec: ProductVersion: 12.9.3.1 4fc.22ec: FileVersion: 12.9.3.1 4fc.22ec: FileDescription: Symantec Event Library 4fc.22ec: Calling main() 4fc.22ec: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0 4fc.22ec: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 4fc.22ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe) 4fc.22ec: SUPR3HardenedMain: Respawn #2 4fc.22ec: supR3HardNtEnableThreadCreation: 4fc.22ec: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll) 4fc.22ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll 4fc.22ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\apphelp.dll *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 4fc.22ec: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 4fc.22ec: supR3HardenedDllNotificationCallback: load 000007fefd500000 LB 0x00057000 C:\WINDOWS\system32\apphelp.dll [fFlags=0x0] 4fc.22ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 4fc.22ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd500000 'C:\WINDOWS\system32\apphelp.dll' 4fc.22ec: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000778ec340 pvNtTerminateThread=00000000779117e0 4fc.22ec: supR3HardenedWinDoReSpawn(2): New child 1398.11c4 [kernel32]. 4fc.22ec: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380 4fc.22ec: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00000000778c0000 uNtDllChildAddr=00000000778c0000 4fc.22ec: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000778ec340 4fc.22ec: supR3HardenedWinSetupChildInit: Start child. 4fc.22ec: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 4fc.22ec: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 52 sleeps 4fc.22ec: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 4fc.22ec: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000 4fc.22ec: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000 4fc.22ec: *0000000000030000-fffffffffff33fff 0x0000/0x0004 0x0020000 4fc.22ec: 000000000012c000-0000000000128fff 0x0104/0x0004 0x0020000 4fc.22ec: 000000000012f000-000000000012dfff 0x0004/0x0004 0x0020000 4fc.22ec: *0000000000130000-0000000000127fff 0x0040/0x0040 0x0020000 !! 4fc.22ec: supHardNtVpScanVirtualMemory: Freeing exec mem at 0000000000130000 (0000000000130000 LB 0x8000) 4fc.22ec: 0000000000138000-000000000012ffff 0x0001/0x0000 0x0000000 4fc.22ec: *0000000000140000-000000000013bfff 0x0002/0x0002 0x0040000 4fc.22ec: 0000000000144000-0000000000137fff 0x0001/0x0000 0x0000000 4fc.22ec: *0000000000150000-000000000014efff 0x0004/0x0004 0x0020000 4fc.22ec: 0000000000151000-ffffffff889e1fff 0x0001/0x0000 0x0000000 4fc.22ec: *00000000778c0000-00000000778befff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 4fc.22ec: 00000000778c1000-00000000777befff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 4fc.22ec: 00000000779c3000-0000000077993fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 4fc.22ec: 00000000779f2000-00000000779e9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 4fc.22ec: 00000000779fa000-00000000779f8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 4fc.22ec: 00000000779fb000-00000000779f7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 4fc.22ec: 00000000779fe000-0000000077992fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 4fc.22ec: 0000000077a69000-00000000704f1fff 0x0001/0x0000 0x0000000 4fc.22ec: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000 4fc.22ec: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 4fc.22ec: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 4fc.22ec: 000000007fff0000-ffffffffc051ffff 0x0001/0x0000 0x0000000 4fc.22ec: *000000013fac0000-000000013fabefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 4fc.22ec: 000000013fac1000-000000013fa3cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 4fc.22ec: 000000013fb45000-000000013fb43fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 4fc.22ec: 000000013fb46000-000000013fb08fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 4fc.22ec: 000000013fb83000-000000013fb81fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 4fc.22ec: 000000013fb84000-000000013fb82fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 4fc.22ec: 000000013fb85000-000000013fb82fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 4fc.22ec: 000000013fb87000-000000013fb85fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 4fc.22ec: 000000013fb88000-000000013fb86fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 4fc.22ec: 000000013fb89000-000000013fb84fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 4fc.22ec: 000000013fb8d000-000000013fb53fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 4fc.22ec: 000000013fbc6000-fffff8037fbabfff 0x0001/0x0000 0x0000000 4fc.22ec: *000007feffbe0000-000007feffbdefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll 4fc.22ec: 000007feffbe1000-000007fdff811fff 0x0001/0x0000 0x0000000 4fc.22ec: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000 4fc.22ec: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000 4fc.22ec: *000007fffffdd000-000007fffffdafff 0x0004/0x0004 0x0020000 4fc.22ec: *000007fffffdf000-000007fffffddfff 0x0004/0x0004 0x0020000 4fc.22ec: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000 4fc.22ec: apisetschema.dll: timestamp 0x51fb15ca (rc=VINF_SUCCESS) 4fc.22ec: VBoxHeadless.exe: timestamp 0x5439147b (rc=VINF_SUCCESS) 4fc.22ec: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 4fc.22ec: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports 4fc.22ec: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 4fc.22ec: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x2 cPatchCount=0 4fc.22ec: supR3HardNtChildPurify: Startup delay kludge #1/1: 520 ms, 50 sleeps 4fc.22ec: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 4fc.22ec: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000 4fc.22ec: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000 4fc.22ec: *0000000000030000-fffffffffff33fff 0x0000/0x0004 0x0020000 4fc.22ec: 000000000012c000-0000000000128fff 0x0104/0x0004 0x0020000 4fc.22ec: 000000000012f000-000000000012dfff 0x0004/0x0004 0x0020000 4fc.22ec: 0000000000130000-000000000011ffff 0x0001/0x0000 0x0000000 4fc.22ec: *0000000000140000-000000000013bfff 0x0002/0x0002 0x0040000 4fc.22ec: 0000000000144000-0000000000137fff 0x0001/0x0000 0x0000000 4fc.22ec: *0000000000150000-000000000014efff 0x0004/0x0004 0x0020000 4fc.22ec: 0000000000151000-ffffffff889e1fff 0x0001/0x0000 0x0000000 4fc.22ec: *00000000778c0000-00000000778befff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 4fc.22ec: 00000000778c1000-00000000777befff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 4fc.22ec: 00000000779c3000-0000000077993fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 4fc.22ec: 00000000779f2000-00000000779e9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 4fc.22ec: 00000000779fa000-00000000779f8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 4fc.22ec: 00000000779fb000-00000000779f9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 4fc.22ec: 00000000779fc000-00000000779f9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 4fc.22ec: 00000000779fe000-0000000077992fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 4fc.22ec: 0000000077a69000-00000000704f1fff 0x0001/0x0000 0x0000000 4fc.22ec: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000 4fc.22ec: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 4fc.22ec: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 4fc.22ec: 000000007fff0000-ffffffffc051ffff 0x0001/0x0000 0x0000000 4fc.22ec: *000000013fac0000-000000013fabefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 4fc.22ec: 000000013fac1000-000000013fa3cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 4fc.22ec: 000000013fb45000-000000013fb43fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 4fc.22ec: 000000013fb46000-000000013fb08fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 4fc.22ec: 000000013fb83000-000000013fb78fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 4fc.22ec: 000000013fb8d000-000000013fb53fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 4fc.22ec: 000000013fbc6000-fffff8037fbabfff 0x0001/0x0000 0x0000000 4fc.22ec: *000007feffbe0000-000007feffbdefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll 4fc.22ec: 000007feffbe1000-000007fdff811fff 0x0001/0x0000 0x0000000 4fc.22ec: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000 4fc.22ec: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000 4fc.22ec: *000007fffffdd000-000007fffffdafff 0x0004/0x0004 0x0020000 4fc.22ec: *000007fffffdf000-000007fffffddfff 0x0004/0x0004 0x0020000 4fc.22ec: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000 4fc.22ec: supR3HardNtChildPurify: Done after 1080 ms and 1 fixes (loop #1). 4fc.22ec: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002c0000 LB 0x400000) 4fc.22ec: supR3HardNtEnableThreadCreation: 1398.11c4: Log file opened: 4.3.18r96516 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db110 1398.11c4: supR3HardenedVmProcessInit: uNtDllAddr=00000000778c0000 1398.11c4: ntdll.dll: timestamp 0x521eaf24 (rc=VINF_SUCCESS) 1398.11c4: New simple heap: #1 0000000000260000 LB 0x400000 (for 1740800 allocation) 1398.11c4: System32: \Device\HarddiskVolume2\Windows\System32 1398.11c4: WinSxS: \Device\HarddiskVolume2\Windows\winsxs 1398.11c4: KnownDllPath: C:\WINDOWS\system32 1398.11c4: supR3HardenedVmProcessInit: Opening vboxdrv... 1398.11c4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 1398.11c4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 1398.11c4: Registered Dll notification callback with NTDLL. 1398.11c4: supR3HardenedMonitor_LdrLoadDll: 'kernel32.dll' -> 'C:\WINDOWS\system32\kernel32.dll' [rcNt=0xc0150008] 1398.11c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 1398.11c4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedDllNotificationCallback: load 00000000777a0000 LB 0x0011f000 C:\WINDOWS\system32\kernel32.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fefd990000 LB 0x0006c000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0] 1398.11c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000777a0000 'C:\WINDOWS\system32\kernel32.dll' 1398.11c4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000778ec340 pvNtTerminateThread=00000000779117e0 4fc.22ec: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 70 ms. 1398.11c4: \SystemRoot\System32\ntdll.dll: 1398.11c4: CreationTime: 2013-11-03T11:01:59.244738900Z 1398.11c4: LastWriteTime: 2013-11-03T11:01:59.245738400Z 1398.11c4: ChangeTime: 2014-08-29T00:39:59.836030300Z 1398.11c4: FileAttributes: 0x20 1398.11c4: Size: 0x1a6dc0 1398.11c4: NT Headers: 0xe0 1398.11c4: Timestamp: 0x521eaf24 1398.11c4: Machine: 0x8664 - amd64 1398.11c4: Timestamp: 0x521eaf24 1398.11c4: Image Version: 6.1 1398.11c4: SizeOfImage: 0x1a9000 (1740800) 1398.11c4: Resource Dir: 0x151000 LB 0x560d8 1398.11c4: ProductName: Microsoft® Windows® Operating System 1398.11c4: ProductVersion: 6.1.7601.18247 1398.11c4: FileVersion: 6.1.7601.18247 (win7sp1_gdr.130828-1532) 1398.11c4: FileDescription: NT Layer DLL 1398.11c4: \SystemRoot\System32\kernel32.dll: 1398.11c4: CreationTime: 2014-07-10T06:14:03.134341500Z 1398.11c4: LastWriteTime: 2014-07-10T06:14:03.136351000Z 1398.11c4: ChangeTime: 2014-08-29T00:41:06.912595100Z 1398.11c4: FileAttributes: 0x20 1398.11c4: Size: 0x11c000 1398.11c4: NT Headers: 0xe8 1398.11c4: Timestamp: 0x5315a059 1398.11c4: Machine: 0x8664 - amd64 1398.11c4: Timestamp: 0x5315a059 1398.11c4: Image Version: 6.1 1398.11c4: SizeOfImage: 0x11f000 (1175552) 1398.11c4: Resource Dir: 0x116000 LB 0x528 1398.11c4: ProductName: Microsoft® Windows® Operating System 1398.11c4: ProductVersion: 6.1.7601.18409 1398.11c4: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 1398.11c4: FileDescription: Windows NT BASE API Client DLL 1398.11c4: \SystemRoot\System32\KernelBase.dll: 1398.11c4: CreationTime: 2014-07-10T06:20:11.693506000Z 1398.11c4: LastWriteTime: 2014-07-10T06:20:11.695512700Z 1398.11c4: ChangeTime: 2014-08-29T00:41:06.928219900Z 1398.11c4: FileAttributes: 0x20 1398.11c4: Size: 0x67c00 1398.11c4: NT Headers: 0xe8 1398.11c4: Timestamp: 0x5315a05a 1398.11c4: Machine: 0x8664 - amd64 1398.11c4: Timestamp: 0x5315a05a 1398.11c4: Image Version: 6.1 1398.11c4: SizeOfImage: 0x6c000 (442368) 1398.11c4: Resource Dir: 0x6a000 LB 0x530 1398.11c4: ProductName: Microsoft® Windows® Operating System 1398.11c4: ProductVersion: 6.1.7601.18409 1398.11c4: FileVersion: 6.1.7601.18409 (win7sp1_gdr.140303-2144) 1398.11c4: FileDescription: Windows NT BASE API Client DLL 1398.11c4: \SystemRoot\System32\apisetschema.dll: 1398.11c4: CreationTime: 2013-10-15T05:09:13.656534900Z 1398.11c4: LastWriteTime: 2013-10-15T05:09:13.657535900Z 1398.11c4: ChangeTime: 2014-08-29T00:39:54.393257000Z 1398.11c4: FileAttributes: 0x20 1398.11c4: Size: 0x1a00 1398.11c4: NT Headers: 0xc0 1398.11c4: Timestamp: 0x51fb15ca 1398.11c4: Machine: 0x8664 - amd64 1398.11c4: Timestamp: 0x51fb15ca 1398.11c4: Image Version: 6.1 1398.11c4: SizeOfImage: 0x50000 (327680) 1398.11c4: Resource Dir: 0x30000 LB 0x3f8 1398.11c4: ProductName: Microsoft® Windows® Operating System 1398.11c4: ProductVersion: 6.1.7601.18229 1398.11c4: FileVersion: 6.1.7601.18229 (win7sp1_gdr.130801-1533) 1398.11c4: FileDescription: ApiSet Schema DLL 1398.11c4: Found driver SymNetS (0x2) 1398.11c4: Found driver SymDS (0x2) 1398.11c4: Found driver SRTSPX (0x2) 1398.11c4: Found driver SymEvent (0x2) 1398.11c4: Found driver SymIRON (0x2) 1398.11c4: supR3HardenedWinFindAdversaries: 0x2 1398.11c4: \SystemRoot\System32\drivers\SysPlant.sys: 1398.11c4: CreationTime: 2014-08-29T01:01:43.659507100Z 1398.11c4: LastWriteTime: 2014-09-02T16:54:35.552810700Z 1398.11c4: ChangeTime: 2014-09-02T16:54:35.552810700Z 1398.11c4: FileAttributes: 0x20 1398.11c4: Size: 0x25d18 1398.11c4: NT Headers: 0xf8 1398.11c4: Timestamp: 0x509521f1 1398.11c4: Machine: 0x8664 - amd64 1398.11c4: Timestamp: 0x509521f1 1398.11c4: Image Version: 5.0 1398.11c4: SizeOfImage: 0x2d000 (184320) 1398.11c4: Resource Dir: 0x2b000 LB 0x498 1398.11c4: ProductName: Symantec CMC Firewall 1398.11c4: ProductVersion: 12.1.2015.2015 1398.11c4: FileVersion: 12.1.2015.2015 1398.11c4: FileDescription: Symantec CMC Firewall SysPlant 1398.11c4: \SystemRoot\System32\sysfer.dll: 1398.11c4: CreationTime: 2014-08-29T01:01:43.659507100Z 1398.11c4: LastWriteTime: 2014-09-02T16:54:35.552810700Z 1398.11c4: ChangeTime: 2014-09-02T16:54:35.552810700Z 1398.11c4: FileAttributes: 0x20 1398.11c4: Size: 0x6ffd0 1398.11c4: NT Headers: 0xe8 1398.11c4: Timestamp: 0x5095227d 1398.11c4: Machine: 0x8664 - amd64 1398.11c4: Timestamp: 0x5095227d 1398.11c4: Image Version: 0.0 1398.11c4: SizeOfImage: 0x87000 (552960) 1398.11c4: Resource Dir: 0x85000 LB 0x630 1398.11c4: ProductName: Symantec CMC Firewall 1398.11c4: ProductVersion: 12.1.2015.2015 1398.11c4: FileVersion: 12.1.2015.2015 1398.11c4: FileDescription: Symantec CMC Firewall sysfer 1398.11c4: \SystemRoot\System32\sysferThunk.dll: 1398.11c4: CreationTime: 2014-08-29T01:01:43.659507100Z 1398.11c4: LastWriteTime: 2014-09-02T16:54:35.552810700Z 1398.11c4: ChangeTime: 2014-09-02T16:54:35.552810700Z 1398.11c4: FileAttributes: 0x20 1398.11c4: Size: 0x2dd0 1398.11c4: NT Headers: 0xd0 1398.11c4: Timestamp: 0x5095227e 1398.11c4: Machine: 0x8664 - amd64 1398.11c4: Timestamp: 0x5095227e 1398.11c4: Image Version: 0.0 1398.11c4: SizeOfImage: 0x8000 (32768) 1398.11c4: Resource Dir: 0x6000 LB 0x648 1398.11c4: ProductName: Symantec CMC Firewall 1398.11c4: ProductVersion: 12.1.2015.2015 1398.11c4: FileVersion: 12.1.2015.2015 1398.11c4: FileDescription: Symantec CMC Firewall SysferThunk 1398.11c4: \SystemRoot\System32\drivers\symevent64x86.sys: 1398.11c4: CreationTime: 2014-08-29T01:01:56.670324100Z 1398.11c4: LastWriteTime: 2014-09-02T16:54:02.671596400Z 1398.11c4: ChangeTime: 2014-09-02T16:54:02.671596400Z 1398.11c4: FileAttributes: 0x20 1398.11c4: Size: 0x2b4a0 1398.11c4: NT Headers: 0xe8 1398.11c4: Timestamp: 0x50346f1e 1398.11c4: Machine: 0x8664 - amd64 1398.11c4: Timestamp: 0x50346f1e 1398.11c4: Image Version: 6.0 1398.11c4: SizeOfImage: 0x38000 (229376) 1398.11c4: Resource Dir: 0x36000 LB 0x3c8 1398.11c4: ProductName: SYMEVENT 1398.11c4: ProductVersion: 12.9.3.1 1398.11c4: FileVersion: 12.9.3.1 1398.11c4: FileDescription: Symantec Event Library 1398.11c4: Calling main() 1398.11c4: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0 1398.11c4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 1398.11c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.exe) 1398.11c4: SUPR3HardenedMain: Final process, opening VBoxDrv... 1398.11c4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000260000 LB 0x400000) 1398.11c4: supR3HardNtEnableThreadCreation: 1398.11c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL *pfFlags=0x0 pwszSearchPath=0000000000674900:C:\WINDOWS\system32 [calling] 1398.11c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fef4a60000 LB 0x00004000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4a60000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4a60000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4a60000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 1398.11c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll) 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1398.11c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll) 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 1398.11c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll) 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'. 1398.11c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll) 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.11c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll) 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll *pfFlags=0x0 pwszSearchPath=0000000000674900:C:\WINDOWS\system32 [calling] 1398.11c4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fefd910000 LB 0x0003a000 C:\WINDOWS\system32\Wintrust.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fefdca0000 LB 0x0009f000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fefd790000 LB 0x0016c000 C:\WINDOWS\system32\CRYPT32.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fefd700000 LB 0x0000f000 C:\WINDOWS\system32\MSASN1.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fefedf0000 LB 0x0012d000 C:\WINDOWS\system32\RPCRT4.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd910000 'C:\WINDOWS\system32\Wintrust.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: 'CRYPTSP.dll' -> 'C:\WINDOWS\system32\CRYPTSP.dll' [rcNt=0xc0150008] 1398.11c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll) 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPTSP.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fefcfc0000 LB 0x00017000 C:\WINDOWS\system32\CRYPTSP.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfc0000 'C:\WINDOWS\system32\CRYPTSP.dll' 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1398.11c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll) 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fefcbb0000 LB 0x00047000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcbb0000 'C:\WINDOWS\system32\rsaenh.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: 'ADVAPI32.dll' -> 'C:\WINDOWS\system32\ADVAPI32.dll' [rcNt=0xc0150008] 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. 1398.11c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll) 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ADVAPI32.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fefde10000 LB 0x000db000 C:\WINDOWS\system32\ADVAPI32.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'. 1398.11c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll) 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll 1398.11c4: supR3HardenedDllNotificationCallback: load 000007feff8b0000 LB 0x0001f000 C:\WINDOWS\SYSTEM32\sechost.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde10000 'C:\WINDOWS\system32\ADVAPI32.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: 'CRYPTBASE.dll' -> 'C:\WINDOWS\system32\CRYPTBASE.dll' [rcNt=0xc0150008] 1398.11c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll) 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPTBASE.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fefd560000 LB 0x0000f000 C:\WINDOWS\system32\CRYPTBASE.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd560000 'C:\WINDOWS\system32\CRYPTBASE.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: 'kernel32.dll' -> 'C:\WINDOWS\system32\kernel32.dll' [rcNt=0xc0150008] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000777a0000 'C:\WINDOWS\system32\kernel32.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: 'WINTRUST.DLL' -> 'C:\WINDOWS\system32\WINTRUST.DLL' [rcNt=0xc0150008] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\WINTRUST.DLL *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd910000 'C:\WINDOWS\system32\WINTRUST.DLL' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPT32.dll *pfFlags=0x1002 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd790000 'C:\WINDOWS\system32\CRYPT32.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: 'imagehlp.dll' -> 'C:\WINDOWS\system32\imagehlp.dll' [rcNt=0xc0150008] 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'. 1398.11c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll) 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\imagehlp.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fefef20000 LB 0x00019000 C:\WINDOWS\system32\imagehlp.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef20000 'C:\WINDOWS\system32\imagehlp.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: 'CRYPTSP.dll' -> 'C:\WINDOWS\system32\CRYPTSP.dll' [rcNt=0xc0150008] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPTSP.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfc0000 'C:\WINDOWS\system32\CRYPTSP.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: 'USER32.dll' -> 'C:\WINDOWS\system32\USER32.dll' [rcNt=0xc0150008] 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 1398.11c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll) 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'. 1398.11c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll) 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'. 1398.11c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll) 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'. 1398.11c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll) 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\USER32.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedDllNotificationCallback: load 00000000776a0000 LB 0x000fa000 C:\WINDOWS\system32\USER32.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fefdb90000 LB 0x00067000 C:\WINDOWS\system32\GDI32.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fefef40000 LB 0x0000e000 C:\WINDOWS\system32\LPK.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedDllNotificationCallback: load 000007feff700000 LB 0x000c9000 C:\WINDOWS\system32\USP10.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: 'gdi32.dll' -> 'C:\WINDOWS\system32\gdi32.dll' [rcNt=0xc0150008] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\gdi32.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb90000 'C:\WINDOWS\system32\gdi32.dll' 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'. 1398.11c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll) 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'. 1398.11c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll) 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fefdb60000 LB 0x0002e000 C:\WINDOWS\system32\IMM32.DLL [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedDllNotificationCallback: load 000007feff360000 LB 0x00109000 C:\WINDOWS\system32\MSCTF.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb60000 'C:\WINDOWS\system32\IMM32.DLL' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000776a0000 'C:\WINDOWS\system32\USER32.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: 'ncrypt.dll' -> 'C:\WINDOWS\system32\ncrypt.dll' [rcNt=0xc0150008] 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'. 1398.11c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll) 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 1398.11c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll) 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ncrypt.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fefd070000 LB 0x0004d000 C:\WINDOWS\system32\ncrypt.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fefd040000 LB 0x00022000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd070000 'C:\WINDOWS\system32\ncrypt.dll' 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'. 1398.11c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll) 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fefcb10000 LB 0x0004c000 C:\WINDOWS\system32\bcryptprimitives.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb10000 'C:\WINDOWS\system32\bcryptprimitives.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: 'bcrypt.dll' -> 'C:\WINDOWS\system32\bcrypt.dll' [rcNt=0xc0150008] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd040000 'C:\WINDOWS\system32\bcrypt.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: 'USERENV.dll' -> 'C:\WINDOWS\system32\USERENV.dll' [rcNt=0xc0150008] 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'. 1398.11c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll) 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1398.11c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll) 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\USERENV.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fefd730000 LB 0x0001e000 C:\WINDOWS\system32\USERENV.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fefd710000 LB 0x0000f000 C:\WINDOWS\system32\profapi.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd730000 'C:\WINDOWS\system32\USERENV.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: 'GPAPI.dll' -> 'C:\WINDOWS\system32\GPAPI.dll' [rcNt=0xc0150008] 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'. 1398.11c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll) 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\GPAPI.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fefc9b0000 LB 0x0001b000 C:\WINDOWS\system32\GPAPI.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc9b0000 'C:\WINDOWS\system32\GPAPI.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8b0000 'API-MS-WIN-Service-Management-L1-1-0.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: 'rpcrt4.dll' -> 'C:\WINDOWS\system32\rpcrt4.dll' [rcNt=0xc0150008] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rpcrt4.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefedf0000 'C:\WINDOWS\system32\rpcrt4.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8b0000 'API-MS-WIN-Service-Management-L2-1-0.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: 'cryptnet.dll' -> 'C:\WINDOWS\system32\cryptnet.dll' [rcNt=0xc0150008] 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'. 1398.11c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll) 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1398.11c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll) 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fef2c00000 LB 0x00027000 C:\WINDOWS\system32\cryptnet.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedDllNotificationCallback: load 000007feffb70000 LB 0x00052000 C:\WINDOWS\system32\WLDAP32.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2c00000 'C:\WINDOWS\system32\cryptnet.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2c00000 'C:\WINDOWS\system32\cryptnet.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2c00000 'C:\WINDOWS\system32\cryptnet.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2c00000 'C:\WINDOWS\system32\cryptnet.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2c00000 'C:\WINDOWS\system32\cryptnet.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2c00000 'C:\WINDOWS\system32\cryptnet.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2c00000 'C:\WINDOWS\system32\cryptnet.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2c00000 'C:\WINDOWS\system32\cryptnet.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2c00000 'C:\WINDOWS\system32\cryptnet.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2c00000 'C:\WINDOWS\system32\cryptnet.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll *pfFlags=0x1002 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2c00000 'C:\WINDOWS\system32\cryptnet.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2c00000 'C:\WINDOWS\system32\cryptnet.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: 'cryptnet.dll' -> 'C:\WINDOWS\system32\cryptnet.dll' [rcNt=0xc0150008] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2c00000 'C:\WINDOWS\system32\cryptnet.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: 'profapi.dll' -> 'C:\WINDOWS\system32\profapi.dll' [rcNt=0xc0150008] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\profapi.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd710000 'C:\WINDOWS\system32\profapi.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: 'SHLWAPI.dll' -> 'C:\WINDOWS\system32\SHLWAPI.dll' [rcNt=0xc0150008] 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. 1398.11c4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll) 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHLWAPI.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fefdd40000 LB 0x00071000 C:\WINDOWS\system32\SHLWAPI.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd40000 'C:\WINDOWS\system32\SHLWAPI.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=771D512B7B1C39F0393BD4EF9FC62F442783FB35 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8b0000 'API-MS-WIN-Service-Management-L1-1-0.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8b0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: 'ADVAPI32.dll' -> 'C:\WINDOWS\system32\ADVAPI32.dll' [rcNt=0xc0150008] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ADVAPI32.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde10000 'C:\WINDOWS\system32\ADVAPI32.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8b0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8b0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2882822~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\SystemRoot\System32\ntdll.dll' 1398.11c4: g_pfnWinVerifyTrust=000007fefd911010 1398.11c4: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust] 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CF258E1DA85AD69891395F6F7501E1D54F2DFED8 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_112_for_KB2868626~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' 1398.11c4: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust] 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=80662AB761CF56CEC7909E5D03289BC65B4457A8 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB2862966~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000394 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000388 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000384 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C1C670A9871F2BD448B2F0FA6127AC7A486B8D8F 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB2862966~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000260 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001cc pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c8 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll' 1398.11c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a0 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000019c pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=79EA9CBEF21789D2261F797DD2A1624A054306AB 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_52_for_KB2973337~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=803AF52F95A9EFDFDA06C595023831EE36ACD3A8 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000178 pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F1AA8340DE02FC1B6341EE2706E55D56EDF63B8 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2957509~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000174 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6FCA4D678614C8615E6E5C082BF3A4562FCF14EB 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2847311~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000170 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AEB59C2353484ADF282BEA358113ABD82C223B9 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2993651~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000016c pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B723D1B8AD72750B0CF5F6BEC66171B1254ED879 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000168 pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000124 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A965CC5DB13A5FB23BBB1B6B5FA6D400DC49462F 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000118 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000010c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7C0A1C638CE7C1160F49C473EC1420BD3AB693C4 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2882822~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' 1398.11c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000108 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=40667EDBA9045D4A4BE1D4844665D3B88F8CD0E0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e8 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03E871CFC4A3E7194619AFC99CEEA1EC75982D12 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2978668~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' 1398.11c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=57EB6F834C5A5D9585A660D91756134028A3B089 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB2871997~31bf3856ad364e35~amd64~~6.1.2.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5349346AE66DA4E3A7206628F484AC3B3AA43776 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB2871997~31bf3856ad364e35~amd64~~6.1.2.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll *pfFlags=0x0 pwszSearchPath=00000000007695b0:C:\WINDOWS\system32 [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd790000 'C:\WINDOWS\system32\crypt32.dll' 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0xb092d1b715a2cb00 DC=com, DC=dreamworks, DC=win, CN=win-DREAMWORKS-CorpCA 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp. 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0x91e3728b8b40d000 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048) 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0x20b7075b3689b600 C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0x9259c8abe5ca713a L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 Policy Validation Authority, CN=http://www.valicert.com/, Email=info@valicert.com 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0x8c7a0dad62269806 C=US, ST=California, L=Glendale, O=DreamWorks Animation, OU=Animation Technology, CN=www.dreamworksanimation.com, Email=wheel@dreamworksanimation.com 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0x69a1b6ba07a3c000 ST=California, L=Glendale, O=DreamWorks Animation SKG Inc., OU=Information Technology, CN=Information Security, Email=infosec@dreamworks.com 1398.11c4: supR3HardenedWinIsDesiredRootCA: Adding 0xb092d1b715a2cb00 DC=com, DC=dreamworks, DC=win, CN=win-DREAMWORKS-CorpCA 1398.11c4: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=42 1398.11c4: SUPR3HardenedMain: Load Runtime... 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. 1398.11c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll)WinVerifyTrust 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000430 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'. 1398.11c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll)WinVerifyTrust 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1398.11c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll)WinVerifyTrust 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1398.11c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)WinVerifyTrust 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000448 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)WinVerifyTrust 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=00000000006eaff0:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.11c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fedb050000 LB 0x0052f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 1398.11c4: supR3HardenedDllNotificationCallback: load 000000005bd00000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 1398.11c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 1398.11c4: supR3HardenedDllNotificationCallback: load 0000000057750000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fefddc0000 LB 0x0004d000 C:\WINDOWS\system32\WS2_32.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 1398.11c4: supR3HardenedDllNotificationCallback: load 000007feff8d0000 LB 0x00008000 C:\WINDOWS\system32\NSI.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll *pfFlags=0x0 pwszSearchPath=0000000000675360:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\Dell\Dell Data Protection\Encryption\;C:\HashiCorp\Vagrant\bin;C:\HashiCorp\Packer\0.7.1;c:\Program Files (x86)\git\bin;c:\go\bin [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb050000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll *pfFlags=0x0 pwszSearchPath=000000000076fb50:C:\WINDOWS\system32 [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd910000 'C:\WINDOWS\system32\Wintrust.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll *pfFlags=0x0 pwszSearchPath=000000000076fb50:C:\WINDOWS\system32 [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd790000 'C:\WINDOWS\system32\crypt32.dll' 1398.11c4: SUPR3HardenedMain: Load TrustedMain... 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxrt.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'. 1398.11c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.dll)WinVerifyTrust 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000488 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C1D7CC9111C6B5A59641FA11BE0A6A1841FEBBCD 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2564958~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'. 1398.11c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll)WinVerifyTrust 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000494 pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E64AE329BD5124592BC8CB0B327AA3B95DC65B7 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 1398.11c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll)WinVerifyTrust 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll *pfFlags=0x0 pwszSearchPath=00000000006eaff0:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.11c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.dll 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fef4a70000 LB 0x00058000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxHeadless.dll 1398.11c4: supR3HardenedDllNotificationCallback: load 000007feff8e0000 LB 0x00203000 C:\WINDOWS\system32\ole32.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 1398.11c4: supR3HardenedDllNotificationCallback: load 000007feff7d0000 LB 0x000d7000 C:\WINDOWS\system32\OLEAUT32.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4a70000 'C:\Program Files\Oracle\VirtualBox\VBoxHeadless.dll' 1398.11c4: SUPR3HardenedMain: Calling TrustedMain (000007fef4a7afe0)... 1398.11c4: supR3HardenedMonitor_LdrLoadDll: 'CRYPTBASE.dll' -> 'C:\WINDOWS\system32\CRYPTBASE.dll' [rcNt=0xc0150008] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPTBASE.dll *pfFlags=0x0 pwszSearchPath=00000000006eaff0:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd560000 'C:\WINDOWS\system32\CRYPTBASE.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: 'CLBCatQ.DLL' -> 'C:\WINDOWS\system32\CLBCatQ.DLL' [rcNt=0xc0150008] 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c0 pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'. 1398.11c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll)WinVerifyTrust 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CLBCatQ.DLL *pfFlags=0x0 pwszSearchPath=00000000006eaff0:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.11c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fefdac0000 LB 0x00099000 C:\WINDOWS\system32\CLBCatQ.DLL [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdac0000 'C:\WINDOWS\system32\CLBCatQ.DLL' 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'. 1398.11c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll)WinVerifyTrust 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll *pfFlags=0x0 pwszSearchPath=00000000007339f0:C:\Program Files\Oracle\VirtualBox;C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.11c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fed9e70000 LB 0x004e7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed9e70000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: 'ADVAPI32.dll' -> 'C:\WINDOWS\system32\ADVAPI32.dll' [rcNt=0xc0150008] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ADVAPI32.dll *pfFlags=0x0 pwszSearchPath=00000000006eb620:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde10000 'C:\WINDOWS\system32\ADVAPI32.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: 'CRYPTSP.dll' -> 'C:\WINDOWS\system32\CRYPTSP.dll' [rcNt=0xc0150008] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPTSP.dll *pfFlags=0x0 pwszSearchPath=00000000006eb3e0:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfc0000 'C:\WINDOWS\system32\CRYPTSP.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: 'RpcRtRemote.dll' -> 'C:\WINDOWS\system32\RpcRtRemote.dll' [rcNt=0xc0150008] 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f0 pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'. 1398.11c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll)WinVerifyTrust 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\RpcRtRemote.dll *pfFlags=0x0 pwszSearchPath=00000000006eb3e0:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.11c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fefd650000 LB 0x00014000 C:\WINDOWS\system32\RpcRtRemote.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd650000 'C:\WINDOWS\system32\RpcRtRemote.dll' 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll *pfFlags=0x0 pwszSearchPath=00000000009d2f20:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff7d0000 'C:\Windows\system32\oleaut32.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: 'SXS.DLL' -> 'C:\WINDOWS\system32\SXS.DLL' [rcNt=0xc0150008] 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000050c pwszName=\Device\HarddiskVolume2\Windows\System32\sxs.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FCAC019C19F878C2B628662A84ECE75A01818BC9 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\sxs.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sxs.dll)WinVerifyTrust 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sxs.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SXS.DLL *pfFlags=0x0 pwszSearchPath=00000000006eb860:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.11c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fefd5b0000 LB 0x00091000 C:\WINDOWS\system32\SXS.DLL [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5b0000 'C:\WINDOWS\system32\SXS.DLL' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: 'ADVAPI32.dll' -> 'C:\WINDOWS\system32\ADVAPI32.dll' [rcNt=0xc0150008] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ADVAPI32.dll *pfFlags=0x0 pwszSearchPath=00000000006eb860:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde10000 'C:\WINDOWS\system32\ADVAPI32.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: 'OLEAUT32' -> 'C:\WINDOWS\system32\OLEAUT32.dll' [rcNt=0xc0150008] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll *pfFlags=0x0 pwszSearchPath=00000000006eb860:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff7d0000 'C:\WINDOWS\system32\OLEAUT32.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: 'ole32.dll' -> 'C:\WINDOWS\system32\ole32.dll' [rcNt=0xc0150008] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll *pfFlags=0x0 pwszSearchPath=00000000006ebd70:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8e0000 'C:\WINDOWS\system32\ole32.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: 'OLEAUT32.dll' -> 'C:\WINDOWS\system32\OLEAUT32.dll' [rcNt=0xc0150008] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll *pfFlags=0x0 pwszSearchPath=00000000006ebd70:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff7d0000 'C:\WINDOWS\system32\OLEAUT32.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000610 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'. 1398.11c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll)WinVerifyTrust 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000061c pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'. 1398.11c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll)WinVerifyTrust 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll *pfFlags=0x0 pwszSearchPath=00000000007589e0:C:\WINDOWS\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.11c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fef9f90000 LB 0x0000f000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll 1398.11c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fef9820000 LB 0x00086000 C:\WINDOWS\system32\wbemcomn.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9f90000 'C:\WINDOWS\system32\wbem\wbemprox.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000644 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'. 1398.11c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll)WinVerifyTrust 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll *pfFlags=0x0 pwszSearchPath=00000000007596a0:C:\WINDOWS\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.11c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fef1f20000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1f20000 'C:\WINDOWS\system32\wbem\wbemsvc.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000648 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'. 1398.11c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll)WinVerifyTrust 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000628 pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' 1398.11c4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'. 1398.11c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'. 1398.11c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll)WinVerifyTrust 1398.11c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.11c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.11c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll *pfFlags=0x0 pwszSearchPath=00000000007589e0:C:\WINDOWS\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.11c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fef2310000 LB 0x000e2000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll 1398.11c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll 1398.11c4: supR3HardenedDllNotificationCallback: load 000007fef22e0000 LB 0x00027000 C:\WINDOWS\system32\NTDSAPI.dll [fFlags=0x0] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2310000 'C:\WINDOWS\system32\wbem\fastprox.dll' 1398.11c4: supR3HardenedMonitor_LdrLoadDll: 'OLEAUT32.dll' -> 'C:\WINDOWS\system32\OLEAUT32.dll' [rcNt=0xc0150008] 1398.11c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 1398.11c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll *pfFlags=0x0 pwszSearchPath=00000000006eb980:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.11c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff7d0000 'C:\WINDOWS\system32\OLEAUT32.dll' 1398.1fb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1398.1fb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'. 1398.1fb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1398.1fb8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll)WinVerifyTrust 1398.1fb8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 1398.1fb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1398.1fb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1398.1fb8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.1fb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'... 1398.1fb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008] 1398.1fb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'. 1398.1fb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 1398.1fb8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'. 1398.1fb8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll)WinVerifyTrust 1398.1fb8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll 1398.1fb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1398.1fb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1398.1fb8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 1398.1fb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.1fb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.1fb8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 1398.1fb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 1398.1fb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 1398.1fb8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 1398.1fb8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1398.1fb8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1398.1fb8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.1fb8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL *pfFlags=0x0 pwszSearchPath=00000000006ebce0:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.1fb8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 1398.1fb8: supR3HardenedDllNotificationCallback: load 000007fedabe0000 LB 0x00260000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0] 1398.1fb8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 1398.1fb8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll 1398.1fb8: supR3HardenedDllNotificationCallback: load 000000006bd70000 LB 0x00109000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0] 1398.1fb8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll 1398.1fb8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedabe0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL' 1398.23d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1398.23d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 1398.23d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1398.23d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 1398.23d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll)WinVerifyTrust 1398.23d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll 1398.23d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1398.23d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1398.23d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll 1398.23d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1398.23d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1398.23d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.23d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 1398.23d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 1398.23d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 1398.23d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1398.23d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1398.23d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 1398.23d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL *pfFlags=0x0 pwszSearchPath=00000000006ebc50:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.23d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll 1398.23d8: supR3HardenedDllNotificationCallback: load 000007fef4a10000 LB 0x00009000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0] 1398.23d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll 1398.23d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4a10000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL' 1398.2198: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000734 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll 1398.2198: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.2198: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.2198: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21 1398.2198: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' 1398.2198: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.2198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1398.2198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 1398.2198: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'. 1398.2198: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll)WinVerifyTrust 1398.2198: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 1398.2198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1398.2198: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1398.2198: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll 1398.2198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1398.2198: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1398.2198: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll 1398.2198: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.2198: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.2198: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 1398.2198: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll *pfFlags=0x0 pwszSearchPath=00000000009d2f20:C:\WINDOWS\system32;C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.2198: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 1398.2198: supR3HardenedDllNotificationCallback: load 000007fef9bd0000 LB 0x00056000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0] 1398.2198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 1398.2198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9bd0000 'C:\WINDOWS\system32\uxtheme.dll' 1398.2198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 1398.2198: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll *pfFlags=0x0 pwszSearchPath=00000000009d2f20:C:\WINDOWS\system32;C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.2198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9bd0000 'C:\WINDOWS\system32\uxtheme.dll' 1398.2198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 1398.2198: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll *pfFlags=0x0 pwszSearchPath=00000000009d3ad0:C:\WINDOWS\system32;C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.2198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9bd0000 'C:\WINDOWS\system32\uxtheme.dll' 1398.2198: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 1398.2198: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll *pfFlags=0x0 pwszSearchPath=00000000009d3ad0:C:\WINDOWS\system32;C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.2198: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9bd0000 'C:\WINDOWS\system32\uxtheme.dll' 1398.21c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1398.21c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 1398.21c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll)WinVerifyTrust 1398.21c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll 1398.21c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1398.21c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1398.21c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.21c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1398.21c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1398.21c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 1398.21c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL *pfFlags=0x0 pwszSearchPath=0000000002acf2a0:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.21c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll 1398.21c8: supR3HardenedDllNotificationCallback: load 000007fef4a00000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0] 1398.21c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll 1398.21c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4a00000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL' 1398.2064: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1398.2064: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 1398.2064: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1398.2064: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll)WinVerifyTrust 1398.2064: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll 1398.2064: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1398.2064: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1398.2064: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.2064: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1398.2064: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 1398.2064: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 1398.2064: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1398.2064: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1398.2064: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 1398.2064: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL *pfFlags=0x0 pwszSearchPath=0000000002acf2a0:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.2064: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll 1398.2064: supR3HardenedDllNotificationCallback: load 000007fef49f0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0] 1398.2064: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll 1398.2064: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef49f0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL' 1398.1f3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1398.1f3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'. 1398.1f3c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1398.1f3c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll)WinVerifyTrust 1398.1f3c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll 1398.1f3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1398.1f3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1398.1f3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.1f3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1398.1f3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 1398.1f3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll 1398.1f3c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1398.1f3c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1398.1f3c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 1398.1f3c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL *pfFlags=0x0 pwszSearchPath=0000000002acf2a0:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.1f3c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll 1398.1f3c: supR3HardenedDllNotificationCallback: load 000007fef4950000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0] 1398.1f3c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll 1398.1f3c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4950000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL' 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'. 1398.a20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll)WinVerifyTrust 1398.a20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000840 pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL' 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'. 1398.a20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL)WinVerifyTrust 1398.a20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000084c pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll' 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'. 1398.a20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll)WinVerifyTrust 1398.a20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1398.a20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll)WinVerifyTrust 1398.a20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'. 1398.a20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll)WinVerifyTrust 1398.a20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume2\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000858 pwszName=\Device\HarddiskVolume2\Windows\System32\newdev.dll 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F4B2CF91DA6B4233E3BF5D2EC9677240BFF983C 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume2\Windows\System32\newdev.dll' 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'uxtheme.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'cfgmgr32.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'setupapi.dll'. 1398.a20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\newdev.dll)WinVerifyTrust 1398.a20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\newdev.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000864 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll' 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'. 1398.a20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll)WinVerifyTrust 1398.a20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000085c pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'. 1398.a20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)WinVerifyTrust 1398.a20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000083c pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll' 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'. 1398.a20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll)WinVerifyTrust 1398.a20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 1398.a20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL *pfFlags=0x0 pwszSearchPath=0000000002acf2a0:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.a20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll 1398.a20: supR3HardenedDllNotificationCallback: load 000007fed7490000 LB 0x008bb000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0] 1398.a20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll 1398.a20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll 1398.a20: supR3HardenedDllNotificationCallback: load 000007fedecc0000 LB 0x0005f000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0] 1398.a20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll 1398.a20: supR3HardenedDllNotificationCallback: load 000007fefef50000 LB 0x001d7000 C:\WINDOWS\system32\SETUPAPI.dll [fFlags=0x0] 1398.a20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll 1398.a20: supR3HardenedDllNotificationCallback: load 000007fefd950000 LB 0x00036000 C:\WINDOWS\system32\CFGMGR32.dll [fFlags=0x0] 1398.a20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll 1398.a20: supR3HardenedDllNotificationCallback: load 000007fefd750000 LB 0x0001a000 C:\WINDOWS\system32\DEVOBJ.dll [fFlags=0x0] 1398.a20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll 1398.a20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll 1398.a20: supR3HardenedDllNotificationCallback: load 000007fee3a50000 LB 0x00051000 C:\WINDOWS\system32\newdev.dll [fFlags=0x0] 1398.a20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\newdev.dll 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1398.a20: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll) 1398.a20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll 1398.a20: supR3HardenedDllNotificationCallback: load 000007fefc9d0000 LB 0x00012000 C:\WINDOWS\system32\devrtl.DLL [fFlags=0x0] 1398.a20: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [avoiding WinVerifyTrust] 1398.a20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll 1398.a20: supR3HardenedDllNotificationCallback: load 000007fef45a0000 LB 0x00034000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0] 1398.a20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll 1398.a20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL 1398.a20: supR3HardenedDllNotificationCallback: load 000007fefc8e0000 LB 0x00027000 C:\WINDOWS\system32\IPHLPAPI.DLL [fFlags=0x0] 1398.a20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL 1398.a20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll 1398.a20: supR3HardenedDllNotificationCallback: load 000007fefc8d0000 LB 0x0000b000 C:\WINDOWS\system32\WINNSI.DLL [fFlags=0x0] 1398.a20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll 1398.a20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed7490000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL' 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000086c pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=445E5B0E9F43B5D56A5B9C4BC3369E3D076ACA1A 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll' 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.a20: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll' 1398.a20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 1398.a20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL *pfFlags=0x0 pwszSearchPath=0000000002acf2a0:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.a20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll 1398.a20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed9e70000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL' 1398.a20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll 1398.a20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL *pfFlags=0x0 pwszSearchPath=0000000002acf2a0:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.a20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll 1398.a20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef45a0000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL' 1398.330: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'. 1398.330: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'. 1398.330: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'. 1398.330: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll)WinVerifyTrust 1398.330: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll 1398.330: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'... 1398.330: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008] 1398.330: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll 1398.330: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'... 1398.330: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008] 1398.330: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll 1398.330: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1398.330: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1398.330: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll 1398.330: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL *pfFlags=0x0 pwszSearchPath=0000000002acf2a0:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.330: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll 1398.330: supR3HardenedDllNotificationCallback: load 000007fef4940000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0] 1398.330: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll 1398.330: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4940000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL' 1398.a20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL 1398.a20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/Iphlpapi.dll *pfFlags=0x0 pwszSearchPath=0000000002acf2a0:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.a20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL 1398.a20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc8e0000 'C:\WINDOWS\system32/Iphlpapi.dll' 1398.a20: supR3HardenedMonitor_LdrLoadDll: 'dhcpcsvc6.DLL' -> 'C:\WINDOWS\system32\dhcpcsvc6.DLL' [rcNt=0xc0150008] 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000954 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A719769A21133C3F89F7BEA09AB706365F35DF8F 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_26_for_KB2763523~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll' 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'. 1398.a20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll)WinVerifyTrust 1398.a20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 1398.a20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dhcpcsvc6.DLL *pfFlags=0x0 pwszSearchPath=0000000002acf960:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.a20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll 1398.a20: supR3HardenedDllNotificationCallback: load 000007fef4be0000 LB 0x00011000 C:\WINDOWS\system32\dhcpcsvc6.DLL [fFlags=0x0] 1398.a20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll 1398.a20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4be0000 'C:\WINDOWS\system32\dhcpcsvc6.DLL' 1398.a20: supR3HardenedMonitor_LdrLoadDll: 'IPHLPAPI.DLL' -> 'C:\WINDOWS\system32\IPHLPAPI.DLL' [rcNt=0xc0150008] 1398.a20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL 1398.a20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IPHLPAPI.DLL *pfFlags=0x0 pwszSearchPath=0000000002acf960:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.a20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc8e0000 'C:\WINDOWS\system32\IPHLPAPI.DLL' 1398.a20: supR3HardenedMonitor_LdrLoadDll: 'dhcpcsvc.DLL' -> 'C:\WINDOWS\system32\dhcpcsvc.DLL' [rcNt=0xc0150008] 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000978 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D89E2D6AED9A19082ECA108BEEF81A904C7A9756 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll' 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'. 1398.a20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll)WinVerifyTrust 1398.a20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 1398.a20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dhcpcsvc.DLL *pfFlags=0x0 pwszSearchPath=0000000002acf330:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.a20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll 1398.a20: supR3HardenedDllNotificationCallback: load 000007fef4b70000 LB 0x00018000 C:\WINDOWS\system32\dhcpcsvc.DLL [fFlags=0x0] 1398.a20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll 1398.a20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b70000 'C:\WINDOWS\system32\dhcpcsvc.DLL' 1398.a20: supR3HardenedMonitor_LdrLoadDll: 'IPHLPAPI.DLL' -> 'C:\WINDOWS\system32\IPHLPAPI.DLL' [rcNt=0xc0150008] 1398.a20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL 1398.a20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IPHLPAPI.DLL *pfFlags=0x0 pwszSearchPath=0000000002acf330:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.a20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc8e0000 'C:\WINDOWS\system32\IPHLPAPI.DLL' 1398.a20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll 1398.a20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/kernel32.dll *pfFlags=0x0 pwszSearchPath=0000000002acf330:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.a20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll 1398.a20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000777a0000 'C:\WINDOWS\system32/kernel32.dll' 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009d4 pwszName=\Device\HarddiskVolume2\Windows\System32\mswsock.dll 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C8E5754748E0E000AB425BF2AEB177780FB43945 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2888049~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\mswsock.dll' 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'. 1398.a20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mswsock.dll)WinVerifyTrust 1398.a20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mswsock.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll 1398.a20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\mswsock.dll *pfFlags=0x0 pwszSearchPath=0000000002acf450:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.a20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll 1398.a20: supR3HardenedDllNotificationCallback: load 000007fefcef0000 LB 0x00055000 C:\WINDOWS\system32\mswsock.dll [fFlags=0x0] 1398.a20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll 1398.a20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcef0000 'C:\WINDOWS\system32\mswsock.dll' 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009f8 pwszName=\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006b61f0 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006b61f0 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1EFFE58BB9FD8A94FD1609B7F82A43C8E09D98AA 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL' 1398.a20: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900) 1398.a20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ws2_32.dll'. 1398.a20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL)WinVerifyTrust 1398.a20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 1398.a20: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 1398.a20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll 1398.a20: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wshtcpip.dll *pfFlags=0x0 pwszSearchPath=0000000002acf450:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.a20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL 1398.a20: supR3HardenedDllNotificationCallback: load 000007fefb800000 LB 0x00007000 C:\WINDOWS\System32\wshtcpip.dll [fFlags=0x0] 1398.a20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL 1398.a20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb800000 'C:\WINDOWS\System32\wshtcpip.dll' 1398.1fb8: supR3HardenedMonitor_LdrLoadDll: 'OLEAUT32.dll' -> 'C:\WINDOWS\system32\OLEAUT32.dll' [rcNt=0xc0150008] 1398.1fb8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll 1398.1fb8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll *pfFlags=0x0 pwszSearchPath=0000000002acf450:C:\Program Files\Oracle\VirtualBox;C:\WINDOWS\system32 [calling] 1398.1fb8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff7d0000 'C:\WINDOWS\system32\OLEAUT32.dll' 1398.330: supR3HardenedDllNotificationCallback: Unload 000007fef4940000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0] 1398.1f3c: supR3HardenedDllNotificationCallback: Unload 000007fef4950000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0] 1398.2064: supR3HardenedDllNotificationCallback: Unload 000007fef49f0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0] 1398.21c8: supR3HardenedDllNotificationCallback: Unload 000007fef4a00000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0] 1398.23d8: supR3HardenedDllNotificationCallback: Unload 000007fef4a10000 LB 0x00009000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0] 1398.a20: supR3HardenedDllNotificationCallback: Unload 000007fefb800000 LB 0x00007000 C:\WINDOWS\System32\wshtcpip.dll [flags=0x0] 1398.a20: supR3HardenedDllNotificationCallback: Unload 000007fed7490000 LB 0x008bb000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0] 1398.a20: supR3HardenedDllNotificationCallback: Unload 000007fef45a0000 LB 0x00034000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0] 1398.a20: supR3HardenedDllNotificationCallback: Unload 000007fedecc0000 LB 0x0005f000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0] 1398.a20: supR3HardenedDllNotificationCallback: Unload 000007fee3a50000 LB 0x00051000 C:\WINDOWS\system32\newdev.dll [flags=0x0] 1398.a20: supR3HardenedDllNotificationCallback: Unload 000007fefef50000 LB 0x001d7000 C:\WINDOWS\system32\SETUPAPI.dll [flags=0x0] 1398.a20: supR3HardenedDllNotificationCallback: Unload 000007fefd750000 LB 0x0001a000 C:\WINDOWS\system32\DEVOBJ.dll [flags=0x0] 1398.a20: supR3HardenedDllNotificationCallback: Unload 000007fefd950000 LB 0x00036000 C:\WINDOWS\system32\CFGMGR32.dll [flags=0x0] 1398.a20: supR3HardenedDllNotificationCallback: Unload 000007fefc9d0000 LB 0x00012000 C:\WINDOWS\system32\devrtl.DLL [flags=0x0] 1398.11c4: supR3HardenedDllNotificationCallback: Unload 000007fef2310000 LB 0x000e2000 C:\WINDOWS\system32\wbem\fastprox.dll [flags=0x0] 1398.11c4: supR3HardenedDllNotificationCallback: Unload 000007fef22e0000 LB 0x00027000 C:\WINDOWS\system32\NTDSAPI.dll [flags=0x0] 1398.11c4: supR3HardenedDllNotificationCallback: Unload 000007fef1f20000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [flags=0x0] 1398.11c4: supR3HardenedDllNotificationCallback: Unload 000007fef9f90000 LB 0x0000f000 C:\WINDOWS\system32\wbem\wbemprox.dll [flags=0x0] 1398.11c4: supR3HardenedDllNotificationCallback: Unload 000007fef9820000 LB 0x00086000 C:\WINDOWS\system32\wbemcomn.dll [flags=0x0] 1398.11c4: supR3HardenedDllNotificationCallback: Unload 000007fed9e70000 LB 0x004e7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0] 1398.11c4: Terminating the normal way: rcExit=0 4fc.22ec: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 145885 ms, the end); 191c.2148: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 147055 ms, the end);