Skip to content

Instantly share code, notes, and snippets.

@foxundermoon

foxundermoon/VBox.log

Created August 2, 2015 16:25
Show Gist options
  • Save foxundermoon/c9761a4252b9f7e77955 to your computer and use it in GitHub Desktop.
Save foxundermoon/c9761a4252b9f7e77955 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
VBox.log
VirtualBox VM 5.0.0 r101573 win.amd64 (Jul 9 2015 11:08:16) release log
00:00:04.186165 Log opened 2015-08-02T16:18:59.366501500Z
00:00:04.186166 Build Type: release
00:00:04.186170 OS Product: Unknown NT v10.0
00:00:04.186171 OS Release: 10.0.10240
00:00:04.186172 OS Service Pack:
00:00:04.235083 DMI Product Name: TA870+
00:00:04.246082 DMI Product Version:
00:00:04.246094 Host RAM: 10239MB total, 4539MB available
00:00:04.246096 Executable: C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
00:00:04.246097 Process ID: 46392
00:00:04.246098 Package type: WINDOWS_64BITS_GENERIC
00:00:04.253594 Installed Extension Packs:
00:00:04.253657 None installed!
00:00:04.260108 Console: Machine state changed to 'Starting'
00:00:04.264884 GUI: UIMediumEnumerator: Medium-enumeration finished!
00:00:04.388172 SUP: Loaded VMMR0.r0 (C:\Program Files\Oracle\VirtualBox\VMMR0.r0) at 0xfffff8019d3f0000 - ModuleInit at fffff8019d4114a0 and ModuleTerm at fffff8019d411790 using the native ring-0 loader
00:00:04.388224 SUP: VMMR0EntryEx located at fffff8019d412c90, VMMR0EntryFast at fffff8019d411be0 and VMMR0EntryInt at fffff8019d411bd0
00:00:04.388231 SUP: windbg> .reload /f C:\Program Files\Oracle\VirtualBox\VMMR0.r0=0xfffff8019d3f0000
00:00:04.398938 Guest OS type: 'MacOS_64'
00:00:04.403318 Installed Drivers:
00:00:04.411236 C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys (Version: 5.0.0.1573)
00:00:04.416431 C:\Windows\system32\DRIVERS\VBoxNetLwf.sys (Version: 5.0.0.1573)
00:00:04.420952 C:\Windows\system32\DRIVERS\VBoxUSBMon.sys (Version: 5.0.0.1573)
00:00:04.432794 C:\Windows\system32\DRIVERS\VBoxDrv.sys (Version: 5.0.0.1573)
00:00:04.439054 Using MWAIT extensions
00:00:04.439281 fHMForced=true - SMP
00:00:04.439289 fHMForced=true - 64-bit guest
00:00:04.490879 File system of 'D:\driver\virtualBox\osx_default_1438532316607_51095\Snapshots' (snapshots) is unknown
00:00:04.490897 File system of 'D:\driver\virtualBox\osx_default_1438532316607_51095\box-disk1.vmdk' is ntfs
00:00:05.375989 Shared clipboard service loaded
00:00:05.376002 Shared clipboard mode: Off
00:00:05.390843 Drag and drop service loaded
00:00:05.390863 Drag and drop mode: Off
00:00:05.462556 Guest Control service loaded
00:00:05.465163 ************************* CFGM dump *************************
00:00:05.465166 [/] (level 0)
00:00:05.465170 CSAMEnabled <integer> = 0x0000000000000001 (1)
00:00:05.465172 CpuExecutionCap <integer> = 0x0000000000000064 (100)
00:00:05.465174 EnablePAE <integer> = 0x0000000000000001 (1)
00:00:05.465175 HMEnabled <integer> = 0x0000000000000001 (1)
00:00:05.465177 MemBalloonSize <integer> = 0x0000000000000000 (0)
00:00:05.465178 Name <string> = "osx_default_1438532316607_51095" (cb=32)
00:00:05.465179 NumCPUs <integer> = 0x0000000000000004 (4)
00:00:05.465181 PATMEnabled <integer> = 0x0000000000000001 (1)
00:00:05.465182 PageFusionAllowed <integer> = 0x0000000000000000 (0)
00:00:05.465183 RamHoleSize <integer> = 0x0000000024000000 (603 979 776, 576 MB)
00:00:05.465185 RamSize <integer> = 0x0000000080000000 (2 147 483 648, 2 048 MB)
00:00:05.465187 RawR0Enabled <integer> = 0x0000000000000001 (1)
00:00:05.465188 RawR3Enabled <integer> = 0x0000000000000001 (1)
00:00:05.465189 TimerMillies <integer> = 0x000000000000000a (10)
00:00:05.465190 UUID <bytes> = "ca 6e e9 70 97 d5 52 47 83 b5 4d 83 ff 86 cf 89" (cb=16)
00:00:05.465194
00:00:05.465195 [/CPUM/] (level 1)
00:00:05.465196 MWaitExtensions <integer> = 0x0000000000000001 (1)
00:00:05.465198 MaxIntelFamilyModelStep <integer> = 0x0000000000061701 (399 105)
00:00:05.465199 PortableCpuIdLevel <integer> = 0x0000000000000000 (0)
00:00:05.465200
00:00:05.465201 [/CPUM/HostCPUID/] (level 2)
00:00:05.465202
00:00:05.465203 [/CPUM/HostCPUID/1/] (level 3)
00:00:05.465204 eax <integer> = 0x00000000000206a7 (132 775)
00:00:05.465206 ebx <integer> = 0x0000000002100800 (34 605 056)
00:00:05.465207 ecx <integer> = 0x000000001fbae3bf (532 341 695)
00:00:05.465208 edx <integer> = 0x00000000bfebfbff (3 219 913 727)
00:00:05.465209
00:00:05.465210 [/DBGF/] (level 1)
00:00:05.465211 Path <string> = "D:\driver\virtualBox\osx_default_1438532316607_51095/debug/;D:\driver\virtualBox\osx_default_1438532316607_51095/;C:\Users\fox/" (cb=128)
00:00:05.465213
00:00:05.465213 [/Devices/] (level 1)
00:00:05.465214
00:00:05.465215 [/Devices/8237A/] (level 2)
00:00:05.465216
00:00:05.465216 [/Devices/8237A/0/] (level 3)
00:00:05.465218 Trusted <integer> = 0x0000000000000001 (1)
00:00:05.465219
00:00:05.465219 [/Devices/GIMDev/] (level 2)
00:00:05.465220
00:00:05.465221 [/Devices/GIMDev/0/] (level 3)
00:00:05.465222 Trusted <integer> = 0x0000000000000001 (1)
00:00:05.465223
00:00:05.465223 [/Devices/VMMDev/] (level 2)
00:00:05.465225
00:00:05.465225 [/Devices/VMMDev/0/] (level 3)
00:00:05.465227 PCIBusNo <integer> = 0x0000000000000000 (0)
00:00:05.465228 PCIDeviceNo <integer> = 0x0000000000000004 (4)
00:00:05.465229 PCIFunctionNo <integer> = 0x0000000000000000 (0)
00:00:05.465230 Trusted <integer> = 0x0000000000000001 (1)
00:00:05.465231
00:00:05.465232 [/Devices/VMMDev/0/Config/] (level 4)
00:00:05.465233 GuestCoreDumpDir <string> = "D:\driver\virtualBox\osx_default_1438532316607_51095\Snapshots" (cb=63)
00:00:05.465235 RamSize <integer> = 0x0000000080000000 (2 147 483 648, 2 048 MB)
00:00:05.465236
00:00:05.465237 [/Devices/VMMDev/0/LUN#0/] (level 4)
00:00:05.465238 Driver <string> = "HGCM" (cb=5)
00:00:05.465239
00:00:05.465240 [/Devices/VMMDev/0/LUN#0/Config/] (level 5)
00:00:05.465241 Object <integer> = 0x0000000004a0f290 (77 656 720)
00:00:05.465243
00:00:05.465243 [/Devices/VMMDev/0/LUN#999/] (level 4)
00:00:05.465245 Driver <string> = "MainStatus" (cb=11)
00:00:05.465246
00:00:05.465246 [/Devices/VMMDev/0/LUN#999/Config/] (level 5)
00:00:05.465248 First <integer> = 0x0000000000000000 (0)
00:00:05.465249 Last <integer> = 0x0000000000000000 (0)
00:00:05.465250 papLeds <integer> = 0x0000000003e4d830 (65 329 200)
00:00:05.465251
00:00:05.465252 [/Devices/acpi/] (level 2)
00:00:05.465253
00:00:05.465253 [/Devices/acpi/0/] (level 3)
00:00:05.465255 PCIBusNo <integer> = 0x0000000000000000 (0)
00:00:05.465256 PCIDeviceNo <integer> = 0x0000000000000007 (7)
00:00:05.465257 PCIFunctionNo <integer> = 0x0000000000000000 (0)
00:00:05.465258 Trusted <integer> = 0x0000000000000001 (1)
00:00:05.465259
00:00:05.465259 [/Devices/acpi/0/Config/] (level 4)
00:00:05.465262 CpuHotPlug <integer> = 0x0000000000000000 (0)
00:00:05.465263 FdcEnabled <integer> = 0x0000000000000000 (0)
00:00:05.465264 HostBusPciAddress <integer> = 0x00000000001e0000 (1 966 080)
00:00:05.465265 HpetEnabled <integer> = 0x0000000000000001 (1)
00:00:05.465266 IOAPIC <integer> = 0x0000000000000001 (1)
00:00:05.465267 IocPciAddress <integer> = 0x00000000001f0000 (2 031 616)
00:00:05.465268 McfgBase <integer> = 0x00000000dc000000 (3 690 987 520)
00:00:05.465270 McfgLength <integer> = 0x0000000004000000 (67 108 864)
00:00:05.465271 NicPciAddress <integer> = 0x0000000000110000 (1 114 112)
00:00:05.465272 NumCPUs <integer> = 0x0000000000000004 (4)
00:00:05.465274 RamHoleSize <integer> = 0x0000000024000000 (603 979 776, 576 MB)
00:00:05.465275 RamSize <integer> = 0x0000000080000000 (2 147 483 648, 2 048 MB)
00:00:05.465277 Serial0IoPortBase <integer> = 0x0000000000000000 (0)
00:00:05.465278 Serial0Irq <integer> = 0x0000000000000000 (0)
00:00:05.465279 Serial1IoPortBase <integer> = 0x0000000000000000 (0)
00:00:05.465280 Serial1Irq <integer> = 0x0000000000000000 (0)
00:00:05.465281 ShowCpu <integer> = 0x0000000000000001 (1)
00:00:05.465282 ShowRtc <integer> = 0x0000000000000001 (1)
00:00:05.465283 SmcEnabled <integer> = 0x0000000000000001 (1)
00:00:05.465284
00:00:05.465284 [/Devices/acpi/0/LUN#0/] (level 4)
00:00:05.465286 Driver <string> = "ACPIHost" (cb=9)
00:00:05.465287
00:00:05.465287 [/Devices/acpi/0/LUN#0/Config/] (level 5)
00:00:05.465289
00:00:05.465289 [/Devices/acpi/0/LUN#1/] (level 4)
00:00:05.465291 Driver <string> = "ACPICpu" (cb=8)
00:00:05.465292
00:00:05.465292 [/Devices/acpi/0/LUN#1/Config/] (level 5)
00:00:05.465294
00:00:05.465294 [/Devices/acpi/0/LUN#2/] (level 4)
00:00:05.465296 Driver <string> = "ACPICpu" (cb=8)
00:00:05.465297
00:00:05.465297 [/Devices/acpi/0/LUN#2/Config/] (level 5)
00:00:05.465298
00:00:05.465299 [/Devices/acpi/0/LUN#3/] (level 4)
00:00:05.465300 Driver <string> = "ACPICpu" (cb=8)
00:00:05.465301
00:00:05.465302 [/Devices/acpi/0/LUN#3/Config/] (level 5)
00:00:05.465303
00:00:05.465304 [/Devices/ahci/] (level 2)
00:00:05.465305
00:00:05.465305 [/Devices/ahci/0/] (level 3)
00:00:05.465307 PCIBusNo <integer> = 0x0000000000000000 (0)
00:00:05.465308 PCIDeviceNo <integer> = 0x000000000000001f (31)
00:00:05.465310 PCIFunctionNo <integer> = 0x0000000000000002 (2)
00:00:05.465310 Trusted <integer> = 0x0000000000000001 (1)
00:00:05.465311
00:00:05.465312 [/Devices/ahci/0/Config/] (level 4)
00:00:05.465313 Bootable <integer> = 0x0000000000000001 (1)
00:00:05.465314 PortCount <integer> = 0x0000000000000002 (2)
00:00:05.465315
00:00:05.465316 [/Devices/ahci/0/Config/Port0/] (level 5)
00:00:05.465317 NonRotationalMedium <integer> = 0x0000000000000000 (0)
00:00:05.465318
00:00:05.465319 [/Devices/ahci/0/Config/Port1/] (level 5)
00:00:05.465320 NonRotationalMedium <integer> = 0x0000000000000000 (0)
00:00:05.465321
00:00:05.465322 [/Devices/ahci/0/LUN#0/] (level 4)
00:00:05.465323 Driver <string> = "Block" (cb=6)
00:00:05.465324
00:00:05.465325 [/Devices/ahci/0/LUN#0/AttachedDriver/] (level 5)
00:00:05.465326 Driver <string> = "VD" (cb=3)
00:00:05.465340
00:00:05.465341 [/Devices/ahci/0/LUN#0/AttachedDriver/Config/] (level 6)
00:00:05.465343 BlockCache <integer> = 0x0000000000000001 (1)
00:00:05.465344 Format <string> = "VMDK" (cb=5)
00:00:05.465345 Path <string> = "D:\driver\virtualBox\osx_default_1438532316607_51095\box-disk1.vmdk" (cb=68)
00:00:05.465346 Type <string> = "HardDisk" (cb=9)
00:00:05.465347 UseNewIo <integer> = 0x0000000000000001 (1)
00:00:05.465348
00:00:05.465349 [/Devices/ahci/0/LUN#0/Config/] (level 5)
00:00:05.465350 Mountable <integer> = 0x0000000000000000 (0)
00:00:05.465351 Type <string> = "HardDisk" (cb=9)
00:00:05.465352
00:00:05.465353 [/Devices/ahci/0/LUN#1/] (level 4)
00:00:05.465354 Driver <string> = "Block" (cb=6)
00:00:05.465355
00:00:05.465356 [/Devices/ahci/0/LUN#1/Config/] (level 5)
00:00:05.465357 Mountable <integer> = 0x0000000000000001 (1)
00:00:05.465358 Type <string> = "DVD" (cb=4)
00:00:05.465359
00:00:05.465360 [/Devices/ahci/0/LUN#999/] (level 4)
00:00:05.465361 Driver <string> = "MainStatus" (cb=11)
00:00:05.465362
00:00:05.465363 [/Devices/ahci/0/LUN#999/Config/] (level 5)
00:00:05.465365 DeviceInstance <string> = "ahci/0" (cb=7)
00:00:05.465366 First <integer> = 0x0000000000000000 (0)
00:00:05.465367 Last <integer> = 0x0000000000000001 (1)
00:00:05.465368 pConsole <integer> = 0x0000000003e4d1b0 (65 327 536)
00:00:05.465370 papLeds <integer> = 0x0000000003e4d520 (65 328 416)
00:00:05.465371 pmapMediumAttachments <integer> = 0x0000000003e4d850 (65 329 232)
00:00:05.465372
00:00:05.465373 [/Devices/apic/] (level 2)
00:00:05.465374
00:00:05.465375 [/Devices/apic/0/] (level 3)
00:00:05.465376 Trusted <integer> = 0x0000000000000001 (1)
00:00:05.465377
00:00:05.465377 [/Devices/apic/0/Config/] (level 4)
00:00:05.465379 IOAPIC <integer> = 0x0000000000000001 (1)
00:00:05.465380 NumCPUs <integer> = 0x0000000000000004 (4)
00:00:05.465381
00:00:05.465381 [/Devices/e1000/] (level 2)
00:00:05.465383
00:00:05.465383 [/Devices/e1000/0/] (level 3)
00:00:05.465384 PCIBusNo <integer> = 0x0000000000000000 (0)
00:00:05.465385 PCIDeviceNo <integer> = 0x0000000000000011 (17)
00:00:05.465386 PCIFunctionNo <integer> = 0x0000000000000000 (0)
00:00:05.465387 Trusted <integer> = 0x0000000000000001 (1)
00:00:05.465388
00:00:05.465389 [/Devices/e1000/0/Config/] (level 4)
00:00:05.465390 AdapterType <integer> = 0x0000000000000002 (2)
00:00:05.465391 CableConnected <integer> = 0x0000000000000001 (1)
00:00:05.465392 LineSpeed <integer> = 0x0000000000000000 (0)
00:00:05.465393 MAC <bytes> = "08 00 27 9b c9 65" (cb=6)
00:00:05.465395
00:00:05.465396 [/Devices/e1000/0/LUN#0/] (level 4)
00:00:05.465397 Driver <string> = "NAT" (cb=4)
00:00:05.465398
00:00:05.465399 [/Devices/e1000/0/LUN#0/Config/] (level 5)
00:00:05.465401 AliasMode <integer> = 0x0000000000000000 (0)
00:00:05.465402 BootFile <string> = "osx_default_1438532316607_51095.pxe" (cb=36)
00:00:05.465403 DNSProxy <integer> = 0x0000000000000001 (1)
00:00:05.465404 Network <string> = "10.0.2.0/24" (cb=12)
00:00:05.465405 PassDomain <integer> = 0x0000000000000001 (1)
00:00:05.465406 TFTPPrefix <string> = "C:\Users\fox/.VirtualBox\TFTP" (cb=30)
00:00:05.465407 UseHostResolver <integer> = 0x0000000000000000 (0)
00:00:05.465408
00:00:05.465409 [/Devices/e1000/0/LUN#0/Config/ssh/] (level 6)
00:00:05.465411 BindIP <string> = "127.0.0.1" (cb=10)
00:00:05.465412 GuestPort <integer> = 0x0000000000000016 (22)
00:00:05.465413 HostPort <integer> = 0x00000000000008ae (2 222)
00:00:05.465414 Protocol <string> = "TCP" (cb=4)
00:00:05.465415
00:00:05.465415 [/Devices/e1000/0/LUN#999/] (level 4)
00:00:05.465417 Driver <string> = "MainStatus" (cb=11)
00:00:05.465418
00:00:05.465418 [/Devices/e1000/0/LUN#999/Config/] (level 5)
00:00:05.465420 First <integer> = 0x0000000000000000 (0)
00:00:05.465421 Last <integer> = 0x0000000000000000 (0)
00:00:05.465422 papLeds <integer> = 0x0000000003e4d710 (65 328 912)
00:00:05.465423
00:00:05.465424 [/Devices/e1000/1/] (level 3)
00:00:05.465425 PCIBusNo <integer> = 0x0000000000000000 (0)
00:00:05.465426 PCIDeviceNo <integer> = 0x0000000000000008 (8)
00:00:05.465427 PCIFunctionNo <integer> = 0x0000000000000000 (0)
00:00:05.465428 Trusted <integer> = 0x0000000000000001 (1)
00:00:05.465429
00:00:05.465429 [/Devices/e1000/1/Config/] (level 4)
00:00:05.465431 AdapterType <integer> = 0x0000000000000002 (2)
00:00:05.465432 CableConnected <integer> = 0x0000000000000001 (1)
00:00:05.465433 LineSpeed <integer> = 0x0000000000000000 (0)
00:00:05.465434 MAC <bytes> = "08 00 27 79 95 e8" (cb=6)
00:00:05.465436
00:00:05.465436 [/Devices/e1000/1/LUN#0/] (level 4)
00:00:05.465438 Driver <string> = "IntNet" (cb=7)
00:00:05.465439
00:00:05.465439 [/Devices/e1000/1/LUN#0/Config/] (level 5)
00:00:05.465441 IfPolicyPromisc <string> = "deny" (cb=5)
00:00:05.465442 IgnoreConnectFailure <integer> = 0x0000000000000000 (0)
00:00:05.465443 Network <string> = "HostInterfaceNetworking-Realtek PCIe GBE Family Controller" (cb=59)
00:00:05.465444 Trunk <string> = "\DEVICE\{C256ECC9-6C48-400F-9EC2-E932652B3C05}" (cb=47)
00:00:05.465446 TrunkType <integer> = 0x0000000000000003 (3)
00:00:05.465447
00:00:05.465447 [/Devices/e1000/1/LUN#999/] (level 4)
00:00:05.465449 Driver <string> = "MainStatus" (cb=11)
00:00:05.465449
00:00:05.465450 [/Devices/e1000/1/LUN#999/Config/] (level 5)
00:00:05.465452 First <integer> = 0x0000000000000000 (0)
00:00:05.465453 Last <integer> = 0x0000000000000000 (0)
00:00:05.465454 papLeds <integer> = 0x0000000003e4d718 (65 328 920)
00:00:05.465455
00:00:05.465455 [/Devices/efi/] (level 2)
00:00:05.465456
00:00:05.465457 [/Devices/efi/0/] (level 3)
00:00:05.465458 Trusted <integer> = 0x0000000000000001 (1)
00:00:05.465459
00:00:05.465460 [/Devices/efi/0/Config/] (level 4)
00:00:05.465462 64BitEntry <integer> = 0x0000000000000001 (1)
00:00:05.465463 BootArgs <string> = "" (cb=1)
00:00:05.465464 DeviceProps <string> = "" (cb=1)
00:00:05.465465 DmiExposeMemoryTable <integer> = 0x0000000000000001 (1)
00:00:05.465466 DmiUseHostInfo <integer> = 0x0000000000000001 (1)
00:00:05.465467 EfiRom <string> = "C:\Program Files\Oracle\VirtualBox\VBoxEFI64.fd" (cb=48)
00:00:05.465469 GopMode <integer> = 0x00000000ffffffff (4 294 967 295)
00:00:05.465470 IOAPIC <integer> = 0x0000000000000001 (1)
00:00:05.465471 NumCPUs <integer> = 0x0000000000000004 (4)
00:00:05.465473 RamHoleSize <integer> = 0x0000000024000000 (603 979 776, 576 MB)
00:00:05.465474 RamSize <integer> = 0x0000000080000000 (2 147 483 648, 2 048 MB)
00:00:05.465476 UUID <bytes> = "ca 6e e9 70 97 d5 52 47 83 b5 4d 83 ff 86 cf 89" (cb=16)
00:00:05.465479 UgaHorizontalResolution <integer> = 0x0000000000000000 (0)
00:00:05.465480 UgaVerticalResolution <integer> = 0x0000000000000000 (0)
00:00:05.465481
00:00:05.465482 [/Devices/efi/0/LUN#0/] (level 4)
00:00:05.465483 Driver <string> = "NvramStorage" (cb=13)
00:00:05.465484
00:00:05.465485 [/Devices/efi/0/LUN#0/Config/] (level 5)
00:00:05.465486 Object <integer> = 0x0000000003e41390 (65 278 864)
00:00:05.465487
00:00:05.465488 [/Devices/hpet/] (level 2)
00:00:05.465489
00:00:05.465490 [/Devices/hpet/0/] (level 3)
00:00:05.465491 Trusted <integer> = 0x0000000000000001 (1)
00:00:05.465492
00:00:05.465492 [/Devices/hpet/0/Config/] (level 4)
00:00:05.465494 ICH9 <integer> = 0x0000000000000001 (1)
00:00:05.465495
00:00:05.465495 [/Devices/i8254/] (level 2)
00:00:05.465496
00:00:05.465497 [/Devices/i8254/0/] (level 3)
00:00:05.465498
00:00:05.465499 [/Devices/i8254/0/Config/] (level 4)
00:00:05.465500
00:00:05.465500 [/Devices/i8259/] (level 2)
00:00:05.465502
00:00:05.465502 [/Devices/i8259/0/] (level 3)
00:00:05.465504 Trusted <integer> = 0x0000000000000001 (1)
00:00:05.465504
00:00:05.465505 [/Devices/i8259/0/Config/] (level 4)
00:00:05.465506
00:00:05.465507 [/Devices/ich9pci/] (level 2)
00:00:05.465508
00:00:05.465508 [/Devices/ich9pci/0/] (level 3)
00:00:05.465509 Trusted <integer> = 0x0000000000000001 (1)
00:00:05.465510
00:00:05.465511 [/Devices/ich9pci/0/Config/] (level 4)
00:00:05.465512 IOAPIC <integer> = 0x0000000000000001 (1)
00:00:05.465513 McfgBase <integer> = 0x00000000dc000000 (3 690 987 520)
00:00:05.465515 McfgLength <integer> = 0x0000000004000000 (67 108 864)
00:00:05.465516
00:00:05.465516 [/Devices/ich9pcibridge/] (level 2)
00:00:05.465518
00:00:05.465518 [/Devices/ich9pcibridge/0/] (level 3)
00:00:05.465520 PCIBusNo <integer> = 0x0000000000000000 (0)
00:00:05.465521 PCIDeviceNo <integer> = 0x0000000000000018 (24)
00:00:05.465522 PCIFunctionNo <integer> = 0x0000000000000000 (0)
00:00:05.465523 Trusted <integer> = 0x0000000000000001 (1)
00:00:05.465524
00:00:05.465524 [/Devices/ich9pcibridge/1/] (level 3)
00:00:05.465526 PCIBusNo <integer> = 0x0000000000000000 (0)
00:00:05.465527 PCIDeviceNo <integer> = 0x0000000000000019 (25)
00:00:05.465528 PCIFunctionNo <integer> = 0x0000000000000000 (0)
00:00:05.465529 Trusted <integer> = 0x0000000000000001 (1)
00:00:05.465530
00:00:05.465530 [/Devices/ioapic/] (level 2)
00:00:05.465532
00:00:05.465532 [/Devices/ioapic/0/] (level 3)
00:00:05.465533 Trusted <integer> = 0x0000000000000001 (1)
00:00:05.465690
00:00:05.465690 [/Devices/ioapic/0/Config/] (level 4)
00:00:05.465692 NumCPUs <integer> = 0x0000000000000004 (4)
00:00:05.465693
00:00:05.465694 [/Devices/lpc/] (level 2)
00:00:05.465695
00:00:05.465695 [/Devices/lpc/0/] (level 3)
00:00:05.465697 PCIBusNo <integer> = 0x0000000000000000 (0)
00:00:05.465698 PCIDeviceNo <integer> = 0x000000000000001f (31)
00:00:05.465699 PCIFunctionNo <integer> = 0x0000000000000000 (0)
00:00:05.465700 Trusted <integer> = 0x0000000000000001 (1)
00:00:05.465701
00:00:05.465702 [/Devices/mc146818/] (level 2)
00:00:05.465703
00:00:05.465703 [/Devices/mc146818/0/] (level 3)
00:00:05.465705
00:00:05.465705 [/Devices/mc146818/0/Config/] (level 4)
00:00:05.465707 UseUTC <integer> = 0x0000000000000001 (1)
00:00:05.465708
00:00:05.465708 [/Devices/parallel/] (level 2)
00:00:05.465709
00:00:05.465710 [/Devices/pcarch/] (level 2)
00:00:05.465711
00:00:05.465712 [/Devices/pcarch/0/] (level 3)
00:00:05.465713 Trusted <integer> = 0x0000000000000001 (1)
00:00:05.465714
00:00:05.465715 [/Devices/pcarch/0/Config/] (level 4)
00:00:05.465716
00:00:05.465716 [/Devices/pckbd/] (level 2)
00:00:05.465718
00:00:05.465718 [/Devices/pckbd/0/] (level 3)
00:00:05.465719 Trusted <integer> = 0x0000000000000001 (1)
00:00:05.465720
00:00:05.465721 [/Devices/pckbd/0/Config/] (level 4)
00:00:05.465722
00:00:05.465723 [/Devices/pckbd/0/LUN#0/] (level 4)
00:00:05.465724 Driver <string> = "KeyboardQueue" (cb=14)
00:00:05.465725
00:00:05.465726 [/Devices/pckbd/0/LUN#0/AttachedDriver/] (level 5)
00:00:05.465727 Driver <string> = "MainKeyboard" (cb=13)
00:00:05.465728
00:00:05.465729 [/Devices/pckbd/0/LUN#0/AttachedDriver/Config/] (level 6)
00:00:05.465731 Object <integer> = 0x0000000003d69510 (64 394 512)
00:00:05.465732
00:00:05.465732 [/Devices/pckbd/0/LUN#0/Config/] (level 5)
00:00:05.465734 QueueSize <integer> = 0x0000000000000040 (64)
00:00:05.465735
00:00:05.465736 [/Devices/pckbd/0/LUN#1/] (level 4)
00:00:05.465737 Driver <string> = "MouseQueue" (cb=11)
00:00:05.465738
00:00:05.465738 [/Devices/pckbd/0/LUN#1/AttachedDriver/] (level 5)
00:00:05.465740 Driver <string> = "MainMouse" (cb=10)
00:00:05.465741
00:00:05.465742 [/Devices/pckbd/0/LUN#1/AttachedDriver/Config/] (level 6)
00:00:05.465743 Object <integer> = 0x0000000003e43eb0 (65 289 904)
00:00:05.465745
00:00:05.465745 [/Devices/pckbd/0/LUN#1/Config/] (level 5)
00:00:05.465747 QueueSize <integer> = 0x0000000000000080 (128)
00:00:05.465748
00:00:05.465748 [/Devices/pcnet/] (level 2)
00:00:05.465749
00:00:05.465750 [/Devices/serial/] (level 2)
00:00:05.465751
00:00:05.465751 [/Devices/smc/] (level 2)
00:00:05.465753
00:00:05.465753 [/Devices/smc/0/] (level 3)
00:00:05.465754 Trusted <integer> = 0x0000000000000001 (1)
00:00:05.465755
00:00:05.465756 [/Devices/smc/0/Config/] (level 4)
00:00:05.465757 DeviceKey <string> = "" (cb=1)
00:00:05.465758 GetKeyFromRealSMC <integer> = 0x0000000000000000 (0)
00:00:05.465759
00:00:05.465760 [/Devices/usb-ohci/] (level 2)
00:00:05.465761
00:00:05.465761 [/Devices/usb-ohci/0/] (level 3)
00:00:05.465763 PCIBusNo <integer> = 0x0000000000000000 (0)
00:00:05.465764 PCIDeviceNo <integer> = 0x000000000000001f (31)
00:00:05.465765 PCIFunctionNo <integer> = 0x0000000000000004 (4)
00:00:05.465766 Trusted <integer> = 0x0000000000000001 (1)
00:00:05.465767
00:00:05.465767 [/Devices/usb-ohci/0/Config/] (level 4)
00:00:05.465769
00:00:05.465769 [/Devices/usb-ohci/0/LUN#0/] (level 4)
00:00:05.465771 Driver <string> = "VUSBRootHub" (cb=12)
00:00:05.465772
00:00:05.465772 [/Devices/usb-ohci/0/LUN#0/Config/] (level 5)
00:00:05.465774
00:00:05.465774 [/Devices/usb-ohci/0/LUN#999/] (level 4)
00:00:05.465776 Driver <string> = "MainStatus" (cb=11)
00:00:05.465777
00:00:05.465777 [/Devices/usb-ohci/0/LUN#999/Config/] (level 5)
00:00:05.465779 First <integer> = 0x0000000000000000 (0)
00:00:05.465780 Last <integer> = 0x0000000000000000 (0)
00:00:05.465781 papLeds <integer> = 0x0000000003e4d838 (65 329 208)
00:00:05.465782
00:00:05.465783 [/Devices/vga/] (level 2)
00:00:05.465784
00:00:05.465784 [/Devices/vga/0/] (level 3)
00:00:05.465785 PCIBusNo <integer> = 0x0000000000000000 (0)
00:00:05.465786 PCIDeviceNo <integer> = 0x0000000000000002 (2)
00:00:05.465787 PCIFunctionNo <integer> = 0x0000000000000000 (0)
00:00:05.465788 Trusted <integer> = 0x0000000000000001 (1)
00:00:05.465789
00:00:05.465790 [/Devices/vga/0/Config/] (level 4)
00:00:05.465792 CustomVideoModes <integer> = 0x0000000000000000 (0)
00:00:05.465793 FadeIn <integer> = 0x0000000000000001 (1)
00:00:05.465794 FadeOut <integer> = 0x0000000000000001 (1)
00:00:05.465795 HeightReduction <integer> = 0x0000000000000000 (0)
00:00:05.465796 LogoFile <string> = "" (cb=1)
00:00:05.465797 LogoTime <integer> = 0x0000000000000000 (0)
00:00:05.465798 MonitorCount <integer> = 0x0000000000000001 (1)
00:00:05.465799 ShowBootMenu <integer> = 0x0000000000000002 (2)
00:00:05.465800 VRamSize <integer> = 0x0000000008000000 (134 217 728, 128 MB)
00:00:05.465802
00:00:05.465802 [/Devices/vga/0/LUN#0/] (level 4)
00:00:05.465804 Driver <string> = "MainDisplay" (cb=12)
00:00:05.465805
00:00:05.465805 [/Devices/vga/0/LUN#0/Config/] (level 5)
00:00:05.465807 Object <integer> = 0x0000000003e54fe0 (65 359 840)
00:00:05.465808
00:00:05.465808 [/Devices/vga/0/LUN#999/] (level 4)
00:00:05.465810 Driver <string> = "MainStatus" (cb=11)
00:00:05.465811
00:00:05.465811 [/Devices/vga/0/LUN#999/Config/] (level 5)
00:00:05.465813 First <integer> = 0x0000000000000000 (0)
00:00:05.465814 Last <integer> = 0x0000000000000000 (0)
00:00:05.465815 papLeds <integer> = 0x0000000003e4d848 (65 329 224)
00:00:05.465816
00:00:05.465816 [/Devices/virtio-net/] (level 2)
00:00:05.465818
00:00:05.465818 [/EM/] (level 1)
00:00:05.465819 TripleFaultReset <integer> = 0x0000000000000000 (0)
00:00:05.465820
00:00:05.465821 [/GIM/] (level 1)
00:00:05.465822 Provider <string> = "Minimal" (cb=8)
00:00:05.465823
00:00:05.465823 [/HM/] (level 1)
00:00:05.465825 64bitEnabled <integer> = 0x0000000000000001 (1)
00:00:05.465826 EnableLargePages <integer> = 0x0000000000000001 (1)
00:00:05.465827 EnableNestedPaging <integer> = 0x0000000000000001 (1)
00:00:05.465828 EnableUX <integer> = 0x0000000000000001 (1)
00:00:05.465829 EnableVPID <integer> = 0x0000000000000001 (1)
00:00:05.465830 Exclusive <integer> = 0x0000000000000000 (0)
00:00:05.465831 HMForced <integer> = 0x0000000000000001 (1)
00:00:05.465832
00:00:05.465833 [/MM/] (level 1)
00:00:05.465834 CanUseLargerHeap <integer> = 0x0000000000000001 (1)
00:00:05.465835
00:00:05.465835 [/PDM/] (level 1)
00:00:05.465836
00:00:05.465836 [/PDM/AsyncCompletion/] (level 2)
00:00:05.465838
00:00:05.465838 [/PDM/AsyncCompletion/File/] (level 3)
00:00:05.465839
00:00:05.465840 [/PDM/AsyncCompletion/File/BwGroups/] (level 4)
00:00:05.465841
00:00:05.465842 [/PDM/BlkCache/] (level 2)
00:00:05.465843 CacheSize <integer> = 0x0000000000500000 (5 242 880, 5 MB)
00:00:05.465844
00:00:05.465845 [/PDM/Devices/] (level 2)
00:00:05.465846
00:00:05.465846 [/PDM/Drivers/] (level 2)
00:00:05.465848
00:00:05.465848 [/PDM/Drivers/VBoxC/] (level 3)
00:00:05.465849 Path <string> = "VBoxC" (cb=6)
00:00:05.465850
00:00:05.465851 [/PDM/NetworkShaper/] (level 2)
00:00:05.465852
00:00:05.465852 [/PDM/NetworkShaper/BwGroups/] (level 3)
00:00:05.465854
00:00:05.465854 [/TM/] (level 1)
00:00:05.465855 UTCOffset <integer> = 0x0000000000000000 (0)
00:00:05.465856
00:00:05.465856 [/USB/] (level 1)
00:00:05.465857
00:00:05.465858 [/USB/HidKeyboard/] (level 2)
00:00:05.465859
00:00:05.465859 [/USB/HidKeyboard/0/] (level 3)
00:00:05.465861
00:00:05.465861 [/USB/HidKeyboard/0/Config/] (level 4)
00:00:05.465862
00:00:05.465863 [/USB/HidKeyboard/0/LUN#0/] (level 4)
00:00:05.465864 Driver <string> = "KeyboardQueue" (cb=14)
00:00:05.465865
00:00:05.465866 [/USB/HidKeyboard/0/LUN#0/AttachedDriver/] (level 5)
00:00:05.465867 Driver <string> = "MainKeyboard" (cb=13)
00:00:05.465868
00:00:05.465869 [/USB/HidKeyboard/0/LUN#0/AttachedDriver/Config/] (level 6)
00:00:05.465871 Object <integer> = 0x0000000003d69510 (64 394 512)
00:00:05.465872
00:00:05.465872 [/USB/HidKeyboard/0/LUN#0/Config/] (level 5)
00:00:05.465874 QueueSize <integer> = 0x0000000000000040 (64)
00:00:05.465875
00:00:05.465876 [/USB/HidMouse/] (level 2)
00:00:05.465877
00:00:05.465877 [/USB/HidMouse/0/] (level 3)
00:00:05.465878
00:00:05.465879 [/USB/HidMouse/0/Config/] (level 4)
00:00:05.465880 Mode <string> = "absolute" (cb=9)
00:00:05.465881
00:00:05.465882 [/USB/HidMouse/0/LUN#0/] (level 4)
00:00:05.465883 Driver <string> = "MouseQueue" (cb=11)
00:00:05.465884
00:00:05.465884 [/USB/HidMouse/0/LUN#0/AttachedDriver/] (level 5)
00:00:05.465886 Driver <string> = "MainMouse" (cb=10)
00:00:05.465887
00:00:05.465887 [/USB/HidMouse/0/LUN#0/AttachedDriver/Config/] (level 6)
00:00:05.465889 Object <integer> = 0x0000000003e43eb0 (65 289 904)
00:00:05.465890
00:00:05.465891 [/USB/HidMouse/0/LUN#0/Config/] (level 5)
00:00:05.465892 QueueSize <integer> = 0x0000000000000080 (128)
00:00:05.465893
00:00:05.465894 [/USB/USBProxy/] (level 2)
00:00:05.465895
00:00:05.465895 [/USB/USBProxy/GlobalConfig/] (level 3)
00:00:05.465897
00:00:05.465897 ********************* End of CFGM dump **********************
00:00:05.465971 VM: fHMEnabled=true (configured) fRecompileUser=false fRecompileSupervisor=false
00:00:05.465974 VM: fRawRing1Enabled=false CSAM=true PATM=true
00:00:05.466371 HM: HMR3Init: AMD-V w/ nested paging
00:00:05.466521 MM: cbHyperHeap=0x240000 (2359296)
00:00:05.468044 CPUM: fXStateHostMask=0x0; initial: 0x0; host XCR0=0x0
00:00:05.473059 Warning: /CPUM/MWaitExtensions is deprecated, use /CPUM/IsaExts/MWaitExtensions instead.
00:00:05.473641 CPUM: Matched host CPU AMD 0x10/0x5/0x3 AMD_K10 with CPU DB entry 'AMD Phenom II X6 1100T' (AMD 0x10/0xa/0x0 AMD_K10)
00:00:05.475524 AssertLogRel F:\tinderbox\win-rel\src\VBox\VMM\VMMR3\CPUMR3CpuId.cpp(1682) int __cdecl cpumR3CpuIdExplodeFeatures(const struct CPUMCPUIDLEAF *,unsigned int,struct CPUMFEATURES *): <NULL>
00:00:05.475532 Expected leaf eax=0xd/ecx=0 with the XSAVE/XRSTOR feature!
00:00:05.475598 CPUM: MSR fudge: 0x00000017 IA32_PLATFORM_ID
00:00:05.475606 CPUM: MSR fudge: 0x000001a0 IA32_MISC_ENABLE
00:00:05.475683 CPUM: SetGuestCpuIdFeature: Enabled PAE
00:00:05.477539 PGM: HCPhysInterPD=00000000c74a3000 HCPhysInterPaePDPT=00000000c74a0000 HCPhysInterPaePML4=00000000c749e000
00:00:05.477574 PGM: apInterPTs={00000000c74a2000,00000000c74a1000} apInterPaePTs={0000000233941000,00000001259c2000} apInterPaePDs={0000000293afb000,00000000accc4000,000000015f555000,000000021e1d6000} pInterPaePDPT64=00000000c749f000
00:00:05.477583 PGM: Host paging mode: AMD64+PGE+NX
00:00:05.477651 PGM: PGMPool: cMaxPages=1072 (u64MaxPages=1058)
00:00:05.477657 PGM: pgmR3PoolInit: cMaxPages=0x430 cMaxUsers=0x860 cMaxPhysExts=0x860 fCacheEnable=true
00:00:05.521050 TM: GIP - u32Mode=3 (Invariant) u32UpdateHz=93 u32UpdateIntervalNS=10741500 enmUseTscDelta=3 (Roughly Zero) fGetGipCpu=0x3 cCpus=4
00:00:05.521079 TM: GIP - u64CpuHz=3 000 135 195 (0xb2d26e1b) SUPGetCpuHzFromGip => 3 000 135 195
00:00:05.521086 TM: GIP - CPU: iCpuSet=0x0 idCpu=0x0 idApic=0x0 iGipCpu=0x0 i64TSCDelta=0 enmState=3 u64CpuHz=3000135195(*) cErrors=0
00:00:05.521092 TM: GIP - CPU: iCpuSet=0x1 idCpu=0x1 idApic=0x1 iGipCpu=0x2 i64TSCDelta=0 enmState=3 u64CpuHz=3000133681(*) cErrors=0
00:00:05.521097 TM: GIP - CPU: iCpuSet=0x2 idCpu=0x2 idApic=0x2 iGipCpu=0x3 i64TSCDelta=-350 enmState=3 u64CpuHz=3000134692(*) cErrors=0
00:00:05.521102 TM: GIP - CPU: iCpuSet=0x3 idCpu=0x3 idApic=0x3 iGipCpu=0x1 i64TSCDelta=0 enmState=3 u64CpuHz=3000342705(*) cErrors=0
00:00:05.521237 TM: cTSCTicksPerSecond=3 000 135 195 (0xb2d26e1b) enmTSCMode=1 (VirtTscEmulated)
00:00:05.521240 TM: TSCTiedToExecution=false TSCNotTiedToHalt=false
00:00:05.526691 VMM: CoreCode: R3=0000000009810000 R0=ffffd0002ab70000 RC=a0abc000 Phys=00000000c7442000 cb=0x1000
00:00:05.527512 GIM: Using provider 'Minimal' (Implementation version: 0)
00:00:05.527546 CPUM: SetGuestCpuIdFeature: Enabled Hypervisor Present bit
00:00:05.527700 AIOMgr: Default manager type is 'Async'
00:00:05.527784 AIOMgr: Default file backend is 'NonBuffered'
00:00:05.528197 BlkCache: Cache successfully initialized. Cache size is 5242880 bytes
00:00:05.528215 BlkCache: Cache commit interval is 10000 ms
00:00:05.528219 BlkCache: Cache commit threshold is 2621440 bytes
00:00:05.847679 EFI: boot args =
00:00:05.847697 EFI: device props =
00:00:05.872190 DMI: Using DmiSystemProduct from host: TA870+
00:00:05.878660 DMI: Using DmiSystemVersion from host:
00:00:05.896856 SUP: Loaded VBoxDDR0.r0 (C:\Program Files\Oracle\VirtualBox\VBoxDDR0.r0) at 0xfffff8019d520000 - ModuleInit at 0000000000000000 and ModuleTerm at 0000000000000000 using the native ring-0 loader
00:00:05.896889 SUP: windbg> .reload /f C:\Program Files\Oracle\VirtualBox\VBoxDDR0.r0=0xfffff8019d520000
00:00:05.908834 SUP: Loaded VBoxDD2R0.r0 (C:\Program Files\Oracle\VirtualBox\VBoxDD2R0.r0) at 0xfffff8019d550000 - ModuleInit at 0000000000000000 and ModuleTerm at 0000000000000000 using the native ring-0 loader
00:00:05.908856 SUP: windbg> .reload /f C:\Program Files\Oracle\VirtualBox\VBoxDD2R0.r0=0xfffff8019d550000
00:00:05.908923 APIC: Activating Local APIC
00:00:05.908929 CPUM: SetGuestCpuIdFeature: Enabled APIC
00:00:05.909696 PIT: mode=3 count=0x10000 (65536) - 18.20 Hz (ch=0)
00:00:05.921079 Shared Folders service loaded
00:00:06.033390 DrvBlock: Flushes will be ignored
00:00:06.033421 DrvBlock: Async flushes will be passed to the disk
00:00:06.033784 VD: VDInit finished
00:00:06.227243 AIOMgr: Endpoint for file 'D:\driver\virtualBox\osx_default_1438532316607_51095\box-disk1.vmdk' (flags 000c0723) created successfully
00:00:06.343642 AIOMgr: Preparing flush failed with VERR_NOT_SUPPORTED, disabling async flushes
00:00:06.343751 VD: Opening the disk took 310247883 ns
00:00:06.343954 AHCI: LUN#0: disk, PCHS=16383/16/63, total number of sectors 104857600
00:00:06.343965 AHCI: LUN#0: using async I/O
00:00:06.350519 DrvBlock: Flushes will be ignored
00:00:06.350557 DrvBlock: Async flushes will be passed to the disk
00:00:06.350574 AHCI LUN#1: CD/DVD, total number of sectors 0, passthrough disabled
00:00:06.350582 AHCI: LUN#1: using normal I/O
00:00:06.355141 AHCI#0: Reset the HBA
00:00:06.375810 NAT: DNS#0: 192.168.3.1
00:00:06.375848 NAT: DNS#1: 192.168.3.1
00:00:06.377816 IntNet#0: szNetwork={HostInterfaceNetworking-Realtek PCIe GBE Family Controller} enmTrunkType=3 szTrunk={\DEVICE\{C256ECC9-6C48-400F-9EC2-E932652B3C05}} fFlags=0x8000 cbRecv=325632 cbSend=196608 fIgnoreConnectFailure=false
00:00:06.384894 VUSB: Attached 'HidKeyboard' to port 1
00:00:06.402645 VUSB: Attached 'HidMouse' to port 2
00:00:06.407882 PGM: The CPU physical address width is 48 bits
00:00:06.407929 PGM: PGMR3InitFinalize: 4 MB PSE mask 0000ffffffffffff
00:00:06.408175 TM: TMR3InitFinalize: fTSCModeSwitchAllowed=true
00:00:06.423794 VMM: Thread-context hooks unavailable
00:00:06.424223 HM: Using AMD-V implementation 2.0!
00:00:06.424224 HM: Max resume loops = 1024
00:00:06.424226 HM: CPUID 0x80000001.u32AMDFeatureECX = 0x37ff
00:00:06.424228 HM: CPUID 0x80000001.u32AMDFeatureEDX = 0xefd3fbff
00:00:06.424229 HM: AMD HWCR MSR = 0x1000010
00:00:06.424230 HM: AMD-V revision = 0x1
00:00:06.424231 HM: AMD-V max ASID = 64
00:00:06.424232 HM: AMD-V features = 0xf
00:00:06.424232 HM: AMD_CPUID_SVM_FEATURE_EDX_NESTED_PAGING
00:00:06.424233 HM: AMD_CPUID_SVM_FEATURE_EDX_LBR_VIRT
00:00:06.424234 HM: AMD_CPUID_SVM_FEATURE_EDX_SVM_LOCK
00:00:06.424235 HM: AMD_CPUID_SVM_FEATURE_EDX_NRIP_SAVE
00:00:06.424242 HM: AMD-V enabled!
00:00:06.424243 HM: Nested paging enabled!
00:00:06.424244 HM: Large page support enabled!
00:00:06.424249 CPUM: SetGuestCpuIdFeature: Enabled SYSENTER/EXIT
00:00:06.424250 CPUM: SetGuestCpuIdFeature: Enabled SYSCALL/RET
00:00:06.424251 CPUM: SetGuestCpuIdFeature: Enabled PAE
00:00:06.424252 CPUM: SetGuestCpuIdFeature: Enabled LONG MODE
00:00:06.424252 CPUM: SetGuestCpuIdFeature: Enabled NX
00:00:06.424253 CPUM: SetGuestCpuIdFeature: Enabled LAHF/SAHF
00:00:06.424254 HM: TPR patching disabled
00:00:06.424255 HM: Guest support: 32-bit and 64-bit
00:00:06.424300 HM: VT-x/AMD-V init method: LOCAL
00:00:06.424302 VMM: fUsePeriodicPreemptionTimers=false
00:00:06.424448 CPUM: Logical host processors: 4 present, 4 max, 4 online, online mask: 000000000000000f
00:00:06.438114 CPUM: Physical host cores: 4
00:00:06.438117 ************************* CPUID dump ************************
00:00:06.438166 Raw Standard CPUID Leaves
00:00:06.438166 Leaf/sub-leaf eax ebx ecx edx
00:00:06.438191 Gst: 00000000/0000 00000005 68747541 444d4163 69746e65
00:00:06.438194 Hst: 00000005 68747541 444d4163 69746e65
00:00:06.438196 Gst: 00000001/0000 000206a7 00040800 82982203 178bfbff
00:00:06.438198 Hst: 00100f53 00040800 00802009 178bfbff
00:00:06.438199 Gst: 00000002/0000 00000000 00000000 00000000 00000000
00:00:06.438200 Hst: 00000000 00000000 00000000 00000000
00:00:06.438201 Gst: 00000003/0000 00000000 00000000 00000000 00000000
00:00:06.438202 Hst: 00000000 00000000 00000000 00000000
00:00:06.438203 Gst: 00000004/0000 00000000 00000000 00000000 00000000
00:00:06.438204 Hst: 00000000 00000000 00000000 00000000
00:00:06.438206 Gst: 00000005/0000 00000000 00000000 00000003 00000000
00:00:06.438207 Hst: 00000040 00000040 00000003 00000000
00:00:06.438208 Name: AuthenticAMD
00:00:06.438210 Supports: 0x00000000-0x00000005
00:00:06.438230 Family: 6 Extended: 0 Effective: 6
00:00:06.438232 Model: 10 Extended: 2 Effective: 10
00:00:06.438234 Stepping: 7
00:00:06.438235 Type: 0 (primary)
00:00:06.438236 APIC ID: 0x00
00:00:06.438237 Logical CPUs: 4
00:00:06.438238 CLFLUSH Size: 8
00:00:06.438239 Brand ID: 0x00
00:00:06.438240 Features
00:00:06.438241 Mnemonic - Description = guest (host)
00:00:06.438264 FPU - x87 FPU on Chip = 1 (1)
00:00:06.438266 VME - Virtual 8086 Mode Enhancements = 1 (1)
00:00:06.438267 DE - Debugging extensions = 1 (1)
00:00:06.438269 PSE - Page Size Extension = 1 (1)
00:00:06.438270 TSC - Time Stamp Counter = 1 (1)
00:00:06.438272 MSR - Model Specific Registers = 1 (1)
00:00:06.438273 PAE - Physical Address Extension = 1 (1)
00:00:06.438274 MCE - Machine Check Exception = 1 (1)
00:00:06.438275 CX8 - CMPXCHG8B instruction = 1 (1)
00:00:06.438277 APIC - APIC On-Chip = 1 (1)
00:00:06.438278 SEP - SYSENTER and SYSEXIT Present = 1 (1)
00:00:06.438280 MTRR - Memory Type Range Registers = 1 (1)
00:00:06.438281 PGE - PTE Global Bit = 1 (1)
00:00:06.438282 MCA - Machine Check Architecture = 1 (1)
00:00:06.438283 CMOV - Conditional Move instructions = 1 (1)
00:00:06.438285 PAT - Page Attribute Table = 1 (1)
00:00:06.438286 PSE-36 - 36-bit Page Size Extension = 1 (1)
00:00:06.438287 PSN - Processor Serial Number = 0 (0)
00:00:06.438289 CLFSH - CLFLUSH instruction = 1 (1)
00:00:06.438290 DS - Debug Store = 0 (0)
00:00:06.438291 ACPI - Thermal Mon. & Soft. Clock Ctrl. = 0 (0)
00:00:06.438293 MMX - Intel MMX Technology = 1 (1)
00:00:06.438294 FXSR - FXSAVE and FXRSTOR instructions = 1 (1)
00:00:06.438295 SSE - SSE support = 1 (1)
00:00:06.438297 SSE2 - SSE2 support = 1 (1)
00:00:06.438298 SS - Self Snoop = 0 (0)
00:00:06.438299 HTT - Hyper-Threading Technology = 1 (1)
00:00:06.438301 TM - Therm. Monitor = 0 (0)
00:00:06.438302 PBE - Pending Break Enabled = 0 (0)
00:00:06.438303 SSE3 - SSE3 support = 1 (1)
00:00:06.438305 PCLMUL - PCLMULQDQ support (for AES-GCM) = 1 (0)
00:00:06.438306 DTES64 - DS Area 64-bit Layout = 0 (0)
00:00:06.438307 MONITOR - MONITOR/MWAIT instructions = 0 (1)
00:00:06.438309 CPL-DS - CPL Qualified Debug Store = 0 (0)
00:00:06.438310 VMX - Virtual Machine Extensions = 0 (0)
00:00:06.438311 SMX - Safer Mode Extensions = 0 (0)
00:00:06.438312 EST - Enhanced SpeedStep Technology = 0 (0)
00:00:06.438314 TM2 - Terminal Monitor 2 = 0 (0)
00:00:06.438315 SSSE3 - Supplemental Streaming SIMD Extensions 3 = 1 (0)
00:00:06.438316 CNTX-ID - L1 Context ID = 0 (0)
00:00:06.438318 SDBG - Silicon Debug interface = 0 (0)
00:00:06.438319 FMA - Fused Multiply Add extensions = 0 (0)
00:00:06.438320 CX16 - CMPXCHG16B instruction = 1 (1)
00:00:06.438321 TPRUPDATE - xTPR Update Control = 0 (0)
00:00:06.438323 PDCM - Perf/Debug Capability MSR = 0 (0)
00:00:06.438324 PCID - Process Context Identifiers = 0 (0)
00:00:06.438325 DCA - Direct Cache Access = 0 (0)
00:00:06.438326 SSE4_1 - SSE4_1 support = 1 (0)
00:00:06.438328 SSE4_2 - SSE4_2 support = 1 (0)
00:00:06.438329 X2APIC - x2APIC support = 0 (0)
00:00:06.438330 MOVBE - MOVBE instruction = 0 (0)
00:00:06.438332 POPCNT - POPCNT instruction = 1 (1)
00:00:06.438333 TSCDEADL - Time Stamp Counter Deadline = 0 (0)
00:00:06.438334 AES - AES instructions = 1 (0)
00:00:06.438336 XSAVE - XSAVE instruction = 0 (0)
00:00:06.438337 OSXSAVE - OSXSAVE instruction = 0 (0)
00:00:06.438338 AVX - AVX support = 0 (0)
00:00:06.438340 F16C - 16-bit floating point conversion instructions = 0 (0)
00:00:06.438341 RDRAND - RDRAND instruction = 0 (0)
00:00:06.438342 HVP - Hypervisor Present (we're a guest) = 1 (0)
00:00:06.438363 Raw Hypervisor CPUID Leaves
00:00:06.438364 Leaf/sub-leaf eax ebx ecx edx
00:00:06.438364 Gst: 40000000/0000 40000010 786f4256 786f4256 786f4256
00:00:06.438366 Hst: 00000000 00000000 00000000 00000000
00:00:06.438367 Gst: 40000001/0000 656e6f6e 00000000 00000000 00000000
00:00:06.438369 Hst: 00000000 00000000 00000000 00000000
00:00:06.438370 Gst: 40000002/0000 00000000 00000000 00000000 00000000
00:00:06.438371 Hst: 00000000 00000000 00000000 00000000
00:00:06.438372 Gst: 40000003/0000 00000000 00000000 00000000 00000000
00:00:06.438373 Hst: 00000000 00000000 00000000 00000000
00:00:06.438374 Gst: 40000004/0000 00000000 00000000 00000000 00000000
00:00:06.438376 Hst: 00000000 00000000 00000000 00000000
00:00:06.438376 Gst: 40000005/0000 00000000 00000000 00000000 00000000
00:00:06.438378 Hst: 00000000 00000000 00000000 00000000
00:00:06.438379 Gst: 40000006/0000 00000000 00000000 00000000 00000000
00:00:06.438380 Hst: 00000000 00000000 00000000 00000000
00:00:06.438381 Gst: 40000007/0000 00000000 00000000 00000000 00000000
00:00:06.438382 Hst: 00000000 00000000 00000000 00000000
00:00:06.438383 Gst: 40000008/0000 00000000 00000000 00000000 00000000
00:00:06.438384 Hst: 00000000 00000000 00000000 00000000
00:00:06.438385 Gst: 40000009/0000 00000000 00000000 00000000 00000000
00:00:06.438386 Hst: 00000000 00000000 00000000 00000000
00:00:06.438387 Gst: 4000000a/0000 00000000 00000000 00000000 00000000
00:00:06.438389 Hst: 00000000 00000000 00000000 00000000
00:00:06.438390 Gst: 4000000b/0000 00000000 00000000 00000000 00000000
00:00:06.438391 Hst: 00000000 00000000 00000000 00000000
00:00:06.438392 Gst: 4000000c/0000 00000000 00000000 00000000 00000000
00:00:06.438393 Hst: 00000000 00000000 00000000 00000000
00:00:06.438394 Gst: 4000000d/0000 00000000 00000000 00000000 00000000
00:00:06.438395 Hst: 00000000 00000000 00000000 00000000
00:00:06.438396 Gst: 4000000e/0000 00000000 00000000 00000000 00000000
00:00:06.438397 Hst: 00000000 00000000 00000000 00000000
00:00:06.438398 Gst: 4000000f/0000 00000000 00000000 00000000 00000000
00:00:06.438399 Hst: 00000000 00000000 00000000 00000000
00:00:06.438400 Gst: 40000010/0000 002dc747 000f4240 00000000 00000000
00:00:06.438402 Hst: 00000000 00000000 00000000 00000000
00:00:06.438405 Raw Extended CPUID Leaves
00:00:06.438406 Leaf/sub-leaf eax ebx ecx edx
00:00:06.438406 Gst: 80000000/0000 8000001b 68747541 444d4163 69746e65
00:00:06.438408 Hst: 8000001b 68747541 444d4163 69746e65
00:00:06.438410 Gst: 80000001/0000 00100f53 10005286 000001f3 ebd3fb7f
00:00:06.438412 Hst: 00100f53 10005286 000037ff efd3fbff
00:00:06.438413 Gst: 80000002/0000 20444d41 6c687441 74286e6f 4920296d
00:00:06.438415 Hst: 20444d41 6c687441 74286e6f 4920296d
00:00:06.438417 Gst: 80000003/0000 34582049 30343620 6f725020 73736563
00:00:06.438418 Hst: 34582049 30343620 6f725020 73736563
00:00:06.438420 Gst: 80000004/0000 0000726f 00000000 00000000 00000000
00:00:06.438421 Hst: 0000726f 00000000 00000000 00000000
00:00:06.438422 Gst: 80000005/0000 ff30ff10 ff30ff20 40020140 40020140
00:00:06.438424 Hst: ff30ff10 ff30ff20 40020140 40020140
00:00:06.438426 Gst: 80000006/0000 20800000 42004200 02008140 00000000
00:00:06.438428 Hst: 20800000 42004200 02008140 00000000
00:00:06.438429 Gst: 80000007/0000 00000000 00000000 00000000 00000000
00:00:06.438430 Hst: 00000000 00000000 00000000 000001f9
00:00:06.438431 Gst: 80000008/0000 00003030 00000000 00000003 00000000
00:00:06.438433 Hst: 00003030 00000000 00002003 00000000
00:00:06.438434 Gst: 80000009/0000 00000000 00000000 00000000 00000000
00:00:06.438435 Hst: 00000000 00000000 00000000 00000000
00:00:06.438436 Gst: 8000000a/0000 00000000 00000000 00000000 00000000
00:00:06.438437 Hst: 00000001 00000040 00000000 0000000f
00:00:06.438438 Gst: 8000000b/0000 00000000 00000000 00000000 00000000
00:00:06.438440 Hst: 00000000 00000000 00000000 00000000
00:00:06.438440 Gst: 8000000c/0000 00000000 00000000 00000000 00000000
00:00:06.438442 Hst: 00000000 00000000 00000000 00000000
00:00:06.438443 Gst: 8000000d/0000 00000000 00000000 00000000 00000000
00:00:06.438444 Hst: 00000000 00000000 00000000 00000000
00:00:06.438445 Gst: 8000000e/0000 00000000 00000000 00000000 00000000
00:00:06.438446 Hst: 00000000 00000000 00000000 00000000
00:00:06.438447 Gst: 8000000f/0000 00000000 00000000 00000000 00000000
00:00:06.438448 Hst: 00000000 00000000 00000000 00000000
00:00:06.438449 Gst: 80000010/0000 00000000 00000000 00000000 00000000
00:00:06.438450 Hst: 00000000 00000000 00000000 00000000
00:00:06.438451 Gst: 80000011/0000 00000000 00000000 00000000 00000000
00:00:06.438453 Hst: 00000000 00000000 00000000 00000000
00:00:06.438454 Gst: 80000012/0000 00000000 00000000 00000000 00000000
00:00:06.438455 Hst: 00000000 00000000 00000000 00000000
00:00:06.438456 Gst: 80000013/0000 00000000 00000000 00000000 00000000
00:00:06.438457 Hst: 00000000 00000000 00000000 00000000
00:00:06.438458 Gst: 80000014/0000 00000000 00000000 00000000 00000000
00:00:06.438459 Hst: 00000000 00000000 00000000 00000000
00:00:06.438460 Gst: 80000015/0000 00000000 00000000 00000000 00000000
00:00:06.438461 Hst: 00000000 00000000 00000000 00000000
00:00:06.438462 Gst: 80000016/0000 00000000 00000000 00000000 00000000
00:00:06.438464 Hst: 00000000 00000000 00000000 00000000
00:00:06.438465 Gst: 80000017/0000 00000000 00000000 00000000 00000000
00:00:06.438466 Hst: 00000000 00000000 00000000 00000000
00:00:06.438467 Gst: 80000018/0000 00000000 00000000 00000000 00000000
00:00:06.438468 Hst: 00000000 00000000 00000000 00000000
00:00:06.438469 Gst: 80000019/0000 f0300000 60100000 00000000 00000000
00:00:06.438471 Hst: f0300000 60100000 00000000 00000000
00:00:06.438472 Gst: 8000001a/0000 00000003 00000000 00000000 00000000
00:00:06.438473 Hst: 00000003 00000000 00000000 00000000
00:00:06.438474 Gst: 8000001b/0000 00000000 00000000 00000000 00000000
00:00:06.438475 Hst: 0000001f 00000000 00000000 00000000
00:00:06.438476 Ext Name: AuthenticAMD
00:00:06.438477 Ext Supports: 0x80000000-0x8000001b
00:00:06.438478 Family: 15 Extended: 1 Effective: 16
00:00:06.438479 Model: 5 Extended: 0 Effective: 5
00:00:06.438480 Stepping: 3
00:00:06.438481 Brand ID: 0x286
00:00:06.438482 Ext Features
00:00:06.438482 Mnemonic - Description = guest (host)
00:00:06.438483 FPU - x87 FPU on Chip = 1 (1)
00:00:06.438485 VME - Virtual 8086 Mode Enhancements = 1 (1)
00:00:06.438486 DE - Debugging extensions = 1 (1)
00:00:06.438487 PSE - Page Size Extension = 1 (1)
00:00:06.438489 TSC - Time Stamp Counter = 1 (1)
00:00:06.438530 MSR - K86 Model Specific Registers = 1 (1)
00:00:06.438532 PAE - Physical Address Extension = 1 (1)
00:00:06.438533 MCE - Machine Check Exception = 0 (1)
00:00:06.438534 CX8 - CMPXCHG8B instruction = 1 (1)
00:00:06.438536 APIC - APIC On-Chip = 1 (1)
00:00:06.438537 SEP - SYSCALL/SYSRET = 1 (1)
00:00:06.438538 MTRR - Memory Type Range Registers = 1 (1)
00:00:06.438540 PGE - PTE Global Bit = 1 (1)
00:00:06.438541 MCA - Machine Check Architecture = 1 (1)
00:00:06.438542 CMOV - Conditional Move instructions = 1 (1)
00:00:06.438544 PAT - Page Attribute Table = 1 (1)
00:00:06.438545 PSE-36 - 36-bit Page Size Extension = 1 (1)
00:00:06.438546 NX - No-Execute/Execute-Disable = 1 (1)
00:00:06.438548 AXMMX - AMD Extensions to MMX instructions = 1 (1)
00:00:06.438549 MMX - Intel MMX Technology = 1 (1)
00:00:06.438550 FXSR - FXSAVE and FXRSTOR Instructions = 1 (1)
00:00:06.438552 FFXSR - AMD fast FXSAVE and FXRSTOR instructions = 1 (1)
00:00:06.438553 Page1GB - 1 GB large page = 0 (1)
00:00:06.438554 RDTSCP - RDTSCP instruction = 1 (1)
00:00:06.438555 LM - AMD64 Long Mode = 1 (1)
00:00:06.438557 3DNOWEXT - AMD Extensions to 3DNow = 1 (1)
00:00:06.438558 3DNOW - AMD 3DNow = 1 (1)
00:00:06.438559 LahfSahf - LAHF/SAHF support in 64-bit mode = 1 (1)
00:00:06.438561 CmpLegacy - Core multi-processing legacy mode = 1 (1)
00:00:06.438562 SVM - AMD VM extensions = 0 (1)
00:00:06.438563 EXTAPIC - AMD Extended APIC registers = 0 (1)
00:00:06.438564 CR8L - AMD LOCK MOV CR0 means MOV CR8 = 1 (1)
00:00:06.438565 ABM - AMD Advanced Bit Manipulation = 1 (1)
00:00:06.438567 SSE4A - SSE4A instructions = 1 (1)
00:00:06.438568 MISALIGNSSE - AMD Misaligned SSE mode = 1 (1)
00:00:06.438569 3DNOWPRF - AMD PREFETCH and PREFETCHW instructions = 1 (1)
00:00:06.438570 OSVW - AMD OS Visible Workaround = 0 (1)
00:00:06.438571 IBS - Instruct Based Sampling = 0 (1)
00:00:06.438573 XOP - Extended Operation support = 0 (0)
00:00:06.438574 SKINIT - SKINIT, STGI, and DEV support = 0 (1)
00:00:06.438575 WDT - AMD Watchdog Timer support = 0 (1)
00:00:06.438576 LWP - Lightweight Profiling support = 0 (0)
00:00:06.438578 FMA4 - Four operand FMA instruction support = 0 (0)
00:00:06.438579 NodeId - NodeId in MSR C001_100C = 0 (0)
00:00:06.438580 TBM - Trailing Bit Manipulation instructions = 0 (0)
00:00:06.438581 TOPOEXT - Topology Extensions = 0 (0)
00:00:06.438583 Full Name: "AMD Athlon(tm) II X4 640 Processor"
00:00:06.438584 TLB 2/4M Instr/Uni: fully 16 entries
00:00:06.438585 TLB 2/4M Data: fully 48 entries
00:00:06.438586 TLB 4K Instr/Uni: fully 32 entries
00:00:06.438586 TLB 4K Data: fully 48 entries
00:00:06.438588 L1 Instr Cache Line Size: 64 bytes
00:00:06.438588 L1 Instr Cache Lines Per Tag: 1
00:00:06.438589 L1 Instr Cache Associativity: 2 way
00:00:06.438590 L1 Instr Cache Size: 64 KB
00:00:06.438591 L1 Data Cache Line Size: 64 bytes
00:00:06.438591 L1 Data Cache Lines Per Tag: 1
00:00:06.438592 L1 Data Cache Associativity: 2 way
00:00:06.438593 L1 Data Cache Size: 64 KB
00:00:06.438593 L2 TLB 2/4M Instr/Uni: off 0 entries
00:00:06.438594 L2 TLB 2/4M Data: 2 way 128 entries
00:00:06.438595 L2 TLB 4K Instr/Uni: 4 way 512 entries
00:00:06.438596 L2 TLB 4K Data: 4 way 512 entries
00:00:06.438597 L2 Cache Line Size: 0 bytes
00:00:06.438598 L2 Cache Lines Per Tag: 0
00:00:06.438598 L2 Cache Associativity: off
00:00:06.438599 L2 Cache Size: 0 KB
00:00:06.438600 APM Features:
00:00:06.438601 Host Invariant-TSC support: true
00:00:06.438603 Physical Address Width: 48 bits
00:00:06.438604 Virtual Address Width: 48 bits
00:00:06.438604 Guest Physical Address Width: 0 bits
00:00:06.438605 Physical Core Count: 3
00:00:06.438606
00:00:06.438607 ******************** End of CPUID dump **********************
00:00:06.449066 VM: Halt method global1 (5)
00:00:06.449179 HaltedGlobal1 config: cNsSpinBlockThresholdCfg=50000
00:00:06.449406 Changing the VM state from 'CREATING' to 'CREATED'
00:00:06.455859 Changing the VM state from 'CREATED' to 'POWERING_ON'
00:00:06.455961 NAT: set redirect TCP host 127.0.0.1:2222 => guest 10.0.2.15:22
00:00:06.561589 AIOMgr: Endpoints without assigned bandwidth groups:
00:00:06.561628 AIOMgr: D:\driver\virtualBox\osx_default_1438532316607_51095\box-disk1.vmdk
00:00:06.561759 Changing the VM state from 'POWERING_ON' to 'RUNNING'
00:00:06.561794 Console: Machine state changed to 'Running'
00:00:06.909642 EFI: debug point SEC_PREMEM
00:00:07.017312 EFI: VBoxDbg> loadimage64 '.efi' 0xfffec064 LB 0x0
00:00:07.017423 EFI: VBoxDbg> loadimage64 '.efi' 0x2000120 LB 0x0
00:00:07.017524 EFI: VBoxDbg> loadimage64 '.efi' 0x2009b20 LB 0x2cc0
00:00:07.017614 EFI: VBoxDbg> loadimage64 '.efi' 0x200ca20 LB 0x45c0
00:00:07.018296 EFI: VBoxDbg> loadimage64 '.efi' 0x2011220 LB 0x7b20
00:00:07.018545 EFI: debug point SEC_POSTMEM
00:00:07.021733 EFI: VBoxDbg> loadimage64 '.efi' 0x7ffc5000 LB 0x9800
00:00:07.021899 EFI: VBoxDbg> loadimage64 '.efi' 0x7ffc0000 LB 0x41e0
00:00:07.029991 EFI: VBoxDbg> loadimage64 '.efi' 0x7fc33000 LB 0x1a740
00:00:07.031834 EFI: debug point DXE_CORE
00:00:07.033369 EFI: VBoxDbg> loadimage64 '.efi' 0x7fc33000 LB 0x0
00:00:07.055646 EFI: VBoxDbg> loadimage64 '.efi' 0x7fb67000 LB 0x40a0
00:00:07.056037 EFI: VBoxDbg> loadimage64 '.efi' 0x7fb93000 LB 0x84c0
00:00:07.056359 EFI: VBoxDbg> loadimage64 '.efi' 0x7fb8d000 LB 0x5300
00:00:07.056701 EFI: VBoxDbg> loadimage64 '.efi' 0x7fb63000 LB 0x3a40
00:00:07.056971 EFI: VBoxDbg> loadimage64 '.efi' 0x7fb5c000 LB 0x6440
00:00:07.060741 EFI: VBoxDbg> loadimage64 '.efi' 0x7fb5b000 LB 0xce0
00:00:07.061094 EFI: VBoxDbg> loadimage64 '.efi' 0x7fb59000 LB 0x1120
00:00:07.061384 EFI: VBoxDbg> loadimage64 '.efi' 0x7fb50000 LB 0x8900
00:00:07.061669 EFI: VBoxDbg> loadimage64 '.efi' 0x7fb8a000 LB 0x20a0
00:00:07.061932 EFI: VBoxDbg> loadimage64 '.efi' 0x7fb4c000 LB 0x3740
00:00:07.062281 EFI: VBoxDbg> loadimage64 '.efi' 0x7fb86000 LB 0x3a00
00:00:07.062760 EFI: VBoxDbg> loadimage64 '.efi' 0x7fb47000 LB 0x4b80
00:00:07.063140 EFI: VBoxDbg> loadimage64 '.efi' 0x7fb7c000 LB 0x9220
00:00:07.063732 EFI: Adding variable e660597e-b94d-4209-9c80-1805b5d19b69::'Test0' fAttrib=0x7 cbValue=0x10
00:00:07.064914 EFI: Adding variable e660597e-b94d-4209-9c80-1805b5d19b69::'Test1' fAttrib=0x7 cbValue=0x20
00:00:07.065696 EFI: VBoxDbg> loadimage64 '.efi' 0x7fb3d000 LB 0x9ee0
00:00:07.065972 EFI: VBoxDbg> loadimage64 '.efi' 0x7fb3a000 LB 0x23a0
00:00:07.066402 EFI: VBoxDbg> loadimage64 '.efi' 0x7fb28000 LB 0x11660
00:00:07.066882 EFI: VBoxDbg> loadimage64 '.efi' 0x7fb25000 LB 0x2a20
00:00:07.067167 EFI: VBoxDbg> loadimage64 '.efi' 0x7fb22000 LB 0x2f40
00:00:07.067449 EFI: VBoxDbg> loadimage64 '.efi' 0x7fb76000 LB 0x5da0
00:00:07.067847 EFI: VBoxDbg> loadimage64 '.efi' 0x7fb1e000 LB 0x3700
00:00:07.068147 EFI: VBoxDbg> loadimage64 '.efi' 0x7fb15000 LB 0x85a0
00:00:07.068550 EFI: VBoxDbg> loadimage64 '.efi' 0x7fb14000 LB 0xbe0
00:00:07.068710 PIT: mode=3 count=0x2e9c (11932) - 99.99 Hz (ch=0)
00:00:07.068978 EFI: VBoxDbg> loadimage64 '.efi' 0x7fb0d000 LB 0x6ae0
00:00:07.069277 EFI: VBoxDbg> loadimage64 '.efi' 0x7fb6f000 LB 0x6360
00:00:07.070294 EFI: Adding variable 378d7b65-8da9-4773-b6e4-a47826a833e1::'RTC' fAttrib=0x7 cbValue=0x4
00:00:07.070583 EFI: VBoxDbg> loadimage64 '.efi' 0x7fb6e000 LB 0xe40
00:00:07.071421 EFI: Adding variable eb704011-1402-11d3-8e77-00a0c969723b::'MTC' fAttrib=0x7 cbValue=0x4
00:00:07.071896 EFI: VBoxDbg> loadimage64 '.efi' 0x7e9e7000 LB 0x47c0
00:00:07.072475 EFI: VBoxDbg> loadimage64 '.efi' 0x7fae1000 LB 0x2b780
00:00:07.073253 EFI: VBoxDbg> loadimage64 '.efi' 0x7fac6000 LB 0x1a340
00:00:07.076295 EFI: VBoxDbg> loadimage64 '.efi' 0x7e9df000 LB 0x7c60
00:00:07.076702 EFI: VBoxDbg> loadimage64 '.efi' 0x7fac3000 LB 0x2ac0
00:00:07.076968 EFI: VBoxDbg> loadimage64 '.efi' 0x7fac0000 LB 0x2d20
00:00:07.077294 EFI: VBoxDbg> loadimage64 '.efi' 0x7fabd000 LB 0x26a0
00:00:07.077639 EFI: VBoxDbg> loadimage64 '.efi' 0x7faab000 LB 0x11500
00:00:07.077935 EFI: VBoxDbg> loadimage64 '.efi' 0x7faa6000 LB 0x40c0
00:00:07.078387 EFI: VBoxDbg> loadimage64 '.efi' 0x7faa1000 LB 0x4d20
00:00:07.078711 EFI: VBoxDbg> loadimage64 '.efi' 0x7fa99000 LB 0x7f00
00:00:07.079125 EFI: VBoxDbg> loadimage64 '.efi' 0x7fa8d000 LB 0xba80
00:00:07.079502 EFI: VBoxDbg> loadimage64 '.efi' 0x7fa83000 LB 0x9540
00:00:07.079798 EFI: VBoxDbg> loadimage64 '.efi' 0x7fa7e000 LB 0x4480
00:00:07.080097 EFI: VBoxDbg> loadimage64 '.efi' 0x7fa75000 LB 0x8d20
00:00:07.080402 EFI: VBoxDbg> loadimage64 '.efi' 0x7fa74000 LB 0xf40
00:00:07.080777 EFI: VBoxDbg> loadimage64 '.efi' 0x7fa6e000 LB 0x5ca0
00:00:07.081103 EFI: VBoxDbg> loadimage64 '.efi' 0x7fa66000 LB 0x70e0
00:00:07.081420 EFI: VBoxDbg> loadimage64 '.efi' 0x7fa61000 LB 0x4300
00:00:07.081798 EFI: VBoxDbg> loadimage64 '.efi' 0x7fa52000 LB 0xe360
00:00:07.082243 EFI: VBoxDbg> loadimage64 '.efi' 0x7fa49000 LB 0x8b60
00:00:07.082670 EFI: VBoxDbg> loadimage64 '.efi' 0x7fa42000 LB 0x6a20
00:00:07.083020 EFI: VBoxDbg> loadimage64 '.efi' 0x7fa39000 LB 0x8e60
00:00:07.083513 EFI: VBoxDbg> loadimage64 '.efi' 0x7fa31000 LB 0x7ca0
00:00:07.083875 EFI: VBoxDbg> loadimage64 '.efi' 0x7fa28000 LB 0x8c40
00:00:07.084195 EFI: VBoxDbg> loadimage64 '.efi' 0x7fa25000 LB 0x2d20
00:00:07.084626 EFI: VBoxDbg> loadimage64 '.efi' 0x7fa1f000 LB 0x52a0
00:00:07.085199 EFI: Adding variable 4d1ede05-38c7-4a6a-9cc6-4bcca8b38c14::'BackgroundClear' fAttrib=0x6 cbValue=0x4
00:00:07.085587 EFI: Adding variable 4d1ede05-38c7-4a6a-9cc6-4bcca8b38c14::'FirmwareFeatures' fAttrib=0x7 cbValue=0x4
00:00:07.085995 EFI: Adding variable 4d1ede05-38c7-4a6a-9cc6-4bcca8b38c14::'FirmwareFeaturesMask' fAttrib=0x7 cbValue=0x4
00:00:07.086614 EFI: Adding variable 7c436110-ab2a-4bbb-a880-fe41995c9f82::'boot-args' fAttrib=0x6 cbValue=0x24
00:00:07.087259 EFI: VBoxDbg> loadimage64 '.efi' 0x7fa1a000 LB 0x45c0
00:00:07.087640 EFI: VBoxDbg> loadimage64 '.efi' 0x7fa14000 LB 0x5b60
00:00:07.088036 EFI: VBoxDbg> loadimage64 '.efi' 0x7fa0e000 LB 0x5b00
00:00:07.088424 EFI: VBoxDbg> loadimage64 '.efi' 0x7fa07000 LB 0x6520
00:00:07.088959 EFI: VBoxDbg> loadimage64 '.efi' 0x7f9fd000 LB 0x91a0
00:00:07.089510 EFI: VBoxDbg> loadimage64 '.efi' 0x7f9f4000 LB 0x8940
00:00:07.090103 EFI: VBoxDbg> loadimage64 '.efi' 0x7f9ee000 LB 0x5f80
00:00:07.090849 EFI: Adding variable 8be4df61-93ca-11d2-aa0d-00e098032b8c::'BootOptionSupport' fAttrib=0x6 cbValue=0x4
00:00:07.092436 EFI: Adding variable 8be4df61-93ca-11d2-aa0d-00e098032b8c::'LangCodes' fAttrib=0x6 cbValue=0xd
00:00:07.092936 EFI: Adding variable 8be4df61-93ca-11d2-aa0d-00e098032b8c::'PlatformLangCodes' fAttrib=0x6 cbValue=0x12
00:00:07.093452 EFI: Adding variable 8be4df61-93ca-11d2-aa0d-00e098032b8c::'Lang' fAttrib=0x7 cbValue=0x4
00:00:07.094119 EFI: Adding variable 8be4df61-93ca-11d2-aa0d-00e098032b8c::'PlatformLang' fAttrib=0x7 cbValue=0x6
00:00:07.166890 GUI: UIMachineViewNormal::resendSizeHint: Restoring guest size-hint for screen 0 to 1024x768
00:00:07.166944 VMMDev::SetVideoModeHint: got a video mode hint (1024x768x0)@(0x0),(1;0) at 0
00:00:07.174514 GUI: 2D video acceleration is disabled
00:00:07.174543 GUI: HID LEDs sync is enabled
00:00:07.174551 GUI: UIMachineLogicNormal::sltCheckForRequestedVisualStateType: Requested-state=0, Machine-state=5
00:00:07.199929 AHCI#0: Reset the HBA
00:00:07.718883 Display::handleDisplayResize: uScreenId=0 pvVRAM=000000000a240000 w=1024 h=768 bpp=32 cbLine=0x1000 flags=0x1
00:00:07.719000 GUI: UIFrameBufferPrivate::NotifyChange: Screen=0, Origin=0x0, Size=1024x768, Sending to async-handler
00:00:07.719213 GUI: UIMachineView::sltHandleNotifyChange: Screen=0, Size=1024x768
00:00:07.719247 GUI: UIFrameBufferPrivate::handleNotifyChange: Size=1024x768
00:00:07.719255 GUI: UIFrameBufferPrivate::performResize: Size=1024x768, Directly using source bitmap content
00:00:07.720592 EFI: Adding variable 8be4df61-93ca-11d2-aa0d-00e098032b8c::'ConOutDev' fAttrib=0x6 cbValue=0x1e
00:00:07.721524 EFI: Adding variable 8be4df61-93ca-11d2-aa0d-00e098032b8c::'ConOut' fAttrib=0x7 cbValue=0x1e
00:00:07.725127 EFI: Adding variable 8be4df61-93ca-11d2-aa0d-00e098032b8c::'ConIn' fAttrib=0x7 cbValue=0x22
00:00:07.727231 EFI: Replacing variable 8be4df61-93ca-11d2-aa0d-00e098032b8c::'ConOut' fAttrib=0x7 cbValue=0x67
00:00:07.746893 EFI: Replacing variable 8be4df61-93ca-11d2-aa0d-00e098032b8c::'ConIn' fAttrib=0x7 cbValue=0x6b
00:00:07.748588 EFI: Adding variable 8be4df61-93ca-11d2-aa0d-00e098032b8c::'ErrOut' fAttrib=0x7 cbValue=0x49
00:00:07.752506 EFI: Replacing variable 8be4df61-93ca-11d2-aa0d-00e098032b8c::'ConOut' fAttrib=0x7 cbValue=0xb0
00:00:07.757479 EFI: Replacing variable 8be4df61-93ca-11d2-aa0d-00e098032b8c::'ConIn' fAttrib=0x7 cbValue=0xb4
00:00:07.760801 EFI: Replacing variable 8be4df61-93ca-11d2-aa0d-00e098032b8c::'ErrOut' fAttrib=0x7 cbValue=0x92
00:00:07.773768 Display::handleDisplayResize: uScreenId=0 pvVRAM=000000000a240000 w=800 h=600 bpp=32 cbLine=0xC80 flags=0x1
00:00:07.773865 GUI: UIFrameBufferPrivate::NotifyChange: Screen=0, Origin=0x0, Size=800x600, Sending to async-handler
00:00:07.774098 GUI: UIMachineView::sltHandleNotifyChange: Screen=0, Size=800x600
00:00:07.774131 GUI: UIFrameBufferPrivate::handleNotifyChange: Size=800x600
00:00:07.774207 GUI: UIFrameBufferPrivate::performResize: Size=800x600, Directly using source bitmap content
00:00:07.799013 EFI: Replacing variable 8be4df61-93ca-11d2-aa0d-00e098032b8c::'ConOut' fAttrib=0x7 cbValue=0x67
00:00:07.802689 EFI: Replacing variable 8be4df61-93ca-11d2-aa0d-00e098032b8c::'ConOut' fAttrib=0x7 cbValue=0x1e
00:00:07.966398 EFI: Adding variable 8be4df61-93ca-11d2-aa0d-00e098032b8c::'ConInDev' fAttrib=0x6 cbValue=0x22
00:00:07.970585 EFI: Replacing variable 8be4df61-93ca-11d2-aa0d-00e098032b8c::'ConIn' fAttrib=0x7 cbValue=0x6b
00:00:07.973280 EFI: Replacing variable 8be4df61-93ca-11d2-aa0d-00e098032b8c::'ConIn' fAttrib=0x7 cbValue=0x22
00:00:07.978357 EFI: Replacing variable 8be4df61-93ca-11d2-aa0d-00e098032b8c::'ErrOut' fAttrib=0x7 cbValue=0x49
00:00:07.980529 EFI: Deleting variable 8be4df61-93ca-11d2-aa0d-00e098032b8c::'ErrOut'
00:00:08.746473 EFI: Adding variable 8be4df61-93ca-11d2-aa0d-00e098032b8c::'Boot0000' fAttrib=0x7 cbValue=0xb2
00:00:08.746809 EFI: Adding variable 8be4df61-93ca-11d2-aa0d-00e098032b8c::'BootOrder' fAttrib=0x7 cbValue=0x2
00:00:08.776649 EFI: Replacing variable 8be4df61-93ca-11d2-aa0d-00e098032b8c::'BootOrder' fAttrib=0x7 cbValue=0x2
00:00:08.783113 EFI: Adding variable 8be4df61-93ca-11d2-aa0d-00e098032b8c::'Boot0001' fAttrib=0x7 cbValue=0x42
00:00:08.783448 EFI: Replacing variable 8be4df61-93ca-11d2-aa0d-00e098032b8c::'BootOrder' fAttrib=0x7 cbValue=0x4
00:00:08.792096 EFI: Adding variable 8be4df61-93ca-11d2-aa0d-00e098032b8c::'Boot0002' fAttrib=0x7 cbValue=0x44
00:00:08.792435 EFI: Replacing variable 8be4df61-93ca-11d2-aa0d-00e098032b8c::'BootOrder' fAttrib=0x7 cbValue=0x6
00:00:08.803072 EFI: Adding variable 8be4df61-93ca-11d2-aa0d-00e098032b8c::'Boot0003' fAttrib=0x7 cbValue=0x5c
00:00:08.803448 EFI: Replacing variable 8be4df61-93ca-11d2-aa0d-00e098032b8c::'BootOrder' fAttrib=0x7 cbValue=0x8
00:00:08.825529 EFI: Adding variable 8be4df61-93ca-11d2-aa0d-00e098032b8c::'BootCurrent' fAttrib=0x6 cbValue=0x2
00:00:08.834157 Display::handleDisplayResize: uScreenId=0 pvVRAM=000000000a240000 w=1024 h=768 bpp=32 cbLine=0x1000 flags=0x1
00:00:08.834236 GUI: UIFrameBufferPrivate::NotifyChange: Screen=0, Origin=0x0, Size=1024x768, Sending to async-handler
00:00:08.834340 GUI: UIMachineView::sltHandleNotifyChange: Screen=0, Size=1024x768
00:00:08.834366 GUI: UIFrameBufferPrivate::handleNotifyChange: Size=1024x768
00:00:08.834397 GUI: UIFrameBufferPrivate::performResize: Size=1024x768, Directly using source bitmap content
00:00:08.834591 EFI: Adding variable 4c19049f-4137-4dd3-9c10-8b97a83ffdfa::'MemoryTypeInformation' fAttrib=0x7 cbValue=0x40
00:00:10.629577 EFI: VBoxDbg> loadimage64 'boot.efi.macho.x8.efi' 0x7e33d000 LB 0x90000
00:00:10.634149 EFI: Adding variable 4d1ede05-38c7-4a6a-9cc6-4bcca8b38c14::'ROM' fAttrib=0x6 cbValue=0x6
00:00:10.637876 EFI: Adding variable 4d1ede05-38c7-4a6a-9cc6-4bcca8b38c14::'MLB' fAttrib=0x6 cbValue=0x19a
00:00:14.303571 NAT: old socket rcv size: 64KB
00:00:14.303606 NAT: old socket snd size: 64KB
00:00:15.925033 EFI: Adding variable 7c436110-ab2a-4bbb-a880-fe41995c9f82::'platform-uuid' fAttrib=0x7 cbValue=0x10
00:00:15.932904 IEM: wrmsr(0x8b,0x0`00000000) -> #GP(0)
00:00:15.933058 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
00:00:15.933059 !!
00:00:15.933060 !! Guru Meditation 1155 (VINF_EM_TRIPLE_FAULT)
00:00:15.933209 !!
00:00:15.933247 !! Skipping ring-0 registers and stack, rcErr=VINF_EM_TRIPLE_FAULT
00:00:15.933257 !!
00:00:15.933257 !! {mappings, <NULL>}
00:00:15.933258 !!
00:00:15.933266
00:00:15.933266 The mappings are DISABLED.
00:00:15.933270 00000000ff000000 - 00000000ffbfffff Hypervisor Memory Area
00:00:15.933277 !!
00:00:15.933277 !! {hma, <NULL>}
00:00:15.933278 !!
00:00:15.933282 Hypervisor Memory Area (HMA) Layout: Base 00000000ff000000, 0x00c00000 bytes
00:00:15.933289 00000000ffbe5000-00000000ffbe6000 DYNAMIC fence
00:00:15.933316 00000000ffbd5000-00000000ffbe5000 DYNAMIC Dynamic mapping
00:00:15.933341 00000000ffb55000-00000000ffbd5000 MMIO2 0000000000000000 VGA VRam
00:00:15.933361 00000000ffb54000-00000000ffb55000 DYNAMIC fence
00:00:15.933386 00000000ffad3000-00000000ffb54000 0000000012240000 0000000012240000 LOCKED alloc once (PGM_PHYS)
00:00:15.933401 00000000ffad2000-00000000ffad3000 DYNAMIC fence
00:00:15.933426 00000000ffabe000-00000000ffad2000 0000000009ab0000 0000000009ab0000 LOCKED alloc once (PDM_DEVICE)
00:00:15.933441 00000000ffabd000-00000000ffabe000 DYNAMIC fence
00:00:15.933466 00000000ffabc000-00000000ffabd000 0000000009810000 ffffd0002ab70000 HCPHYS 00000000c7442000 Core Code
00:00:15.933477 00000000ffabb000-00000000ffabc000 DYNAMIC fence
00:00:15.933501 00000000ffaba000-00000000ffabb000 0000000001490000 0000000000000000 HCPHYS 00000000c7e9d000 GIP
00:00:15.933511 00000000ffab9000-00000000ffaba000 DYNAMIC fence
00:00:15.933535 00000000ff2b8000-00000000ffab9000 0000000007f30000 0000000007f30000 LOCKED alloc once (PGM_PHYS)
00:00:15.933551 00000000ff2b7000-00000000ff2b8000 DYNAMIC fence
00:00:15.933575 00000000ff27f000-00000000ff2b7000 0000000006e10000 0000000006e10000 LOCKED alloc once (PGM_POOL)
00:00:15.933590 00000000ff27e000-00000000ff27f000 DYNAMIC fence
00:00:15.933615 00000000ff279000-00000000ff27e000 DYNAMIC CR3 mapping
00:00:15.933639 00000000ff278000-00000000ff279000 DYNAMIC fence
00:00:15.933663 00000000ff276000-00000000ff278000 0000000004e80000 ffffe0008643a000 LOCKED alloc once (CPUM_CTX)
00:00:15.933679 00000000ff275000-00000000ff276000 DYNAMIC fence
00:00:15.933704 00000000ff035000-00000000ff275000 0000000006b50000 0000000006b50000 LOCKED Heap
00:00:15.933719 00000000ff034000-00000000ff035000 DYNAMIC fence
00:00:15.933743 00000000ff001000-00000000ff034000 0000000004dd0000 ffffd00029614000 LOCKED VM
00:00:15.933758 00000000ff000000-00000000ff001000 DYNAMIC fence
00:00:15.933783 !!
00:00:15.933783 !! {cpumguest, verbose}
00:00:15.933784 !!
00:00:15.933810 Guest CPUM (VCPU 0) state:
00:00:15.933853 rax=0000000000000470 rbx=000000000000000e rcx=0000000000000000 rdx=ffffff80234364b0
00:00:15.933856 rsi=0000000000000008 rdi=0000000000000055 r8 =0000000000000003 r9 =0000000000000000
00:00:15.933858 r10=0000000000000001 r11=000000000000013d r12=ffffff802310bec4 r13=ffffff8023abd000
00:00:15.933860 r14=0000000000000200 r15=ffffff8023106f40
00:00:15.933862 rip=ffffff8023435d5d rsp=ffffff8023106f40 rbp=ffffff802310bf20 iopl=0 nv up di pl nz na po nc
00:00:15.933865 cs={0008 base=0000000000000000 limit=ffffffff flags=0000a09b}
00:00:15.933866 ds={0000 base=0000000000000000 limit=ffffffff flags=00000000}
00:00:15.933868 es={0000 base=0000000000000000 limit=ffffffff flags=00000000}
00:00:15.933869 fs={0000 base=0000000000000000 limit=ffffffff flags=00000000}
00:00:15.933870 gs={0000 base=ffffff8023a29dc0 limit=ffffffff flags=00000000}
00:00:15.933872 ss={0000 base=0000000000000000 limit=ffffffff flags=00004000}
00:00:15.933874 cr0=00000000c0010033 cr2=0000000000000470 cr3=00000000255e5000 cr4=0000000000000020
00:00:15.933876 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
00:00:15.933877 dr4=0000000000000000 dr5=0000000000000000 dr6=00000000ffff0ff0 dr7=0000000000000400
00:00:15.933878 gdtr=ffffff8000001000:0097 idtr=ffffff8000000000:1000 eflags=00000046
00:00:15.933881 ldtr={0030 base=ffffff8023a3b000 limit=00000017 flags=00000082}
00:00:15.933883 tr ={0040 base=ffffff8023a3a000 limit=00000067 flags=0000008b}
00:00:15.933884 SysEnter={cs=000b eip=00000000234360b0 esp=0000000023b14080}
00:00:15.933991 xcr=0000000000000001 xcr1=0000000000000000 xss=0000000000000000 (fXStateMask=0000000000000000)
00:00:15.933993 FCW=027f FSW=0000 FTW=0000 FOP=0000 MXCSR=00001f80 MXCSR_MASK=0002ffff
00:00:15.933995 FPUIP=00000000 CS=0010 Rsrvd1=0000 FPUDP=00000000 DS=002b Rsvrd2=0000
00:00:15.933997 ST(0)=FPR0={0000'00000000'00000000} t0 +0.0000000000000000000000 ^ 0 (*)
00:00:15.933999 ST(1)=FPR1={0000'00000000'00000000} t0 +0.0000000000000000000000 ^ 0 (*)
00:00:15.934002 ST(2)=FPR2={0000'00000000'00000000} t0 +0.0000000000000000000000 ^ 0 (*)
00:00:15.934004 ST(3)=FPR3={0000'00000000'00000000} t0 +0.0000000000000000000000 ^ 0 (*)
00:00:15.934006 ST(4)=FPR4={0000'00000000'00000000} t0 +0.0000000000000000000000 ^ 0 (*)
00:00:15.934008 ST(5)=FPR5={0000'00000000'00000000} t0 +0.0000000000000000000000 ^ 0 (*)
00:00:15.934010 ST(6)=FPR6={0000'00000000'00000000} t0 +0.0000000000000000000000 ^ 0 (*)
00:00:15.934012 ST(7)=FPR7={0000'00000000'00000000} t0 +0.0000000000000000000000 ^ 0 (*)
00:00:15.934014 XMM0 =00000000'00000000'00000000'00000000 XMM1 =00000000'00000000'00000000'00000000
00:00:15.934017 XMM2 =00000000'00000000'00000000'00000000 XMM3 =00000000'00000000'00000000'00000000
00:00:15.934019 XMM4 =00000000'00000000'00000000'00000000 XMM5 =00000000'00000000'00000000'00000000
00:00:15.934022 XMM6 =00000000'00000000'00000000'00000000 XMM7 =00000000'00000000'00000000'00000000
00:00:15.934024 XMM8 =00000000'00000000'00000000'00000000 XMM9 =00000000'00000000'00000000'00000000
00:00:15.934026 XMM10=00000000'00000000'00000000'00000000 XMM11=00000000'00000000'00000000'00000000
00:00:15.934029 XMM12=00000000'00000000'00000000'00000000 XMM13=00000000'00000000'00000000'00000000
00:00:15.934031 XMM14=00000000'00000000'00000000'00000000 XMM15=00000000'00000000'00000000'00000000
00:00:15.934034 EFER =0000000000000d01
00:00:15.934035 PAT =0007040600070406
00:00:15.934036 STAR =001b000800000000
00:00:15.934037 CSTAR =0000000000000000
00:00:15.934038 LSTAR =ffffff8023436050
00:00:15.934039 SFMASK =0000000000004700
00:00:15.934039 KERNELGSBASE =ffffff8023a29dc0
00:00:15.934041 !!
00:00:15.934041 !! {cpumguestinstr, verbose}
00:00:15.934042 !!
00:00:15.934262
00:00:15.934262 CPUM: 0008:ffffff8023435d5d c7 81 70 04 00 00 ff ff ff ff mov dword [rcx+000000470h], 0ffffffffh
00:00:15.934263
00:00:15.934263 !!
00:00:15.934264 !! {cpumhyper, verbose}
00:00:15.934265 !!
00:00:15.934266 Hypervisor CPUM state:
00:00:15.934267 .eax=00000000 .ebx=00000000 .ecx=00000000 .edx=00000000 .esi=00000000 .edi=00000000
00:00:15.934268 .eip=00000000 .esp=ff273000 .ebp=00000000 .iopl=0 nv up di pl zr na pe nc
00:00:15.934270 .cs={0000 base=0000000000000000 limit=00000000 flags=00000000} .dr0=00000000 .dr1=00000000
00:00:15.934272 .ds={0000 base=0000000000000000 limit=00000000 flags=00000000} .dr2=00000000 .dr3=00000000
00:00:15.934274 .es={0000 base=0000000000000000 limit=00000000 flags=00000000} .dr4=00000000 .dr5=00000000
00:00:15.934275 .fs={0000 base=0000000000000000 limit=00000000 flags=00000000} .dr6=00000000 .dr7=00000400
00:00:15.934277 .gs={0000 base=0000000000000000 limit=00000000 flags=00000000} .cr0=00000000 .cr2=00000000
00:00:15.934279 .ss={0000 base=0000000000000000 limit=00000000 flags=00000000} .cr3=00000000 .cr4=00000000
00:00:15.934280 .gdtr=0000000000000000:0000 .idtr=0000000000000000:0000 .eflags=00000000
00:00:15.934282 .ldtr={0000 base=00000000 limit=00000000 flags=00000000}
00:00:15.934283 .tr ={0000 base=00000000 limit=00000000 flags=00000000}
00:00:15.934284 .SysEnter={cs=0000 eip=00000000 esp=00000000}
00:00:15.934285 .xcr=0000000000000000 .xcr1=0000000000000000 .xss=0000000000000000 (fXStateMask=0000000000000000)
00:00:15.934287 .FCW=0000 .FSW=0000 .FTW=0000 .FOP=0000 .MXCSR=00000000 .MXCSR_MASK=00000000
00:00:15.934289 .FPUIP=00000000 .CS=0000 .Rsrvd1=0000 .FPUDP=00000000 .DS=0000 .Rsvrd2=0000
00:00:15.934290 .ST(0)=.FPR0={0000'00000000'00000000} t0 +0.0000000000000000000000 ^ 0 (*)
00:00:15.934293 .ST(1)=.FPR1={0000'00000000'00000000} t0 +0.0000000000000000000000 ^ 0 (*)
00:00:15.934295 .ST(2)=.FPR2={0000'00000000'00000000} t0 +0.0000000000000000000000 ^ 0 (*)
00:00:15.934297 .ST(3)=.FPR3={0000'00000000'00000000} t0 +0.0000000000000000000000 ^ 0 (*)
00:00:15.934299 .ST(4)=.FPR4={0000'00000000'00000000} t0 +0.0000000000000000000000 ^ 0 (*)
00:00:15.934301 .ST(5)=.FPR5={0000'00000000'00000000} t0 +0.0000000000000000000000 ^ 0 (*)
00:00:15.934303 .ST(6)=.FPR6={0000'00000000'00000000} t0 +0.0000000000000000000000 ^ 0 (*)
00:00:15.934305 .ST(7)=.FPR7={0000'00000000'00000000} t0 +0.0000000000000000000000 ^ 0 (*)
00:00:15.934307 .XMM0 =00000000'00000000'00000000'00000000 .XMM1 =00000000'00000000'00000000'00000000
00:00:15.934310 .XMM2 =00000000'00000000'00000000'00000000 .XMM3 =00000000'00000000'00000000'00000000
00:00:15.934312 .XMM4 =00000000'00000000'00000000'00000000 .XMM5 =00000000'00000000'00000000'00000000
00:00:15.934314 .XMM6 =00000000'00000000'00000000'00000000 .XMM7 =00000000'00000000'00000000'00000000
00:00:15.934317 .XMM8 =00000000'00000000'00000000'00000000 .XMM9 =00000000'00000000'00000000'00000000
00:00:15.934319 .XMM10=00000000'00000000'00000000'00000000 .XMM11=00000000'00000000'00000000'00000000
00:00:15.934322 .XMM12=00000000'00000000'00000000'00000000 .XMM13=00000000'00000000'00000000'00000000
00:00:15.934324 .XMM14=00000000'00000000'00000000'00000000 .XMM15=00000000'00000000'00000000'00000000
00:00:15.934327 .EFER =0000000000000000
00:00:15.934327 .PAT =0000000000000000
00:00:15.934328 .STAR =0000000000000000
00:00:15.934329 .CSTAR =0000000000000000
00:00:15.934330 .LSTAR =0000000000000000
00:00:15.934330 .SFMASK =0000000000000000
00:00:15.934331 .KERNELGSBASE =0000000000000000
00:00:15.934332 CR4OrMask=0x204 CR4AndMask=0x403
00:00:15.934333 !!
00:00:15.934333 !! {cpumhost, verbose}
00:00:15.934334 !!
00:00:15.934335 Host CPUM state:
00:00:15.934336 rax=xxxxxxxxxxxxxxxx rbx=0000000000000000 rcx=xxxxxxxxxxxxxxxx
00:00:15.934337 rdx=xxxxxxxxxxxxxxxx rsi=0000000000000000 rdi=0000000000000000
00:00:15.934338 rip=xxxxxxxxxxxxxxxx rsp=0000000000000000 rbp=0000000000000000
00:00:15.934339 r8=xxxxxxxxxxxxxxxx r9=xxxxxxxxxxxxxxxx r10=0000000000000000
00:00:15.934339 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
00:00:15.934340 r14=0000000000000000 r15=0000000000000000
00:00:15.934341 iopl=0 nv up di pl zr na pe nc
00:00:15.934342 cs=0000 ds=0000 es=0000 fs=0000 gs=0000 eflags=00000000
00:00:15.934343 cr0=0000000000000000 cr2=xxxxxxxxxxxxxxxx cr3=0000000000000000
00:00:15.934344 cr4=0000000000000000 ldtr=0000 tr=0000
00:00:15.934345 dr[0]=0000000000000000 dr[1]=0000000000000000 dr[2]=0000000000000000
00:00:15.934346 dr[3]=0000000000000000 dr[6]=00000000ffff0ff0 dr[7]=0000000000000400
00:00:15.934347 gdtr=0000000000000000:0000 idtr=0000000000000000:0000
00:00:15.934348 SysEnter={cs=0000 eip=00000000 esp=00000000}
00:00:15.934349 FSbase=0000000000000000 GSbase=0000000000000000 efer=00000000
00:00:15.934350 !!
00:00:15.934351 !! {mode, all}
00:00:15.934352 !!
00:00:15.934353 Guest paging mode: AMD64+NX (changed 5 times), A20 enabled (changed 0 times)
00:00:15.934355 Shadow paging mode: Nested
00:00:15.934375 Host paging mode: AMD64+G+NX
00:00:15.934376 !!
00:00:15.934376 !! {cpuid, verbose}
00:00:15.934377 !!
00:00:15.934378 Raw Standard CPUID Leaves
00:00:15.934379 Leaf/sub-leaf eax ebx ecx edx
00:00:15.934380 Gst: 00000000/0000 00000005 68747541 444d4163 69746e65
00:00:15.934381 Hst: 00000005 68747541 444d4163 69746e65
00:00:15.934383 Gst: 00000001/0000 000206a7 00040800 82982203 178bfbff
00:00:15.934385 Hst: 00100f53 03040800 00802009 178bfbff
00:00:15.934386 Gst: 00000002/0000 00000000 00000000 00000000 00000000
00:00:15.934388 Hst: 00000000 00000000 00000000 00000000
00:00:15.934389 Gst: 00000003/0000 00000000 00000000 00000000 00000000
00:00:15.934390 Hst: 00000000 00000000 00000000 00000000
00:00:15.934391 Gst: 00000004/0000 00000000 00000000 00000000 00000000
00:00:15.934392 Hst: 00000000 00000000 00000000 00000000
00:00:15.934393 Gst: 00000005/0000 00000000 00000000 00000003 00000000
00:00:15.934394 Hst: 00000040 00000040 00000003 00000000
00:00:15.934395 Name: AuthenticAMD
00:00:15.934397 Supports: 0x00000000-0x00000005
00:00:15.934398 Family: 6 Extended: 0 Effective: 6
00:00:15.934400 Model: 10 Extended: 2 Effective: 10
00:00:15.934402 Stepping: 7
00:00:15.934403 Type: 0 (primary)
00:00:15.934404 APIC ID: 0x00
00:00:15.934405 Logical CPUs: 4
00:00:15.934406 CLFLUSH Size: 8
00:00:15.934407 Brand ID: 0x00
00:00:15.934408 Features
00:00:15.934408 Mnemonic - Description = guest (host)
00:00:15.934409 FPU - x87 FPU on Chip = 1 (1)
00:00:15.934411 VME - Virtual 8086 Mode Enhancements = 1 (1)
00:00:15.934412 DE - Debugging extensions = 1 (1)
00:00:15.934414 PSE - Page Size Extension = 1 (1)
00:00:15.934415 TSC - Time Stamp Counter = 1 (1)
00:00:15.934417 MSR - Model Specific Registers = 1 (1)
00:00:15.934418 PAE - Physical Address Extension = 1 (1)
00:00:15.934420 MCE - Machine Check Exception = 1 (1)
00:00:15.934421 CX8 - CMPXCHG8B instruction = 1 (1)
00:00:15.934422 APIC - APIC On-Chip = 1 (1)
00:00:15.934424 SEP - SYSENTER and SYSEXIT Present = 1 (1)
00:00:15.934425 MTRR - Memory Type Range Registers = 1 (1)
00:00:15.934426 PGE - PTE Global Bit = 1 (1)
00:00:15.934428 MCA - Machine Check Architecture = 1 (1)
00:00:15.934429 CMOV - Conditional Move instructions = 1 (1)
00:00:15.934431 PAT - Page Attribute Table = 1 (1)
00:00:15.934432 PSE-36 - 36-bit Page Size Extension = 1 (1)
00:00:15.934433 PSN - Processor Serial Number = 0 (0)
00:00:15.934435 CLFSH - CLFLUSH instruction = 1 (1)
00:00:15.934436 DS - Debug Store = 0 (0)
00:00:15.934438 ACPI - Thermal Mon. & Soft. Clock Ctrl. = 0 (0)
00:00:15.934439 MMX - Intel MMX Technology = 1 (1)
00:00:15.934440 FXSR - FXSAVE and FXRSTOR instructions = 1 (1)
00:00:15.934441 SSE - SSE support = 1 (1)
00:00:15.934443 SSE2 - SSE2 support = 1 (1)
00:00:15.934444 SS - Self Snoop = 0 (0)
00:00:15.934446 HTT - Hyper-Threading Technology = 1 (1)
00:00:15.934447 TM - Therm. Monitor = 0 (0)
00:00:15.934449 PBE - Pending Break Enabled = 0 (0)
00:00:15.934450 SSE3 - SSE3 support = 1 (1)
00:00:15.934452 PCLMUL - PCLMULQDQ support (for AES-GCM) = 1 (0)
00:00:15.934453 DTES64 - DS Area 64-bit Layout = 0 (0)
00:00:15.934454 MONITOR - MONITOR/MWAIT instructions = 0 (1)
00:00:15.934455 CPL-DS - CPL Qualified Debug Store = 0 (0)
00:00:15.934457 VMX - Virtual Machine Extensions = 0 (0)
00:00:15.934458 SMX - Safer Mode Extensions = 0 (0)
00:00:15.934460 EST - Enhanced SpeedStep Technology = 0 (0)
00:00:15.934461 TM2 - Terminal Monitor 2 = 0 (0)
00:00:15.934462 SSSE3 - Supplemental Streaming SIMD Extensions 3 = 1 (0)
00:00:15.934463 CNTX-ID - L1 Context ID = 0 (0)
00:00:15.934465 SDBG - Silicon Debug interface = 0 (0)
00:00:15.934466 FMA - Fused Multiply Add extensions = 0 (0)
00:00:15.934468 CX16 - CMPXCHG16B instruction = 1 (1)
00:00:15.934469 TPRUPDATE - xTPR Update Control = 0 (0)
00:00:15.934470 PDCM - Perf/Debug Capability MSR = 0 (0)
00:00:15.934472 PCID - Process Context Identifiers = 0 (0)
00:00:15.934473 DCA - Direct Cache Access = 0 (0)
00:00:15.934474 SSE4_1 - SSE4_1 support = 1 (0)
00:00:15.934476 SSE4_2 - SSE4_2 support = 1 (0)
00:00:15.934477 X2APIC - x2APIC support = 0 (0)
00:00:15.934479 MOVBE - MOVBE instruction = 0 (0)
00:00:15.934480 POPCNT - POPCNT instruction = 1 (1)
00:00:15.934481 TSCDEADL - Time Stamp Counter Deadline = 0 (0)
00:00:15.934483 AES - AES instructions = 1 (0)
00:00:15.934484 XSAVE - XSAVE instruction = 0 (0)
00:00:15.934485 OSXSAVE - OSXSAVE instruction = 0 (0)
00:00:15.934487 AVX - AVX support = 0 (0)
00:00:15.934489 F16C - 16-bit floating point conversion instructions = 0 (0)
00:00:15.934490 RDRAND - RDRAND instruction = 0 (0)
00:00:15.934491 HVP - Hypervisor Present (we're a guest) = 1 (0)
00:00:15.934493 Raw Hypervisor CPUID Leaves
00:00:15.934494 Leaf/sub-leaf eax ebx ecx edx
00:00:15.934495 Gst: 40000000/0000 40000010 786f4256 786f4256 786f4256
00:00:15.934497 Hst: 00000000 00000000 00000000 00000000
00:00:15.934498 Gst: 40000001/0000 656e6f6e 00000000 00000000 00000000
00:00:15.934499 Hst: 00000000 00000000 00000000 00000000
00:00:15.934500 Gst: 40000002/0000 00000000 00000000 00000000 00000000
00:00:15.934502 Hst: 00000000 00000000 00000000 00000000
00:00:15.934503 Gst: 40000003/0000 00000000 00000000 00000000 00000000
00:00:15.934504 Hst: 00000000 00000000 00000000 00000000
00:00:15.934505 Gst: 40000004/0000 00000000 00000000 00000000 00000000
00:00:15.934506 Hst: 00000000 00000000 00000000 00000000
00:00:15.934507 Gst: 40000005/0000 00000000 00000000 00000000 00000000
00:00:15.934508 Hst: 00000000 00000000 00000000 00000000
00:00:15.934509 Gst: 40000006/0000 00000000 00000000 00000000 00000000
00:00:15.934511 Hst: 00000000 00000000 00000000 00000000
00:00:15.934512 Gst: 40000007/0000 00000000 00000000 00000000 00000000
00:00:15.934513 Hst: 00000000 00000000 00000000 00000000
00:00:15.934514 Gst: 40000008/0000 00000000 00000000 00000000 00000000
00:00:15.934515 Hst: 00000000 00000000 00000000 00000000
00:00:15.934516 Gst: 40000009/0000 00000000 00000000 00000000 00000000
00:00:15.934518 Hst: 00000000 00000000 00000000 00000000
00:00:15.934519 Gst: 4000000a/0000 00000000 00000000 00000000 00000000
00:00:15.934520 Hst: 00000000 00000000 00000000 00000000
00:00:15.934521 Gst: 4000000b/0000 00000000 00000000 00000000 00000000
00:00:15.934522 Hst: 00000000 00000000 00000000 00000000
00:00:15.934523 Gst: 4000000c/0000 00000000 00000000 00000000 00000000
00:00:15.934524 Hst: 00000000 00000000 00000000 00000000
00:00:15.934525 Gst: 4000000d/0000 00000000 00000000 00000000 00000000
00:00:15.934527 Hst: 00000000 00000000 00000000 00000000
00:00:15.934528 Gst: 4000000e/0000 00000000 00000000 00000000 00000000
00:00:15.934529 Hst: 00000000 00000000 00000000 00000000
00:00:15.934530 Gst: 4000000f/0000 00000000 00000000 00000000 00000000
00:00:15.934531 Hst: 00000000 00000000 00000000 00000000
00:00:15.934532 Gst: 40000010/0000 002dc747 000f4240 00000000 00000000
00:00:15.934534 Hst: 00000000 00000000 00000000 00000000
00:00:15.934535 Raw Extended CPUID Leaves
00:00:15.934535 Leaf/sub-leaf eax ebx ecx edx
00:00:15.934536 Gst: 80000000/0000 8000001b 68747541 444d4163 69746e65
00:00:15.934538 Hst: 8000001b 68747541 444d4163 69746e65
00:00:15.934540 Gst: 80000001/0000 00100f53 10005286 000001f3 ebd3fb7f
00:00:15.934541 Hst: 00100f53 10005286 000037ff efd3fbff
00:00:15.934543 Gst: 80000002/0000 20444d41 6c687441 74286e6f 4920296d
00:00:15.934545 Hst: 20444d41 6c687441 74286e6f 4920296d
00:00:15.934546 Gst: 80000003/0000 34582049 30343620 6f725020 73736563
00:00:15.934548 Hst: 34582049 30343620 6f725020 73736563
00:00:15.934550 Gst: 80000004/0000 0000726f 00000000 00000000 00000000
00:00:15.934551 Hst: 0000726f 00000000 00000000 00000000
00:00:15.934552 Gst: 80000005/0000 ff30ff10 ff30ff20 40020140 40020140
00:00:15.934554 Hst: ff30ff10 ff30ff20 40020140 40020140
00:00:15.934556 Gst: 80000006/0000 20800000 42004200 02008140 00000000
00:00:15.934558 Hst: 20800000 42004200 02008140 00000000
00:00:15.934559 Gst: 80000007/0000 00000000 00000000 00000000 00000000
00:00:15.934561 Hst: 00000000 00000000 00000000 000001f9
00:00:15.934562 Gst: 80000008/0000 00003030 00000000 00000003 00000000
00:00:15.934563 Hst: 00003030 00000000 00002003 00000000
00:00:15.934564 Gst: 80000009/0000 00000000 00000000 00000000 00000000
00:00:15.934565 Hst: 00000000 00000000 00000000 00000000
00:00:15.934566 Gst: 8000000a/0000 00000000 00000000 00000000 00000000
00:00:15.934568 Hst: 00000001 00000040 00000000 0000000f
00:00:15.934569 Gst: 8000000b/0000 00000000 00000000 00000000 00000000
00:00:15.934570 Hst: 00000000 00000000 00000000 00000000
00:00:15.934571 Gst: 8000000c/0000 00000000 00000000 00000000 00000000
00:00:15.934572 Hst: 00000000 00000000 00000000 00000000
00:00:15.934573 Gst: 8000000d/0000 00000000 00000000 00000000 00000000
00:00:15.934575 Hst: 00000000 00000000 00000000 00000000
00:00:15.934576 Gst: 8000000e/0000 00000000 00000000 00000000 00000000
00:00:15.934577 Hst: 00000000 00000000 00000000 00000000
00:00:15.934578 Gst: 8000000f/0000 00000000 00000000 00000000 00000000
00:00:15.934579 Hst: 00000000 00000000 00000000 00000000
00:00:15.934580 Gst: 80000010/0000 00000000 00000000 00000000 00000000
00:00:15.934582 Hst: 00000000 00000000 00000000 00000000
00:00:15.934583 Gst: 80000011/0000 00000000 00000000 00000000 00000000
00:00:15.934584 Hst: 00000000 00000000 00000000 00000000
00:00:15.934585 Gst: 80000012/0000 00000000 00000000 00000000 00000000
00:00:15.934586 Hst: 00000000 00000000 00000000 00000000
00:00:15.934587 Gst: 80000013/0000 00000000 00000000 00000000 00000000
00:00:15.934588 Hst: 00000000 00000000 00000000 00000000
00:00:15.934589 Gst: 80000014/0000 00000000 00000000 00000000 00000000
00:00:15.934591 Hst: 00000000 00000000 00000000 00000000
00:00:15.934592 Gst: 80000015/0000 00000000 00000000 00000000 00000000
00:00:15.934593 Hst: 00000000 00000000 00000000 00000000
00:00:15.934594 Gst: 80000016/0000 00000000 00000000 00000000 00000000
00:00:15.934595 Hst: 00000000 00000000 00000000 00000000
00:00:15.934596 Gst: 80000017/0000 00000000 00000000 00000000 00000000
00:00:15.934598 Hst: 00000000 00000000 00000000 00000000
00:00:15.934599 Gst: 80000018/0000 00000000 00000000 00000000 00000000
00:00:15.934600 Hst: 00000000 00000000 00000000 00000000
00:00:15.934601 Gst: 80000019/0000 f0300000 60100000 00000000 00000000
00:00:15.934602 Hst: f0300000 60100000 00000000 00000000
00:00:15.934604 Gst: 8000001a/0000 00000003 00000000 00000000 00000000
00:00:15.934605 Hst: 00000003 00000000 00000000 00000000
00:00:15.934606 Gst: 8000001b/0000 00000000 00000000 00000000 00000000
00:00:15.934607 Hst: 0000001f 00000000 00000000 00000000
00:00:15.934608 Ext Name: AuthenticAMD
00:00:15.934609 Ext Supports: 0x80000000-0x8000001b
00:00:15.934610 Family: 15 Extended: 1 Effective: 16
00:00:15.934611 Model: 5 Extended: 0 Effective: 5
00:00:15.934612 Stepping: 3
00:00:15.934613 Brand ID: 0x286
00:00:15.934614 Ext Features
00:00:15.934614 Mnemonic - Description = guest (host)
00:00:15.934615 FPU - x87 FPU on Chip = 1 (1)
00:00:15.934617 VME - Virtual 8086 Mode Enhancements = 1 (1)
00:00:15.934618 DE - Debugging extensions = 1 (1)
00:00:15.934619 PSE - Page Size Extension = 1 (1)
00:00:15.934621 TSC - Time Stamp Counter = 1 (1)
00:00:15.934622 MSR - K86 Model Specific Registers = 1 (1)
00:00:15.934624 PAE - Physical Address Extension = 1 (1)
00:00:15.934625 MCE - Machine Check Exception = 0 (1)
00:00:15.934626 CX8 - CMPXCHG8B instruction = 1 (1)
00:00:15.934628 APIC - APIC On-Chip = 1 (1)
00:00:15.934629 SEP - SYSCALL/SYSRET = 1 (1)
00:00:15.934631 MTRR - Memory Type Range Registers = 1 (1)
00:00:15.934632 PGE - PTE Global Bit = 1 (1)
00:00:15.934633 MCA - Machine Check Architecture = 1 (1)
00:00:15.934635 CMOV - Conditional Move instructions = 1 (1)
00:00:15.934636 PAT - Page Attribute Table = 1 (1)
00:00:15.934637 PSE-36 - 36-bit Page Size Extension = 1 (1)
00:00:15.934639 NX - No-Execute/Execute-Disable = 1 (1)
00:00:15.934640 AXMMX - AMD Extensions to MMX instructions = 1 (1)
00:00:15.934641 MMX - Intel MMX Technology = 1 (1)
00:00:15.934643 FXSR - FXSAVE and FXRSTOR Instructions = 1 (1)
00:00:15.934644 FFXSR - AMD fast FXSAVE and FXRSTOR instructions = 1 (1)
00:00:15.934645 Page1GB - 1 GB large page = 0 (1)
00:00:15.934647 RDTSCP - RDTSCP instruction = 1 (1)
00:00:15.934648 LM - AMD64 Long Mode = 1 (1)
00:00:15.934649 3DNOWEXT - AMD Extensions to 3DNow = 1 (1)
00:00:15.934651 3DNOW - AMD 3DNow = 1 (1)
00:00:15.934652 LahfSahf - LAHF/SAHF support in 64-bit mode = 1 (1)
00:00:15.934653 CmpLegacy - Core multi-processing legacy mode = 1 (1)
00:00:15.934655 SVM - AMD VM extensions = 0 (1)
00:00:15.934656 EXTAPIC - AMD Extended APIC registers = 0 (1)
00:00:15.934657 CR8L - AMD LOCK MOV CR0 means MOV CR8 = 1 (1)
00:00:15.934658 ABM - AMD Advanced Bit Manipulation = 1 (1)
00:00:15.934660 SSE4A - SSE4A instructions = 1 (1)
00:00:15.934661 MISALIGNSSE - AMD Misaligned SSE mode = 1 (1)
00:00:15.934662 3DNOWPRF - AMD PREFETCH and PREFETCHW instructions = 1 (1)
00:00:15.934664 OSVW - AMD OS Visible Workaround = 0 (1)
00:00:15.934665 IBS - Instruct Based Sampling = 0 (1)
00:00:15.934666 XOP - Extended Operation support = 0 (0)
00:00:15.934668 SKINIT - SKINIT, STGI, and DEV support = 0 (1)
00:00:15.934669 WDT - AMD Watchdog Timer support = 0 (1)
00:00:15.934670 LWP - Lightweight Profiling support = 0 (0)
00:00:15.934671 FMA4 - Four operand FMA instruction support = 0 (0)
00:00:15.934673 NodeId - NodeId in MSR C001_100C = 0 (0)
00:00:15.934674 TBM - Trailing Bit Manipulation instructions = 0 (0)
00:00:15.934675 TOPOEXT - Topology Extensions = 0 (0)
00:00:15.934677 Full Name: "AMD Athlon(tm) II X4 640 Processor"
00:00:15.934678 TLB 2/4M Instr/Uni: fully 16 entries
00:00:15.934679 TLB 2/4M Data: fully 48 entries
00:00:15.934680 TLB 4K Instr/Uni: fully 32 entries
00:00:15.934680 TLB 4K Data: fully 48 entries
00:00:15.934682 L1 Instr Cache Line Size: 64 bytes
00:00:15.934682 L1 Instr Cache Lines Per Tag: 1
00:00:15.934683 L1 Instr Cache Associativity: 2 way
00:00:15.934684 L1 Instr Cache Size: 64 KB
00:00:15.934685 L1 Data Cache Line Size: 64 bytes
00:00:15.934685 L1 Data Cache Lines Per Tag: 1
00:00:15.934686 L1 Data Cache Associativity: 2 way
00:00:15.934687 L1 Data Cache Size: 64 KB
00:00:15.934688 L2 TLB 2/4M Instr/Uni: off 0 entries
00:00:15.934688 L2 TLB 2/4M Data: 2 way 128 entries
00:00:15.934690 L2 TLB 4K Instr/Uni: 4 way 512 entries
00:00:15.934690 L2 TLB 4K Data: 4 way 512 entries
00:00:15.934691 L2 Cache Line Size: 0 bytes
00:00:15.934692 L2 Cache Lines Per Tag: 0
00:00:15.934693 L2 Cache Associativity: off
00:00:15.934693 L2 Cache Size: 0 KB
00:00:15.934694 APM Features:
00:00:15.934695 Host Invariant-TSC support: true
00:00:15.934696 Physical Address Width: 48 bits
00:00:15.934697 Virtual Address Width: 48 bits
00:00:15.934697 Guest Physical Address Width: 0 bits
00:00:15.934698 Physical Core Count: 3
00:00:15.934699 !!
00:00:15.934700 !! {handlers, phys virt hyper stats}
00:00:15.934700 !!
00:00:15.934702 Physical handlers: (PhysHandlers=316792 (0x4d578))
00:00:15.934703 From - To (incl) HandlerHC UserHC HandlerGC UserGC Type Description
00:00:15.934707 00000000000a0000 - 00000000000bffff 00007ff8e9f98590 0000000006baaa00 00000000 ff08fa00 MMIO VGA - VGA Video Buffer
00:00:15.934710 00000000000c0000 - 00000000000c8fff 00007ff8e9fb8110 0000000006baabd0 00000000 ff08fbd0 Write VGA BIOS
00:00:15.934713 00000000000e0000 - 00000000000e0fff 00007ff8e9fb8110 0000000006bc0e10 00000000 ff0a5e10 Write ACPI RSDP
00:00:15.934716 00000000000e1000 - 00000000000e1fff 00007ff8e9fb8110 0000000006b5c450 00000000 ff041450 Write DMI tables
00:00:15.934719 0000000080000000 - 0000000087ffffff 00007ff8e7cda3e0 0000000009ab0100 00000000 ffabe100 Write VGA LFB
00:00:15.934722 0000000088400000 - 000000008841ffff 00007ff8e9f98590 0000000006bc1e00 00000000 ff0a6e00 MMIO E1000
00:00:15.934725 0000000088420000 - 000000008843ffff 00007ff8e9f98590 0000000006bc19a0 00000000 ff0a69a0 MMIO E1000 [1]
00:00:15.934728 0000000088444000 - 0000000088445fff 00007ff8e9f98590 0000000006b50560 00000000 ff035560 MMIO AHCI
00:00:15.934731 0000000088446000 - 0000000088446fff 00007ff8e9f98590 0000000006bc2260 00000000 ff0a7260 MMIO USB OHCI
00:00:15.934734 00000000dc000000 - 00000000dfffffff 00007ff8e9f98590 0000000006b5d390 00000000 ff042390 MMIO MCFG ranges
00:00:15.934737 00000000fec00000 - 00000000fec00fff 00007ff8e9f98590 0000000006ba1aa0 00000000 ff086aa0 MMIO I/O APIC Memory
00:00:15.934740 00000000fed00000 - 00000000fed00fff 00007ff8e9f98590 0000000006ba21c0 00000000 ff0871c0 MMIO HPET Memory
00:00:15.934743 00000000fed1c000 - 00000000fed1ffff 00007ff8e9f98590 0000000006bc1660 00000000 ff0a6660 MMIO LPC Memory
00:00:15.934746 00000000fee00000 - 00000000fee00fff 00007ff8e9f98590 0000000006ba0fc0 00000000 ff085fc0 MMIO APIC Memory
00:00:15.934749 00000000fff00000 - 00000000fff3ffff 00007ff8e9fb8110 0000000006b586b0 00000000 ff03d6b0 Write EFI Firmware Volume
00:00:15.934752 00000000fff40000 - 00000000fff7ffff 00007ff8e9fb8110 0000000006b59600 00000000 ff03e600 Write EFI Firmware Volume (Part 2)
00:00:15.934755 00000000fff80000 - 00000000fffbffff 00007ff8e9fb8110 0000000006b5a550 00000000 ff03f550 Write EFI Firmware Volume (Part 3)
00:00:15.934758 00000000fffc0000 - 00000000ffffffff 00007ff8e9fb8110 0000000006b5b4a0 00000000 ff0404a0 Write EFI Firmware Volume (Part 4)
00:00:15.934761 Virtual handlers:
00:00:15.934761 From - To (excl) HandlerHC HandlerGC Type Description
00:00:15.934763 Hypervisor Virtual handlers:
00:00:15.934763 From - To (excl) HandlerHC HandlerGC Type Description
00:00:15.934765 !!
00:00:15.934765 !! {timers, <NULL>}
00:00:15.934766 !!
00:00:15.934769 Timers (pVM=0000000004dd0000)
00:00:15.934770 pTimerR3 offNext offPrev offSched Clock Time Expire HzHint State Description
00:00:15.934774 0000000006bc2ad0 00000000 00000000 00000000 Real 15944899 15935399 0 1-STOPPED EMT Yielder
00:00:15.934778 0000000006bc2a50 00000000 fffe83b0 00000000 Real 15944899 15945388 0 2-ACTIVE CPU Load Timer
00:00:15.934782 0000000006bc18c0 00000000 00000000 00000000 Virt 9372128167 0 0 1-STOPPED USB Device Reset Timer
00:00:15.934785 0000000006bc1840 00000000 00000000 00000000 Virt 9372131579 0 0 1-STOPPED USB Device Reset Timer
00:00:15.934789 0000000006bc13e0 00000000 fffe18b0 00000000 VrSy 9372134765 599932015941 0 2-ACTIVE ACPI PM Timer
00:00:15.934792 0000000006bbf7b0 00000000 00000000 00000000 Virt 9372138921 0 0 1-STOPPED USB Frame Timer
00:00:15.934795 0000000006bbdac0 00000000 00000000 00000000 Virt 9372142050 0 0 1-STOPPED E1000 Link Up Timer [1]
00:00:15.934798 0000000006bbda40 00000000 00000000 00000000 Virt 9372145162 0 0 1-STOPPED E1000 Late Interrupt Timer [1]
00:00:15.934801 0000000006bb8150 00000000 00000000 00000000 Virt 9372148166 0 0 1-STOPPED E1000 Link Up Timer
00:00:15.934804 0000000006bb80d0 00000000 00000000 00000000 Virt 9372151265 0 0 1-STOPPED E1000 Late Interrupt Timer
00:00:15.934807 0000000006bb18a0 00000000 00000000 00000000 Virt 9372154175 0 0 1-STOPPED AHCI CCC Timer
00:00:15.934810 0000000006baae00 00017c50 00000000 00000000 Real 15944899 15944913 0 2-ACTIVE VGA Refresh Timer
00:00:15.934813 0000000006baa1f0 00000000 00000000 00000000 Virt 9372160262 0 0 1-STOPPED HB Check Timer
00:00:15.934816 0000000006ba2d10 00000000 00000000 00000000 VrSy 9372163180 8990244140 0 1-STOPPED MC146818 RTC/CMOS - Second2
00:00:15.934820 0000000006ba2c90 0001e750 fffffa20 00000000 VrSy 9372166519 9990000000 0 2-ACTIVE MC146818 RTC/CMOS - Second
00:00:15.934823 0000000006ba2c10 00000000 00000000 00000000 VrSy 9372169963 0 0 1-STOPPED MC146818 RTC/CMOS - Periodic
00:00:15.934826 0000000006ba26b0 000005e0 00000000 00000000 VrSy 9372172937 9375482733 99 2-ACTIVE i8254 Programmable Interval Timer
00:00:15.934830 0000000006ba2140 00000000 00000000 00000000 VrSy 9372176305 0 0 1-STOPPED HPET Timer
00:00:15.934832 0000000006ba20c0 00000000 00000000 00000000 VrSy 9372179231 0 0 1-STOPPED HPET Timer
00:00:15.934835 0000000006ba2040 00000000 00000000 00000000 VrSy 9372182144 0 0 1-STOPPED HPET Timer
00:00:15.934838 0000000006ba1fc0 00000000 00000000 00000000 VrSy 9372185106 0 0 1-STOPPED HPET Timer
00:00:15.934841 0000000006ba12f0 00000000 00000000 00000000 VrSy 9372188012 0 0 1-STOPPED APIC Timer #3
00:00:15.934844 0000000006ba1270 00000000 00000000 00000000 VrSy 9372191064 0 0 1-STOPPED APIC Timer #2
00:00:15.934847 0000000006ba11f0 00000000 00000000 00000000 VrSy 9372193917 0 0 1-STOPPED APIC Timer #1
00:00:15.934850 0000000006ba1170 00000000 00000000 00000000 VrSy 9372196732 0 0 1-STOPPED APIC Timer #0
00:00:15.934853 0000000006b9f410 00000000 00000000 00000000 Virt 9372199639 0 0 1-STOPPED PS2M Delay Timer
00:00:15.934856 0000000006b9f390 00000000 00000000 00000000 Real 15944899 0 0 1-STOPPED PS2M Throttle Timer
00:00:15.934859 0000000006b9f310 00000000 00000000 00000000 Virt 9372205702 1398236680 0 1-STOPPED PS2K Delay Timer
00:00:15.934862 0000000006b9f290 00000000 00000000 00000000 Real 15944899 0 0 1-STOPPED PS2K Typematic Timer
00:00:15.934865 0000000006b57d90 00000000 00000000 00000000 Real 15944899 0 0 1-STOPPED BlkCache-Commit
00:00:15.934871 !!
00:00:15.934871 !! {activetimers, <NULL>}
00:00:15.934872 !!
00:00:15.934876 Active Timers (pVM=0000000004dd0000)
00:00:15.934877 pTimerR3 offNext offPrev offSched Clock Time Expire HzHint State Description
00:00:15.934879 0000000006baae00 00017c50 00000000 00000000 Real 15944899 15944913 0 2-ACTIVE VGA Refresh Timer
00:00:15.934882 0000000006bc2a50 00000000 fffe83b0 00000000 Real 15944899 15945388 0 2-ACTIVE CPU Load Timer
00:00:15.934886 0000000006ba26b0 000005e0 00000000 00000000 VrSy 9372232361 9375482733 99 2-ACTIVE i8254 Programmable Interval Timer
00:00:15.934889 0000000006ba2c90 0001e750 fffffa20 00000000 VrSy 9372235592 9990000000 0 2-ACTIVE MC146818 RTC/CMOS - Second
00:00:15.934892 0000000006bc13e0 00000000 fffe18b0 00000000 VrSy 9372238918 599932015941 0 2-ACTIVE ACPI PM Timer
00:00:15.934898 !!
00:00:15.934898 !! {ahci0}
00:00:15.934898 !!
00:00:15.934900 ahci#0: mmio=0000000088444000 ports=2 GC=true R0=true
00:00:15.934902 HbaCap=0xc8241f81
00:00:15.934903 HbaCtrl=0x80000000
00:00:15.934903 HbaIs=0x0
00:00:15.934904 HbaPi=0x3HbaVs=0x10100
00:00:15.934905 HbaCccCtl=0x0
00:00:15.934906 HbaCccPorts=0x0
00:00:15.934906 PortsInterrupted=0x0
00:00:15.934907 Port 0: async=true device-attached=true
00:00:15.934908 PortClb=0x7eb5d000
00:00:15.934909 PortClbU=0x0
00:00:15.934909 PortFb=0x7eb5e000
00:00:15.934910 PortFbU=0x0
00:00:15.934911 PortIs=0x1
00:00:15.934911 PortIe=0x0
00:00:15.934912 PortCmd=0x150006
00:00:15.934913 PortTfd=0x50
00:00:15.934913 PortSig=0x101
00:00:15.934914 PortSSts=0x123
00:00:15.934915 PortSCtl=0x300
00:00:15.934915 PortSErr=0x0
00:00:15.934916 PortSAct=0x0
00:00:15.934916 PortCi=0x0
00:00:15.934917 PortPhysClb=000000007eb5d000
00:00:15.934918 PortPhysFb=000000007eb5e000
00:00:15.934919 PortActTasksActive=0
00:00:15.934919 PortPoweredOn=true
00:00:15.934920 PortSpunUp=true
00:00:15.934921 PortFirstD2HFisSend=true
00:00:15.934922 PortATAPI=false
00:00:15.934922 PortTasksFinished=0x1
00:00:15.934923 PortQueuedTasksFinished=0x1
00:00:15.934924 PortTasksNew=0x0
00:00:15.934924
00:00:15.934925 Port 1: async=false device-attached=true
00:00:15.934926 PortClb=0x7eb5d000
00:00:15.934927 PortClbU=0x0
00:00:15.934927 PortFb=0x7eb5e100
00:00:15.934928 PortFbU=0x0
00:00:15.934929 PortIs=0x1
00:00:15.934929 PortIe=0x0
00:00:15.934930 PortCmd=0x3150006
00:00:15.934931 PortTfd=0x50
00:00:15.934931 PortSig=0xeb140101
00:00:15.934932 PortSSts=0x123
00:00:15.934933 PortSCtl=0x300
00:00:15.934933 PortSErr=0x0
00:00:15.934934 PortSAct=0x0
00:00:15.934934 PortCi=0x0
00:00:15.934935 PortPhysClb=000000007eb5d000
00:00:15.934936 PortPhysFb=000000007eb5e100
00:00:15.934937 PortActTasksActive=0
00:00:15.934937 PortPoweredOn=true
00:00:15.934938 PortSpunUp=true
00:00:15.934939 PortFirstD2HFisSend=true
00:00:15.934939 PortATAPI=true
00:00:15.934940 PortTasksFinished=0x1
00:00:15.934941 PortQueuedTasksFinished=0x1
00:00:15.934941 PortTasksNew=0x0
00:00:15.934942
00:00:15.934943 !!
00:00:15.934943 !! {apic}
00:00:15.934944 !!
00:00:15.934945 Local APIC at fee00900:
00:00:15.934947 LAPIC ID : 00000000
00:00:15.934947 APIC ID = 00
00:00:15.934948 APIC VER : 00050014
00:00:15.934949 version = 14
00:00:15.934950 lvts = 6
00:00:15.934950 TPR : 00000000
00:00:15.934951 task pri = 0/0
00:00:15.934952 PPR : 00000000
00:00:15.934953 cpu pri = 0/0
00:00:15.934954 LDR : 00000000
00:00:15.934955 log id = 00
00:00:15.934955 DFR : 0fffffff
00:00:15.934956 SVR : 000000ff
00:00:15.934957 focus = check on
00:00:15.934958 lapic = DISABLED
00:00:15.934958 vector = ff
00:00:15.934959 ISR : 0000000000000000000000000000000000000000000000000000000000000000
00:00:15.934986 pending = none
00:00:15.934987 IRR : 0000000000000000000000000000000000000000000000000000000000000000
00:00:15.934990 pending = none
00:00:15.934991 !!
00:00:15.934991 !! {cfgm}
00:00:15.934992 !!
00:00:15.934993 pRoot=0000000004a3b150:{/}
00:00:15.934994 [/] (level 0)
00:00:15.934997 CSAMEnabled <integer> = 0x0000000000000001 (1)
00:00:15.934999 CpuExecutionCap <integer> = 0x0000000000000064 (100)
00:00:15.935000 EnablePAE <integer> = 0x0000000000000001 (1)
00:00:15.935002 HMEnabled <integer> = 0x0000000000000001 (1)
00:00:15.935003 MemBalloonSize <integer> = 0x0000000000000000 (0)
00:00:15.935004 Name <string> = "osx_default_1438532316607_51095" (cb=32)
00:00:15.935006 NumCPUs <integer> = 0x0000000000000004 (4)
00:00:15.935007 PATMEnabled <integer> = 0x0000000000000001 (1)
00:00:15.935008 PageFusionAllowed <integer> = 0x0000000000000000 (0)
00:00:15.935009 RamHoleSize <integer> = 0x0000000024000000 (603 979 776, 576 MB)
00:00:15.935011 RamSize <integer> = 0x0000000080000000 (2 147 483 648, 2 048 MB)
00:00:15.935013 RawR0Enabled <integer> = 0x0000000000000001 (1)
00:00:15.935015 RawR3Enabled <integer> = 0x0000000000000001 (1)
00:00:15.935016 TimerMillies <integer> = 0x000000000000000a (10)
00:00:15.935017 UUID <bytes> = "ca 6e e9 70 97 d5 52 47 83 b5 4d 83 ff 86 cf 89" (cb=16)
00:00:15.935021
00:00:15.935021 [/CPUM/] (level 1)
00:00:15.935023 MWaitExtensions <integer> = 0x0000000000000001 (1)
00:00:15.935024 MaxIntelFamilyModelStep <integer> = 0x0000000000061701 (399 105)
00:00:15.935025 PortableCpuIdLevel <integer> = 0x0000000000000000 (0)
00:00:15.935026
00:00:15.935027 [/CPUM/HostCPUID/] (level 2)
00:00:15.935028
00:00:15.935029 [/CPUM/HostCPUID/1/] (level 3)
00:00:15.935031 eax <integer> = 0x00000000000206a7 (132 775)
00:00:15.935032 ebx <integer> = 0x0000000002100800 (34 605 056)
00:00:15.935033 ecx <integer> = 0x000000001fbae3bf (532 341 695)
00:00:15.935036 edx <integer> = 0x00000000bfebfbff (3 219 913 727)
00:00:15.935037
00:00:15.935038 [/DBGF/] (level 1)
00:00:15.935039 Path <string> = "D:\driver\virtualBox\osx_default_1438532316607_51095/debug/;D:\driver\virtualBox\osx_default_1438532316607_51095/;C:\Users\fox/" (cb=128)
00:00:15.935041
00:00:15.935041 [/Devices/] (level 1)
00:00:15.935043
00:00:15.935043 [/Devices/8237A/] (level 2)
00:00:15.935044
00:00:15.935045 [/Devices/8237A/0/] (level 3)
00:00:15.935046 Trusted <integer> = 0x0000000000000001 (1)
00:00:15.935047
00:00:15.935048 [/Devices/8237A/0/Config/] (level 4) (restricted root)
00:00:15.935050
00:00:15.935050 [/Devices/GIMDev/] (level 2)
00:00:15.935052
00:00:15.935052 [/Devices/GIMDev/0/] (level 3)
00:00:15.935054 Trusted <integer> = 0x0000000000000001 (1)
00:00:15.935055
00:00:15.935055 [/Devices/GIMDev/0/Config/] (level 4) (restricted root)
00:00:15.935057
00:00:15.935057 [/Devices/VMMDev/] (level 2)
00:00:15.935059
00:00:15.935059 [/Devices/VMMDev/0/] (level 3)
00:00:15.935061 PCIBusNo <integer> = 0x0000000000000000 (0)
00:00:15.935062 PCIDeviceNo <integer> = 0x0000000000000004 (4)
00:00:15.935063 PCIFunctionNo <integer> = 0x0000000000000000 (0)
00:00:15.935064 Trusted <integer> = 0x0000000000000001 (1)
00:00:15.935065
00:00:15.935066 [/Devices/VMMDev/0/Config/] (level 4) (restricted root)
00:00:15.935068 GuestCoreDumpDir <string> = "D:\driver\virtualBox\osx_default_1438532316607_51095\Snapshots" (cb=63)
00:00:15.935069 RamSize <integer> = 0x0000000080000000 (2 147 483 648, 2 048 MB)
00:00:15.935071
00:00:15.935072 [/Devices/VMMDev/0/LUN#0/] (level 4)
00:00:15.935073 Driver <string> = "HGCM" (cb=5)
00:00:15.935074
00:00:15.935075 [/Devices/VMMDev/0/LUN#0/Config/] (level 5) (restricted root)
00:00:15.935076 Object <integer> = 0x0000000004a0f290 (77 656 720)
00:00:15.935078
00:00:15.935078 [/Devices/VMMDev/0/LUN#999/] (level 4)
00:00:15.935080 Driver <string> = "MainStatus" (cb=11)
00:00:15.935081
00:00:15.935081 [/Devices/VMMDev/0/LUN#999/Config/] (level 5) (restricted root)
00:00:15.935083 First <integer> = 0x0000000000000000 (0)
00:00:15.935085 Last <integer> = 0x0000000000000000 (0)
00:00:15.935086 papLeds <integer> = 0x0000000003e4d830 (65 329 200)
00:00:15.935087
00:00:15.935088 [/Devices/acpi/] (level 2)
00:00:15.935220
00:00:15.935222 [/Devices/acpi/0/] (level 3)
00:00:15.935223 PCIBusNo <integer> = 0x0000000000000000 (0)
00:00:15.935225 PCIDeviceNo <integer> = 0x0000000000000007 (7)
00:00:15.935226 PCIFunctionNo <integer> = 0x0000000000000000 (0)
00:00:15.935227 Trusted <integer> = 0x0000000000000001 (1)
00:00:15.935228
00:00:15.935228 [/Devices/acpi/0/Config/] (level 4) (restricted root)
00:00:15.935231 CpuHotPlug <integer> = 0x0000000000000000 (0)
00:00:15.935233 FdcEnabled <integer> = 0x0000000000000000 (0)
00:00:15.935234 HostBusPciAddress <integer> = 0x00000000001e0000 (1 966 080)
00:00:15.935235 HpetEnabled <integer> = 0x0000000000000001 (1)
00:00:15.935236 IOAPIC <integer> = 0x0000000000000001 (1)
00:00:15.935237 IocPciAddress <integer> = 0x00000000001f0000 (2 031 616)
00:00:15.935239 McfgBase <integer> = 0x00000000dc000000 (3 690 987 520)
00:00:15.935240 McfgLength <integer> = 0x0000000004000000 (67 108 864)
00:00:15.935242 NicPciAddress <integer> = 0x0000000000110000 (1 114 112)
00:00:15.935243 NumCPUs <integer> = 0x0000000000000004 (4)
00:00:15.935244 RamHoleSize <integer> = 0x0000000024000000 (603 979 776, 576 MB)
00:00:15.935246 RamSize <integer> = 0x0000000080000000 (2 147 483 648, 2 048 MB)
00:00:15.935248 Serial0IoPortBase <integer> = 0x0000000000000000 (0)
00:00:15.935249 Serial0Irq <integer> = 0x0000000000000000 (0)
00:00:15.935250 Serial1IoPortBase <integer> = 0x0000000000000000 (0)
00:00:15.935251 Serial1Irq <integer> = 0x0000000000000000 (0)
00:00:15.935252 ShowCpu <integer> = 0x0000000000000001 (1)
00:00:15.935253 ShowRtc <integer> = 0x0000000000000001 (1)
00:00:15.935254 SmcEnabled <integer> = 0x0000000000000001 (1)
00:00:15.935255
00:00:15.935256 [/Devices/acpi/0/LUN#0/] (level 4)
00:00:15.935258 Driver <string> = "ACPIHost" (cb=9)
00:00:15.935259
00:00:15.935259 [/Devices/acpi/0/LUN#0/Config/] (level 5) (restricted root)
00:00:15.935261
00:00:15.935262 [/Devices/acpi/0/LUN#1/] (level 4)
00:00:15.935263 Driver <string> = "ACPICpu" (cb=8)
00:00:15.935264
00:00:15.935265 [/Devices/acpi/0/LUN#1/Config/] (level 5)
00:00:15.935266
00:00:15.935267 [/Devices/acpi/0/LUN#2/] (level 4)
00:00:15.935268 Driver <string> = "ACPICpu" (cb=8)
00:00:15.935269
00:00:15.935270 [/Devices/acpi/0/LUN#2/Config/] (level 5)
00:00:15.935271
00:00:15.935272 [/Devices/acpi/0/LUN#3/] (level 4)
00:00:15.935274 Driver <string> = "ACPICpu" (cb=8)
00:00:15.935274
00:00:15.935275 [/Devices/acpi/0/LUN#3/Config/] (level 5)
00:00:15.935277
00:00:15.935277 [/Devices/ahci/] (level 2)
00:00:15.935278
00:00:15.935279 [/Devices/ahci/0/] (level 3)
00:00:15.935281 PCIBusNo <integer> = 0x0000000000000000 (0)
00:00:15.935282 PCIDeviceNo <integer> = 0x000000000000001f (31)
00:00:15.935283 PCIFunctionNo <integer> = 0x0000000000000002 (2)
00:00:15.935284 Trusted <integer> = 0x0000000000000001 (1)
00:00:15.935285
00:00:15.935286 [/Devices/ahci/0/Config/] (level 4) (restricted root)
00:00:15.935288 Bootable <integer> = 0x0000000000000001 (1)
00:00:15.935289 PortCount <integer> = 0x0000000000000002 (2)
00:00:15.935290
00:00:15.935290 [/Devices/ahci/0/Config/Port0/] (level 5)
00:00:15.935292 NonRotationalMedium <integer> = 0x0000000000000000 (0)
00:00:15.935293
00:00:15.935294 [/Devices/ahci/0/Config/Port1/] (level 5)
00:00:15.935295 NonRotationalMedium <integer> = 0x0000000000000000 (0)
00:00:15.935296
00:00:15.935297 [/Devices/ahci/0/LUN#0/] (level 4)
00:00:15.935299 Driver <string> = "Block" (cb=6)
00:00:15.935300
00:00:15.935300 [/Devices/ahci/0/LUN#0/AttachedDriver/] (level 5)
00:00:15.935302 Driver <string> = "VD" (cb=3)
00:00:15.935303
00:00:15.935304 [/Devices/ahci/0/LUN#0/AttachedDriver/Config/] (level 6) (restricted root)
00:00:15.935306 BlockCache <integer> = 0x0000000000000001 (1)
00:00:15.935307 Format <string> = "VMDK" (cb=5)
00:00:15.935308 Path <string> = "D:\driver\virtualBox\osx_default_1438532316607_51095\box-disk1.vmdk" (cb=68)
00:00:15.935310 Type <string> = "HardDisk" (cb=9)
00:00:15.935311 UseNewIo <integer> = 0x0000000000000001 (1)
00:00:15.935312
00:00:15.935312 [/Devices/ahci/0/LUN#0/Config/] (level 5) (restricted root)
00:00:15.935314 Mountable <integer> = 0x0000000000000000 (0)
00:00:15.935315 Type <string> = "HardDisk" (cb=9)
00:00:15.935316
00:00:15.935317 [/Devices/ahci/0/LUN#1/] (level 4)
00:00:15.935319 Driver <string> = "Block" (cb=6)
00:00:15.935319
00:00:15.935320 [/Devices/ahci/0/LUN#1/Config/] (level 5) (restricted root)
00:00:15.935322 Mountable <integer> = 0x0000000000000001 (1)
00:00:15.935323 Type <string> = "DVD" (cb=4)
00:00:15.935324
00:00:15.935325 [/Devices/ahci/0/LUN#999/] (level 4)
00:00:15.935326 Driver <string> = "MainStatus" (cb=11)
00:00:15.935327
00:00:15.935328 [/Devices/ahci/0/LUN#999/Config/] (level 5) (restricted root)
00:00:15.935330 DeviceInstance <string> = "ahci/0" (cb=7)
00:00:15.935331 First <integer> = 0x0000000000000000 (0)
00:00:15.935332 Last <integer> = 0x0000000000000001 (1)
00:00:15.935333 pConsole <integer> = 0x0000000003e4d1b0 (65 327 536)
00:00:15.935335 papLeds <integer> = 0x0000000003e4d520 (65 328 416)
00:00:15.935337 pmapMediumAttachments <integer> = 0x0000000003e4d850 (65 329 232)
00:00:15.935338
00:00:15.935339 [/Devices/apic/] (level 2)
00:00:15.935340
00:00:15.935340 [/Devices/apic/0/] (level 3)
00:00:15.935342 Trusted <integer> = 0x0000000000000001 (1)
00:00:15.935343
00:00:15.935344 [/Devices/apic/0/Config/] (level 4) (restricted root)
00:00:15.935345 IOAPIC <integer> = 0x0000000000000001 (1)
00:00:15.935346 NumCPUs <integer> = 0x0000000000000004 (4)
00:00:15.935347
00:00:15.935348 [/Devices/e1000/] (level 2)
00:00:15.935349
00:00:15.935350 [/Devices/e1000/0/] (level 3)
00:00:15.935351 PCIBusNo <integer> = 0x0000000000000000 (0)
00:00:15.935352 PCIDeviceNo <integer> = 0x0000000000000011 (17)
00:00:15.935353 PCIFunctionNo <integer> = 0x0000000000000000 (0)
00:00:15.935354 Trusted <integer> = 0x0000000000000001 (1)
00:00:15.935356
00:00:15.935356 [/Devices/e1000/0/Config/] (level 4) (restricted root)
00:00:15.935358 AdapterType <integer> = 0x0000000000000002 (2)
00:00:15.935359 CableConnected <integer> = 0x0000000000000001 (1)
00:00:15.935360 LineSpeed <integer> = 0x0000000000000000 (0)
00:00:15.935361 MAC <bytes> = "08 00 27 9b c9 65" (cb=6)
00:00:15.935364
00:00:15.935364 [/Devices/e1000/0/LUN#0/] (level 4)
00:00:15.935366 Driver <string> = "NAT" (cb=4)
00:00:15.935367
00:00:15.935367 [/Devices/e1000/0/LUN#0/Config/] (level 5) (restricted root)
00:00:15.935370 AliasMode <integer> = 0x0000000000000000 (0)
00:00:15.935371 BootFile <string> = "osx_default_1438532316607_51095.pxe" (cb=36)
00:00:15.935372 DNSProxy <integer> = 0x0000000000000001 (1)
00:00:15.935373 Network <string> = "10.0.2.0/24" (cb=12)
00:00:15.935374 PassDomain <integer> = 0x0000000000000001 (1)
00:00:15.935375 TFTPPrefix <string> = "C:\Users\fox/.VirtualBox\TFTP" (cb=30)
00:00:15.935376 UseHostResolver <integer> = 0x0000000000000000 (0)
00:00:15.935377
00:00:15.935378 [/Devices/e1000/0/LUN#0/Config/ssh/] (level 6)
00:00:15.935380 BindIP <string> = "127.0.0.1" (cb=10)
00:00:15.935381 GuestPort <integer> = 0x0000000000000016 (22)
00:00:15.935382 HostPort <integer> = 0x00000000000008ae (2 222)
00:00:15.935383 Protocol <string> = "TCP" (cb=4)
00:00:15.935384
00:00:15.935385 [/Devices/e1000/0/LUN#999/] (level 4)
00:00:15.935387 Driver <string> = "MainStatus" (cb=11)
00:00:15.935388
00:00:15.935388 [/Devices/e1000/0/LUN#999/Config/] (level 5) (restricted root)
00:00:15.935390 First <integer> = 0x0000000000000000 (0)
00:00:15.935391 Last <integer> = 0x0000000000000000 (0)
00:00:15.935393 papLeds <integer> = 0x0000000003e4d710 (65 328 912)
00:00:15.935394
00:00:15.935394 [/Devices/e1000/1/] (level 3)
00:00:15.935396 PCIBusNo <integer> = 0x0000000000000000 (0)
00:00:15.935397 PCIDeviceNo <integer> = 0x0000000000000008 (8)
00:00:15.935398 PCIFunctionNo <integer> = 0x0000000000000000 (0)
00:00:15.935399 Trusted <integer> = 0x0000000000000001 (1)
00:00:15.935400
00:00:15.935401 [/Devices/e1000/1/Config/] (level 4) (restricted root)
00:00:15.935403 AdapterType <integer> = 0x0000000000000002 (2)
00:00:15.935404 CableConnected <integer> = 0x0000000000000001 (1)
00:00:15.935405 LineSpeed <integer> = 0x0000000000000000 (0)
00:00:15.935406 MAC <bytes> = "08 00 27 79 95 e8" (cb=6)
00:00:15.935408
00:00:15.935408 [/Devices/e1000/1/LUN#0/] (level 4)
00:00:15.935410 Driver <string> = "IntNet" (cb=7)
00:00:15.935411
00:00:15.935411 [/Devices/e1000/1/LUN#0/Config/] (level 5) (restricted root)
00:00:15.935413 IfPolicyPromisc <string> = "deny" (cb=5)
00:00:15.935415 IgnoreConnectFailure <integer> = 0x0000000000000000 (0)
00:00:15.935416 Network <string> = "HostInterfaceNetworking-Realtek PCIe GBE Family Controller" (cb=59)
00:00:15.935417 Trunk <string> = "\DEVICE\{C256ECC9-6C48-400F-9EC2-E932652B3C05}" (cb=47)
00:00:15.935419 TrunkType <integer> = 0x0000000000000003 (3)
00:00:15.935420
00:00:15.935420 [/Devices/e1000/1/LUN#999/] (level 4)
00:00:15.935422 Driver <string> = "MainStatus" (cb=11)
00:00:15.935423
00:00:15.935423 [/Devices/e1000/1/LUN#999/Config/] (level 5) (restricted root)
00:00:15.935425 First <integer> = 0x0000000000000000 (0)
00:00:15.935426 Last <integer> = 0x0000000000000000 (0)
00:00:15.935427 papLeds <integer> = 0x0000000003e4d718 (65 328 920)
00:00:15.935429
00:00:15.935429 [/Devices/efi/] (level 2)
00:00:15.935431
00:00:15.935431 [/Devices/efi/0/] (level 3)
00:00:15.935433 Trusted <integer> = 0x0000000000000001 (1)
00:00:15.935434
00:00:15.935434 [/Devices/efi/0/Config/] (level 4) (restricted root)
00:00:15.935437 64BitEntry <integer> = 0x0000000000000001 (1)
00:00:15.935438 BootArgs <string> = "" (cb=1)
00:00:15.935439 DeviceProps <string> = "" (cb=1)
00:00:15.935440 DmiExposeMemoryTable <integer> = 0x0000000000000001 (1)
00:00:15.935441 DmiUseHostInfo <integer> = 0x0000000000000001 (1)
00:00:15.935443 EfiRom <string> = "C:\Program Files\Oracle\VirtualBox\VBoxEFI64.fd" (cb=48)
00:00:15.935444 GopMode <integer> = 0x00000000ffffffff (4 294 967 295)
00:00:15.935446 IOAPIC <integer> = 0x0000000000000001 (1)
00:00:15.935447 NumCPUs <integer> = 0x0000000000000004 (4)
00:00:15.935448 RamHoleSize <integer> = 0x0000000024000000 (603 979 776, 576 MB)
00:00:15.935450 RamSize <integer> = 0x0000000080000000 (2 147 483 648, 2 048 MB)
00:00:15.935452 UUID <bytes> = "ca 6e e9 70 97 d5 52 47 83 b5 4d 83 ff 86 cf 89" (cb=16)
00:00:15.935455 UgaHorizontalResolution <integer> = 0x0000000000000000 (0)
00:00:15.935457 UgaVerticalResolution <integer> = 0x0000000000000000 (0)
00:00:15.935458
00:00:15.935458 [/Devices/efi/0/LUN#0/] (level 4)
00:00:15.935460 Driver <string> = "NvramStorage" (cb=13)
00:00:15.935461
00:00:15.935461 [/Devices/efi/0/LUN#0/Config/] (level 5) (restricted root)
00:00:15.935463 Object <integer> = 0x0000000003e41390 (65 278 864)
00:00:15.935464
00:00:15.935465 [/Devices/hpet/] (level 2)
00:00:15.935466
00:00:15.935467 [/Devices/hpet/0/] (level 3)
00:00:15.935468 Trusted <integer> = 0x0000000000000001 (1)
00:00:15.935469
00:00:15.935470 [/Devices/hpet/0/Config/] (level 4) (restricted root)
00:00:15.935471 ICH9 <integer> = 0x0000000000000001 (1)
00:00:15.935473
00:00:15.935473 [/Devices/i8254/] (level 2)
00:00:15.935474
00:00:15.935475 [/Devices/i8254/0/] (level 3)
00:00:15.935476
00:00:15.935477 [/Devices/i8254/0/Config/] (level 4) (restricted root)
00:00:15.935478
00:00:15.935479 [/Devices/i8259/] (level 2)
00:00:15.935480
00:00:15.935480 [/Devices/i8259/0/] (level 3)
00:00:15.935482 Trusted <integer> = 0x0000000000000001 (1)
00:00:15.935483
00:00:15.935483 [/Devices/i8259/0/Config/] (level 4) (restricted root)
00:00:15.935485
00:00:15.935485 [/Devices/ich9pci/] (level 2)
00:00:15.935486
00:00:15.935487 [/Devices/ich9pci/0/] (level 3)
00:00:15.935488 Trusted <integer> = 0x0000000000000001 (1)
00:00:15.935489
00:00:15.935490 [/Devices/ich9pci/0/Config/] (level 4) (restricted root)
00:00:15.935491 IOAPIC <integer> = 0x0000000000000001 (1)
00:00:15.935493 McfgBase <integer> = 0x00000000dc000000 (3 690 987 520)
00:00:15.935494 McfgLength <integer> = 0x0000000004000000 (67 108 864)
00:00:15.935496
00:00:15.935496 [/Devices/ich9pcibridge/] (level 2)
00:00:15.935498
00:00:15.935498 [/Devices/ich9pcibridge/0/] (level 3)
00:00:15.935500 PCIBusNo <integer> = 0x0000000000000000 (0)
00:00:15.935501 PCIDeviceNo <integer> = 0x0000000000000018 (24)
00:00:15.935502 PCIFunctionNo <integer> = 0x0000000000000000 (0)
00:00:15.935503 Trusted <integer> = 0x0000000000000001 (1)
00:00:15.935504
00:00:15.935505 [/Devices/ich9pcibridge/0/Config/] (level 4) (restricted root)
00:00:15.935506
00:00:15.935507 [/Devices/ich9pcibridge/1/] (level 3)
00:00:15.935509 PCIBusNo <integer> = 0x0000000000000000 (0)
00:00:15.935510 PCIDeviceNo <integer> = 0x0000000000000019 (25)
00:00:15.935511 PCIFunctionNo <integer> = 0x0000000000000000 (0)
00:00:15.935512 Trusted <integer> = 0x0000000000000001 (1)
00:00:15.935513
00:00:15.935513 [/Devices/ich9pcibridge/1/Config/] (level 4) (restricted root)
00:00:15.935515
00:00:15.935516 [/Devices/ioapic/] (level 2)
00:00:15.935517
00:00:15.935517 [/Devices/ioapic/0/] (level 3)
00:00:15.935519 Trusted <integer> = 0x0000000000000001 (1)
00:00:15.935520
00:00:15.935520 [/Devices/ioapic/0/Config/] (level 4) (restricted root)
00:00:15.935522 NumCPUs <integer> = 0x0000000000000004 (4)
00:00:15.935523
00:00:15.935524 [/Devices/lpc/] (level 2)
00:00:15.935525
00:00:15.935525 [/Devices/lpc/0/] (level 3)
00:00:15.935527 PCIBusNo <integer> = 0x0000000000000000 (0)
00:00:15.935528 PCIDeviceNo <integer> = 0x000000000000001f (31)
00:00:15.935529 PCIFunctionNo <integer> = 0x0000000000000000 (0)
00:00:15.935530 Trusted <integer> = 0x0000000000000001 (1)
00:00:15.935531
00:00:15.935532 [/Devices/lpc/0/Config/] (level 4) (restricted root)
00:00:15.935533
00:00:15.935534 [/Devices/mc146818/] (level 2)
00:00:15.935535
00:00:15.935536 [/Devices/mc146818/0/] (level 3)
00:00:15.935537
00:00:15.935538 [/Devices/mc146818/0/Config/] (level 4) (restricted root)
00:00:15.935539 UseUTC <integer> = 0x0000000000000001 (1)
00:00:15.935540
00:00:15.935541 [/Devices/parallel/] (level 2)
00:00:15.935542
00:00:15.935543 [/Devices/pcarch/] (level 2)
00:00:15.935544
00:00:15.935544 [/Devices/pcarch/0/] (level 3)
00:00:15.935546 Trusted <integer> = 0x0000000000000001 (1)
00:00:15.935547
00:00:15.935547 [/Devices/pcarch/0/Config/] (level 4) (restricted root)
00:00:15.935549
00:00:15.935549 [/Devices/pckbd/] (level 2)
00:00:15.935551
00:00:15.935551 [/Devices/pckbd/0/] (level 3)
00:00:15.935552 Trusted <integer> = 0x0000000000000001 (1)
00:00:15.935554
00:00:15.935554 [/Devices/pckbd/0/Config/] (level 4) (restricted root)
00:00:15.935556
00:00:15.935556 [/Devices/pckbd/0/LUN#0/] (level 4)
00:00:15.935558 Driver <string> = "KeyboardQueue" (cb=14)
00:00:15.935559
00:00:15.935559 [/Devices/pckbd/0/LUN#0/AttachedDriver/] (level 5)
00:00:15.935561 Driver <string> = "MainKeyboard" (cb=13)
00:00:15.935562
00:00:15.935562 [/Devices/pckbd/0/LUN#0/AttachedDriver/Config/] (level 6) (restricted root)
00:00:15.935564 Object <integer> = 0x0000000003d69510 (64 394 512)
00:00:15.935566
00:00:15.935566 [/Devices/pckbd/0/LUN#0/Config/] (level 5) (restricted root)
00:00:15.935568 QueueSize <integer> = 0x0000000000000040 (64)
00:00:15.935569
00:00:15.935570 [/Devices/pckbd/0/LUN#1/] (level 4)
00:00:15.935572 Driver <string> = "MouseQueue" (cb=11)
00:00:15.935573
00:00:15.935573 [/Devices/pckbd/0/LUN#1/AttachedDriver/] (level 5)
00:00:15.935575 Driver <string> = "MainMouse" (cb=10)
00:00:15.935576
00:00:15.935576 [/Devices/pckbd/0/LUN#1/AttachedDriver/Config/] (level 6) (restricted root)
00:00:15.935578 Object <integer> = 0x0000000003e43eb0 (65 289 904)
00:00:15.935580
00:00:15.935580 [/Devices/pckbd/0/LUN#1/Config/] (level 5) (restricted root)
00:00:15.935582 QueueSize <integer> = 0x0000000000000080 (128)
00:00:15.935583
00:00:15.935584 [/Devices/pcnet/] (level 2)
00:00:15.935585
00:00:15.935585 [/Devices/serial/] (level 2)
00:00:15.935587
00:00:15.935587 [/Devices/smc/] (level 2)
00:00:15.935588
00:00:15.935589 [/Devices/smc/0/] (level 3)
00:00:15.935590 Trusted <integer> = 0x0000000000000001 (1)
00:00:15.935591
00:00:15.935592 [/Devices/smc/0/Config/] (level 4) (restricted root)
00:00:15.935593 DeviceKey <string> = "" (cb=1)
00:00:15.935594 GetKeyFromRealSMC <integer> = 0x0000000000000000 (0)
00:00:15.935596
00:00:15.935596 [/Devices/usb-ohci/] (level 2)
00:00:15.935597
00:00:15.935598 [/Devices/usb-ohci/0/] (level 3)
00:00:15.935599 PCIBusNo <integer> = 0x0000000000000000 (0)
00:00:15.935601 PCIDeviceNo <integer> = 0x000000000000001f (31)
00:00:15.935602 PCIFunctionNo <integer> = 0x0000000000000004 (4)
00:00:15.935603 Trusted <integer> = 0x0000000000000001 (1)
00:00:15.935604
00:00:15.935604 [/Devices/usb-ohci/0/Config/] (level 4) (restricted root)
00:00:15.935606
00:00:15.935606 [/Devices/usb-ohci/0/LUN#0/] (level 4)
00:00:15.935608 Driver <string> = "VUSBRootHub" (cb=12)
00:00:15.935609
00:00:15.935609 [/Devices/usb-ohci/0/LUN#0/Config/] (level 5) (restricted root)
00:00:15.935611
00:00:15.935612 [/Devices/usb-ohci/0/LUN#999/] (level 4)
00:00:15.935613 Driver <string> = "MainStatus" (cb=11)
00:00:15.935615
00:00:15.935615 [/Devices/usb-ohci/0/LUN#999/Config/] (level 5) (restricted root)
00:00:15.935617 First <integer> = 0x0000000000000000 (0)
00:00:15.935618 Last <integer> = 0x0000000000000000 (0)
00:00:15.935619 papLeds <integer> = 0x0000000003e4d838 (65 329 208)
00:00:15.935620
00:00:15.935621 [/Devices/vga/] (level 2)
00:00:15.935622
00:00:15.935623 [/Devices/vga/0/] (level 3)
00:00:15.935624 PCIBusNo <integer> = 0x0000000000000000 (0)
00:00:15.935625 PCIDeviceNo <integer> = 0x0000000000000002 (2)
00:00:15.935626 PCIFunctionNo <integer> = 0x0000000000000000 (0)
00:00:15.935627 Trusted <integer> = 0x0000000000000001 (1)
00:00:15.935628
00:00:15.935629 [/Devices/vga/0/Config/] (level 4) (restricted root)
00:00:15.935631 CustomVideoModes <integer> = 0x0000000000000000 (0)
00:00:15.935632 FadeIn <integer> = 0x0000000000000001 (1)
00:00:15.935633 FadeOut <integer> = 0x0000000000000001 (1)
00:00:15.935634 HeightReduction <integer> = 0x0000000000000000 (0)
00:00:15.935635 LogoFile <string> = "" (cb=1)
00:00:15.935636 LogoTime <integer> = 0x0000000000000000 (0)
00:00:15.935638 MonitorCount <integer> = 0x0000000000000001 (1)
00:00:15.935639 ShowBootMenu <integer> = 0x0000000000000002 (2)
00:00:15.935640 VRamSize <integer> = 0x0000000008000000 (134 217 728, 128 MB)
00:00:15.935641
00:00:15.935642 [/Devices/vga/0/LUN#0/] (level 4)
00:00:15.935644 Driver <string> = "MainDisplay" (cb=12)
00:00:15.935645
00:00:15.935645 [/Devices/vga/0/LUN#0/Config/] (level 5) (restricted root)
00:00:15.935647 Object <integer> = 0x0000000003e54fe0 (65 359 840)
00:00:15.935648
00:00:15.935649 [/Devices/vga/0/LUN#999/] (level 4)
00:00:15.935650 Driver <string> = "MainStatus" (cb=11)
00:00:15.935651
00:00:15.935651 [/Devices/vga/0/LUN#999/Config/] (level 5) (restricted root)
00:00:15.935653 First <integer> = 0x0000000000000000 (0)
00:00:15.935654 Last <integer> = 0x0000000000000000 (0)
00:00:15.935655 papLeds <integer> = 0x0000000003e4d848 (65 329 224)
00:00:15.935657
00:00:15.935657 [/Devices/virtio-net/] (level 2)
00:00:15.935659
00:00:15.935659 [/EM/] (level 1)
00:00:15.935660 TripleFaultReset <integer> = 0x0000000000000000 (0)
00:00:15.935661
00:00:15.935662 [/GIM/] (level 1)
00:00:15.935663 Provider <string> = "Minimal" (cb=8)
00:00:15.935664
00:00:15.935664 [/HM/] (level 1)
00:00:15.935666 64bitEnabled <integer> = 0x0000000000000001 (1)
00:00:15.935667 EnableLargePages <integer> = 0x0000000000000001 (1)
00:00:15.935668 EnableNestedPaging <integer> = 0x0000000000000001 (1)
00:00:15.935669 EnableUX <integer> = 0x0000000000000001 (1)
00:00:15.935670 EnableVPID <integer> = 0x0000000000000001 (1)
00:00:15.935671 Exclusive <integer> = 0x0000000000000000 (0)
00:00:15.935673 HMForced <integer> = 0x0000000000000001 (1)
00:00:15.935674
00:00:15.935674 [/MM/] (level 1)
00:00:15.935675 CanUseLargerHeap <integer> = 0x0000000000000001 (1)
00:00:15.935676
00:00:15.935677 [/PDM/] (level 1)
00:00:15.935678
00:00:15.935678 [/PDM/AsyncCompletion/] (level 2)
00:00:15.935680
00:00:15.935680 [/PDM/AsyncCompletion/File/] (level 3)
00:00:15.935682
00:00:15.935682 [/PDM/AsyncCompletion/File/BwGroups/] (level 4)
00:00:15.935684
00:00:15.935684 [/PDM/BlkCache/] (level 2)
00:00:15.935685 CacheSize <integer> = 0x0000000000500000 (5 242 880, 5 MB)
00:00:15.935687
00:00:15.935687 [/PDM/Devices/] (level 2)
00:00:15.935689
00:00:15.935689 [/PDM/Drivers/] (level 2)
00:00:15.935690
00:00:15.935691 [/PDM/Drivers/VBoxC/] (level 3)
00:00:15.935692 Path <string> = "VBoxC" (cb=6)
00:00:15.935693
00:00:15.935694 [/PDM/NetworkShaper/] (level 2)
00:00:15.935695
00:00:15.935695 [/PDM/NetworkShaper/BwGroups/] (level 3)
00:00:15.935697
00:00:15.935697 [/TM/] (level 1)
00:00:15.935698 UTCOffset <integer> = 0x0000000000000000 (0)
00:00:15.935699
00:00:15.935700 [/USB/] (level 1)
00:00:15.935701
00:00:15.935701 [/USB/HidKeyboard/] (level 2)
00:00:15.935703
00:00:15.935703 [/USB/HidKeyboard/0/] (level 3)
00:00:15.935705
00:00:15.935705 [/USB/HidKeyboard/0/Config/] (level 4) (restricted root)
00:00:15.935707
00:00:15.935707 [/USB/HidKeyboard/0/LUN#0/] (level 4)
00:00:15.935709 Driver <string> = "KeyboardQueue" (cb=14)
00:00:15.935710
00:00:15.935710 [/USB/HidKeyboard/0/LUN#0/AttachedDriver/] (level 5)
00:00:15.935712 Driver <string> = "MainKeyboard" (cb=13)
00:00:15.935713
00:00:15.935713 [/USB/HidKeyboard/0/LUN#0/AttachedDriver/Config/] (level 6) (restricted root)
00:00:15.935715 Object <integer> = 0x0000000003d69510 (64 394 512)
00:00:15.935717
00:00:15.935717 [/USB/HidKeyboard/0/LUN#0/Config/] (level 5) (restricted root)
00:00:15.935719 QueueSize <integer> = 0x0000000000000040 (64)
00:00:15.935720
00:00:15.935721 [/USB/HidKeyboard/GlobalConfig/] (level 3) (restricted root)
00:00:15.935722
00:00:15.935723 [/USB/HidMouse/] (level 2)
00:00:15.935724
00:00:15.935724 [/USB/HidMouse/0/] (level 3)
00:00:15.935726
00:00:15.935726 [/USB/HidMouse/0/Config/] (level 4) (restricted root)
00:00:15.935728 Mode <string> = "absolute" (cb=9)
00:00:15.935729
00:00:15.935729 [/USB/HidMouse/0/LUN#0/] (level 4)
00:00:15.935731 Driver <string> = "MouseQueue" (cb=11)
00:00:15.935732
00:00:15.935732 [/USB/HidMouse/0/LUN#0/AttachedDriver/] (level 5)
00:00:15.935734 Driver <string> = "MainMouse" (cb=10)
00:00:15.935735
00:00:15.935735 [/USB/HidMouse/0/LUN#0/AttachedDriver/Config/] (level 6) (restricted root)
00:00:15.935737 Object <integer> = 0x0000000003e43eb0 (65 289 904)
00:00:15.935739
00:00:15.935739 [/USB/HidMouse/0/LUN#0/Config/] (level 5) (restricted root)
00:00:15.935741 QueueSize <integer> = 0x0000000000000080 (128)
00:00:15.935742
00:00:15.935743 [/USB/HidMouse/GlobalConfig/] (level 3) (restricted root)
00:00:15.935744
00:00:15.935745 [/USB/USBProxy/] (level 2)
00:00:15.935746
00:00:15.935746 [/USB/USBProxy/GlobalConfig/] (level 3)
00:00:15.935748
00:00:15.935749 !!
00:00:15.935749 !! {clocks}
00:00:15.935750 !!
00:00:15.935753 Cpu Tick: 28112175362 (0x0000068b9dc102) 3000135195Hz paused - virtualized - virtual clock
00:00:15.935756 Cpu Tick: 28120576550 (0x0000068c1df226) 3000135195Hz ticking - virtualized - virtual clock
00:00:15.935759 Cpu Tick: 28120585572 (0x0000068c1e1564) 3000135195Hz ticking - virtualized - virtual clock
00:00:15.935762 Cpu Tick: 28120593513 (0x0000068c1e3469) 3000135195Hz ticking - virtualized - virtual clock
00:00:15.935764 Virtual: 9373098475 (0x0000022eae21eb) 1000000000Hz ticking
00:00:15.935766 VirtSync: 9373098710 (0x0000022eae22d6) ticking
00:00:15.935768 Real: 15944900 (0x00000000f34cc4) 1000Hz
00:00:15.935771 !!
00:00:15.935772 !! {cmos1}
00:00:15.935772 !!
00:00:15.935773 First CMOS bank, offsets 0x0E - 0x7F
00:00:15.935773 Offset 00 : --- use 'info rtc' to show CMOS clock --- 00 00
00:00:15.935775 Offset 10 : 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00
00:00:15.935778 Offset 20 : 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00
00:00:15.935781 Offset 30 : 00 00 20 00 00 7f 00 20-00 00 00 00 00 00 00 00
00:00:15.935784 Offset 40 : 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00
00:00:15.935787 Offset 50 : 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00
00:00:15.935790 Offset 60 : 04 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00
00:00:15.935793 Offset 70 : 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00
00:00:15.935796 !!
00:00:15.935797 !! {cmos2}
00:00:15.935797 !!
00:00:15.935798 Second CMOS bank, offsets 0x80 - 0xFF
00:00:15.935798 Offset 80 : 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00
00:00:15.935802 Offset 90 : 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00
00:00:15.935805 Offset a0 : 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00
00:00:15.935808 Offset b0 : 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00
00:00:15.935811 Offset c0 : 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00
00:00:15.935814 Offset d0 : 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00
00:00:15.935817 Offset e0 : 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00
00:00:15.935820 Offset f0 : 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00
00:00:15.935825 !!
00:00:15.935825 !! {e1k0}
00:00:15.935825 !!
00:00:15.935854 E1000 #0: port=c040 mmio=0000000088400000 mac-cfg=08:00:27:9b:c9:65 82545EM GC R0
00:00:15.935858 CTRL = 00000a09
00:00:15.935859 STATUS = 00000081
00:00:15.935860 EECD = 00000100
00:00:15.935880 EERD = 00000000
00:00:15.935881 CTRL_EXT = 00000000
00:00:15.935882 FLA = 00000000
00:00:15.935883 MDIC = 00000000
00:00:15.935883 FCAL = 00000000
00:00:15.935884 FCAH = 00000000
00:00:15.935885 FCT = 00000000
00:00:15.935886 VET = 00000000
00:00:15.935886 ICR = 00000000
00:00:15.935887 ITR = 00000000
00:00:15.935888 ICS = 00000000
00:00:15.935888 IMS = 00000000
00:00:15.935889 IMC = 00000000
00:00:15.935890 RCTL = 00000000
00:00:15.935891 FCTTV = 00000000
00:00:15.935891 TXCW = 00000000
00:00:15.935892 RXCW = 00000000
00:00:15.935893 TCTL = 00000000
00:00:15.935893 TIPG = 00000000
00:00:15.935894 AIFS = 00000000
00:00:15.935895 LEDCTL = 00000000
00:00:15.935896 PBA = 00000000
00:00:15.935896 FCRTL = 00000000
00:00:15.935897 FCRTH = 00000000
00:00:15.935898 RDFH = 00000000
00:00:15.935899 RDFT = 00000000
00:00:15.935899 RDFHS = 00000000
00:00:15.935900 RDFTS = 00000000
00:00:15.935901 RDFPC = 00000000
00:00:15.935901 RDBAL = 00000000
00:00:15.935902 RDBAH = 00000000
00:00:15.935903 RDLEN = 00000000
00:00:15.935904 RDH = 00000000
00:00:15.935904 RDT = 00000000
00:00:15.935905 RDTR = 00000000
00:00:15.935906 RXDCTL = 00000000
00:00:15.935906 RADV = 00000000
00:00:15.935907 RSRPD = 00000000
00:00:15.935908 TXDMAC = 00000000
00:00:15.935909 TDFH = 00000000
00:00:15.935909 TDFT = 00000000
00:00:15.935910 TDFHS = 00000000
00:00:15.935911 TDFTS = 00000000
00:00:15.935911 TDFPC = 00000000
00:00:15.935912 TDBAL = 00000000
00:00:15.935913 TDBAH = 00000000
00:00:15.935914 TDLEN = 00000000
00:00:15.935914 TDH = 00000000
00:00:15.935915 TDT = 00000000
00:00:15.935916 TIDV = 00000000
00:00:15.935916 TXDCTL = 00000000
00:00:15.935917 TADV = 00000000
00:00:15.935918 TSPMT = 01000400
00:00:15.935919 CRCERRS = 00000000
00:00:15.935919 ALGNERRC = 00000000
00:00:15.935920 SYMERRS = 00000000
00:00:15.935921 RXERRC = 00000000
00:00:15.935921 MPC = 00000000
00:00:15.935922 SCC = 00000000
00:00:15.935923 ECOL = 00000000
00:00:15.935924 MCC = 00000000
00:00:15.935924 LATECOL = 00000000
00:00:15.935925 COLC = 00000000
00:00:15.935926 DC = 00000000
00:00:15.935927 TNCRS = 00000000
00:00:15.935927 SEC = 00000000
00:00:15.935928 CEXTERR = 00000000
00:00:15.935929 RLEC = 00000000
00:00:15.935929 XONRXC = 00000000
00:00:15.935930 XONTXC = 00000000
00:00:15.935931 XOFFRXC = 00000000
00:00:15.935931 XOFFTXC = 00000000
00:00:15.935932 FCRUC = 00000000
00:00:15.935933 PRC64 = 00000000
00:00:15.935934 PRC127 = 00000000
00:00:15.935934 PRC255 = 00000000
00:00:15.935935 PRC511 = 00000000
00:00:15.935936 PRC1023 = 00000000
00:00:15.935936 PRC1522 = 00000000
00:00:15.935937 GPRC = 00000000
00:00:15.935938 BPRC = 00000000
00:00:15.935939 MPRC = 00000000
00:00:15.935939 GPTC = 00000000
00:00:15.935940 GORCL = 00000000
00:00:15.935941 GORCH = 00000000
00:00:15.935941 GOTCL = 00000000
00:00:15.935942 GOTCH = 00000000
00:00:15.935943 RNBC = 00000000
00:00:15.935943 RUC = 00000000
00:00:15.935944 RFC = 00000000
00:00:15.935945 ROC = 00000000
00:00:15.935946 RJC = 00000000
00:00:15.935946 MGTPRC = 00000000
00:00:15.935947 MGTPDC = 00000000
00:00:15.935948 MGTPTC = 00000000
00:00:15.935948 TORL = 00000000
00:00:15.935949 TORH = 00000000
00:00:15.935950 TOTL = 00000000
00:00:15.935951 TOTH = 00000000
00:00:15.935951 TPR = 00000000
00:00:15.935952 TPT = 00000000
00:00:15.935953 PTC64 = 00000000
00:00:15.935953 PTC127 = 00000000
00:00:15.935954 PTC255 = 00000000
00:00:15.935955 PTC511 = 00000000
00:00:15.935956 PTC1023 = 00000000
00:00:15.935956 PTC1522 = 00000000
00:00:15.935977 MPTC = 00000000
00:00:15.935978 BPTC = 00000000
00:00:15.935979 TSCTC = 00000000
00:00:15.935980 TSCTFC = 00000000
00:00:15.935981 RXCSUM = 00000000
00:00:15.935981 WUC = 00000000
00:00:15.935982 WUFC = 00000000
00:00:15.935983 WUS = 00000000
00:00:15.935984 MANC = 00000000
00:00:15.935984 IPAV = 00000000
00:00:15.935985 WUPL = 00000000
00:00:15.935986 RA00: DST 08:00:27:9b:c9:65
00:00:15.935988
00:00:15.935988 -- Receive Descriptors (0 total) --
00:00:15.935989
00:00:15.935990 -- Receive Descriptors in Cache (at 0 (RDH 0)/ fetched 0 / max 16) --
00:00:15.935991
00:00:15.935991 -- Transmit Descriptors (0 total) --
00:00:15.935992
00:00:15.935992 -- Transmit Descriptors in Cache (at 0 (TDH 0)/ fetched 0 / max 64) --
00:00:15.935994 !!
00:00:15.935994 !! {e1k1}
00:00:15.935995 !!
00:00:15.935996 E1000 #1: port=c048 mmio=0000000088420000 mac-cfg=08:00:27:79:95:e8 82545EM GC R0
00:00:15.935998 CTRL = 00000a09
00:00:15.935999 STATUS = 00000081
00:00:15.936000 EECD = 00000100
00:00:15.936001 EERD = 00000000
00:00:15.936001 CTRL_EXT = 00000000
00:00:15.936002 FLA = 00000000
00:00:15.936003 MDIC = 00000000
00:00:15.936004 FCAL = 00000000
00:00:15.936004 FCAH = 00000000
00:00:15.936005 FCT = 00000000
00:00:15.936006 VET = 00000000
00:00:15.936006 ICR = 00000000
00:00:15.936007 ITR = 00000000
00:00:15.936008 ICS = 00000000
00:00:15.936009 IMS = 00000000
00:00:15.936009 IMC = 00000000
00:00:15.936010 RCTL = 00000000
00:00:15.936011 FCTTV = 00000000
00:00:15.936011 TXCW = 00000000
00:00:15.936014 RXCW = 00000000
00:00:15.936014 TCTL = 00000000
00:00:15.936015 TIPG = 00000000
00:00:15.936016 AIFS = 00000000
00:00:15.936016 LEDCTL = 00000000
00:00:15.936017 PBA = 00000000
00:00:15.936018 FCRTL = 00000000
00:00:15.936019 FCRTH = 00000000
00:00:15.936019 RDFH = 00000000
00:00:15.936020 RDFT = 00000000
00:00:15.936021 RDFHS = 00000000
00:00:15.936021 RDFTS = 00000000
00:00:15.936022 RDFPC = 00000000
00:00:15.936023 RDBAL = 00000000
00:00:15.936023 RDBAH = 00000000
00:00:15.936024 RDLEN = 00000000
00:00:15.936025 RDH = 00000000
00:00:15.936026 RDT = 00000000
00:00:15.936026 RDTR = 00000000
00:00:15.936027 RXDCTL = 00000000
00:00:15.936028 RADV = 00000000
00:00:15.936028 RSRPD = 00000000
00:00:15.936029 TXDMAC = 00000000
00:00:15.936030 TDFH = 00000000
00:00:15.936030 TDFT = 00000000
00:00:15.936031 TDFHS = 00000000
00:00:15.936032 TDFTS = 00000000
00:00:15.936033 TDFPC = 00000000
00:00:15.936033 TDBAL = 00000000
00:00:15.936034 TDBAH = 00000000
00:00:15.936035 TDLEN = 00000000
00:00:15.936035 TDH = 00000000
00:00:15.936036 TDT = 00000000
00:00:15.936037 TIDV = 00000000
00:00:15.936037 TXDCTL = 00000000
00:00:15.936038 TADV = 00000000
00:00:15.936039 TSPMT = 01000400
00:00:15.936040 CRCERRS = 00000000
00:00:15.936040 ALGNERRC = 00000000
00:00:15.936041 SYMERRS = 00000000
00:00:15.936042 RXERRC = 00000000
00:00:15.936042 MPC = 00000000
00:00:15.936043 SCC = 00000000
00:00:15.936044 ECOL = 00000000
00:00:15.936045 MCC = 00000000
00:00:15.936045 LATECOL = 00000000
00:00:15.936046 COLC = 00000000
00:00:15.936047 DC = 00000000
00:00:15.936047 TNCRS = 00000000
00:00:15.936048 SEC = 00000000
00:00:15.936049 CEXTERR = 00000000
00:00:15.936049 RLEC = 00000000
00:00:15.936050 XONRXC = 00000000
00:00:15.936051 XONTXC = 00000000
00:00:15.936052 XOFFRXC = 00000000
00:00:15.936052 XOFFTXC = 00000000
00:00:15.936053 FCRUC = 00000000
00:00:15.936054 PRC64 = 00000000
00:00:15.936054 PRC127 = 00000000
00:00:15.936055 PRC255 = 00000000
00:00:15.936056 PRC511 = 00000000
00:00:15.936056 PRC1023 = 00000000
00:00:15.936057 PRC1522 = 00000000
00:00:15.936058 GPRC = 00000000
00:00:15.936058 BPRC = 00000000
00:00:15.936059 MPRC = 00000000
00:00:15.936060 GPTC = 00000000
00:00:15.936060 GORCL = 00000000
00:00:15.936061 GORCH = 00000000
00:00:15.936062 GOTCL = 00000000
00:00:15.936063 GOTCH = 00000000
00:00:15.936063 RNBC = 00000000
00:00:15.936064 RUC = 00000000
00:00:15.936065 RFC = 00000000
00:00:15.936065 ROC = 00000000
00:00:15.936066 RJC = 00000000
00:00:15.936067 MGTPRC = 00000000
00:00:15.936067 MGTPDC = 00000000
00:00:15.936068 MGTPTC = 00000000
00:00:15.936069 TORL = 00000000
00:00:15.936070 TORH = 00000000
00:00:15.936070 TOTL = 00000000
00:00:15.936071 TOTH = 00000000
00:00:15.936072 TPR = 00000000
00:00:15.936072 TPT = 00000000
00:00:15.936073 PTC64 = 00000000
00:00:15.936074 PTC127 = 00000000
00:00:15.936074 PTC255 = 00000000
00:00:15.936075 PTC511 = 00000000
00:00:15.936076 PTC1023 = 00000000
00:00:15.936076 PTC1522 = 00000000
00:00:15.936077 MPTC = 00000000
00:00:15.936078 BPTC = 00000000
00:00:15.936079 TSCTC = 00000000
00:00:15.936079 TSCTFC = 00000000
00:00:15.936080 RXCSUM = 00000000
00:00:15.936081 WUC = 00000000
00:00:15.936081 WUFC = 00000000
00:00:15.936082 WUS = 00000000
00:00:15.936083 MANC = 00000000
00:00:15.936083 IPAV = 00000000
00:00:15.936084 WUPL = 00000000
00:00:15.936085 RA00: DST 08:00:27:79:95:e8
00:00:15.936087
00:00:15.936087 -- Receive Descriptors (0 total) --
00:00:15.936088
00:00:15.936088 -- Receive Descriptors in Cache (at 0 (RDH 0)/ fetched 0 / max 16) --
00:00:15.936089
00:00:15.936090 -- Transmit Descriptors (0 total) --
00:00:15.936091
00:00:15.936091 -- Transmit Descriptors in Cache (at 0 (TDH 0)/ fetched 0 / max 64) --
00:00:15.936093 !!
00:00:15.936093 !! {fflags}
00:00:15.936093 !!
00:00:15.936094 Global FFs: 0x0
00:00:15.936096 CPU 0 FFs: 0x0
00:00:15.936098 CPU 1 FFs: 0x90000
00:00:15.936099 PGM_SYNC_CR3, TLB_FLUSH
00:00:15.936101 Groups:
00:00:15.936101 HIGH_PRIORITY_PRE, HIGH_PRIORITY_PRE_RAW
00:00:15.936102 CPU 2 FFs: 0x90000
00:00:15.936103 PGM_SYNC_CR3, TLB_FLUSH
00:00:15.936104 Groups:
00:00:15.936104 HIGH_PRIORITY_PRE, HIGH_PRIORITY_PRE_RAW
00:00:15.936105 CPU 3 FFs: 0x90000
00:00:15.936106 PGM_SYNC_CR3, TLB_FLUSH
00:00:15.936107 Groups:
00:00:15.936108 HIGH_PRIORITY_PRE, HIGH_PRIORITY_PRE_RAW
00:00:15.936109 !!
00:00:15.936109 !! {gdtguest}
00:00:15.936110 !!
00:00:15.936132 Guest GDT (GCAddr=ffffff8000001000 limit=97):
00:00:15.936141 0010 - 23107020 ffffff80 - base=ff802310 limit=f7020fff dpl=3 CodeConfER Accessed Present Page 32-bit
00:00:15.936144 0020 - 0000000f 00cff200 - base=00000000 limit=f000ffff dpl=3 DataRW Present Page 32-bit
00:00:15.936146 0028 - 0000ffff 00affa00 - base=00000000 limit=ffffffff dpl=3 CodeER Present Page 16-bit
00:00:15.936149 0040 - 234364b0 ffffff80 - base=ff802343 limit=f64b0fff dpl=3 CodeConfER Accessed Present Page 32-bit
00:00:15.936153 0068 - 23107100 ffffff80 - base=ff802310 limit=f7100fff dpl=3 CodeConfER Accessed Present Page 32-bit
00:00:15.936156 0078 - 23abd000 ffffff80 - base=ff8023ab limit=fd000fff dpl=3 CodeConfER Accessed Present Page 32-bit
00:00:15.936159 0080 - 2310bec4 ffffff80 - base=ff802310 limit=fbec4fff dpl=3 CodeConfER Accessed Present Page 32-bit
00:00:15.936161 0090 - 2310bf20 ffffff80 - base=ff802310 limit=fbf20fff dpl=3 CodeConfER Accessed Present Page 32-bit
00:00:15.936163 !!
00:00:15.936163 !! {guestprops}
00:00:15.936163 !!
00:00:15.936166 /VirtualBox/HostInfo/GUI/LanguageID: 'ru_RU', 1423369427455446000
00:00:15.936168 /VirtualBox/HostInfo/VBoxVerExt: '5.0.0', 1438532340635601002 (TRANSIENT, RDONLYGUEST)
00:00:15.936171 /VirtualBox/HostGuest/SysprepExec: '', 1438532340634625200 (TRANSIENT, RDONLYGUEST)
00:00:15.936173 /VirtualBox/HostGuest/SysprepArgs: '', 1438532340635601000 (TRANSIENT, RDONLYGUEST)
00:00:15.936175 /VirtualBox/HostInfo/VBoxRev: '101573', 1438532340635601003 (TRANSIENT, RDONLYGUEST)
00:00:15.936177 /VirtualBox/HostInfo/VBoxVer: '5.0.0', 1438532340635601001 (TRANSIENT, RDONLYGUEST)
00:00:15.936181 !!
00:00:15.936181 !! {hpet}
00:00:15.936181 !!
00:00:15.936182 HPET status:
00:00:15.936183 config=0000000000000000 isr=0000000000000000
00:00:15.936184 offset=0000000000000000 counter=0000000000000000 frequency=0429b17f
00:00:15.936185 legacy-mode=off timer-count=3
00:00:15.936186 Timers:
00:00:15.936187 0: comparator=ffffffffffffffff period(hidden)=0000000000000000 cfg=ffffffff00000030
00:00:15.936189 1: comparator=00000000ffffffff period(hidden)=0000000000000000 cfg=ffffffff00000000
00:00:15.936191 2: comparator=00000000ffffffff period(hidden)=0000000000000000 cfg=ffffffff00000000
00:00:15.936193 3: comparator=00000000ffffffff period(hidden)=0000000000000000 cfg=ffffffff00000000
00:00:15.936196 !!
00:00:15.936196 !! {ioapic}
00:00:15.936196 !!
00:00:15.936197 I/O APIC at 0xfec00000:
00:00:15.936198 IOAPICID : 0x04000000
00:00:15.936199 APIC ID = 0x04
00:00:15.936200 IOAPICVER : 0x00170011
00:00:15.936201 version = 0x11
00:00:15.936202 redirs = 24
00:00:15.936202 arb ID = 0x00000000
00:00:15.936203 IOAPICARB : 0x000000
00:00:15.936204 I/O redirection table
00:00:15.936204 idx dst_mode dst_addr mask trigger rirr polarity dlvr_st dlvr_mode vector
00:00:15.936205 00 phys 00 1 edge 0 activehi idle Fixed 0 (0000000000010000)
00:00:15.936207 01 phys 00 1 edge 0 activehi idle Fixed 0 (0000000000010000)
00:00:15.936209 02 phys 00 1 edge 0 activehi idle Fixed 0 (0000000000010000)
00:00:15.936211 03 phys 00 1 edge 0 activehi idle Fixed 0 (0000000000010000)
00:00:15.936213 04 phys 00 1 edge 0 activehi idle Fixed 0 (0000000000010000)
00:00:15.936215 05 phys 00 1 edge 0 activehi idle Fixed 0 (0000000000010000)
00:00:15.936217 06 phys 00 1 edge 0 activehi idle Fixed 0 (0000000000010000)
00:00:15.936219 07 phys 00 1 edge 0 activehi idle Fixed 0 (0000000000010000)
00:00:15.936221 08 phys 00 1 edge 0 activehi idle Fixed 0 (0000000000010000)
00:00:15.936223 09 phys 00 1 edge 0 activehi idle Fixed 0 (0000000000010000)
00:00:15.936225 10 phys 00 1 edge 0 activehi idle Fixed 0 (0000000000010000)
00:00:15.936227 11 phys 00 1 edge 0 activehi idle Fixed 0 (0000000000010000)
00:00:15.936228 12 phys 00 1 edge 0 activehi idle Fixed 0 (0000000000010000)
00:00:15.936230 13 phys 00 1 edge 0 activehi idle Fixed 0 (0000000000010000)
00:00:15.936232 14 phys 00 1 edge 0 activehi idle Fixed 0 (0000000000010000)
00:00:15.936234 15 phys 00 1 edge 0 activehi idle Fixed 0 (0000000000010000)
00:00:15.936236 16 phys 00 1 edge 0 activehi idle Fixed 0 (0000000000010000)
00:00:15.936238 17 phys 00 1 edge 0 activehi idle Fixed 0 (0000000000010000)
00:00:15.936240 18 phys 00 1 edge 0 activehi idle Fixed 0 (0000000000010000)
00:00:15.936242 19 phys 00 1 edge 0 activehi idle Fixed 0 (0000000000010000)
00:00:15.936244 20 phys 00 1 edge 0 activehi idle Fixed 0 (0000000000010000)
00:00:15.936246 21 phys 00 1 edge 0 activehi idle Fixed 0 (0000000000010000)
00:00:15.936248 22 phys 00 1 edge 0 activehi idle Fixed 0 (0000000000010000)
00:00:15.936250 23 phys 00 1 edge 0 activehi idle Fixed 0 (0000000000010000)
00:00:15.936252 !!
00:00:15.936252 !! {ioport}
00:00:15.936253 !!
00:00:15.936254 I/O Port R3 ranges (pVM=0000000004dd0000)
00:00:15.936255 Range pDevIns In Out pvUser Description
00:00:15.936257 0000-0007 0000000003e33c30 00007ff8e7d1c320 00007ff8e7d1c260 0000000003e33d40 DMA8 Address
00:00:15.936260 0008-000f 0000000003e33c30 00007ff8e7d1c4e0 00007ff8e7d1c3b0 0000000003e33d40 DMA8 Control
00:00:15.936262 0020-0021 0000000006ba1370 00007ff8e7cee0c0 00007ff8e7cee180 0000000000000000 i8259 PIC #0
00:00:15.936264 0040-0043 0000000006ba2370 00007ff8e7cec070 00007ff8e7ceccf0 0000000000000000 i8254 Programmable Interval Timer
00:00:15.936267 0060-0060 0000000006b9ec90 00007ff8e7cc2340 00007ff8e7cc23b0 0000000000000000 PC Keyboard - Data
00:00:15.936269 0061-0061 0000000006ba2370 00007ff8e7cec220 00007ff8e7cecf80 0000000000000000 PC Speaker
00:00:15.936271 0064-0064 0000000006b9ec90 00007ff8e7cc23e0 00007ff8e7cc2410 0000000000000000 PC Keyboard - Command / Status
00:00:15.936273 0070-0073 0000000006ba2850 00007ff8e7cf41d0 00007ff8e7cf4330 0000000000000000 MC146818 RTC/CMOS
00:00:15.936276 0080-0087 0000000003e33c30 00007ff8e7d1c600 00007ff8e7d1c660 0000000003e33d40 DMA8 Page
00:00:15.936278 0088-008f 0000000003e33c30 00007ff8e7d1c600 00007ff8e7d1c660 0000000003e33de0 DMA16 Page
00:00:15.936280 0092-0092 00000000047e1690 00007ff8e7cfb400 00007ff8e7cfb470 0000000000000000 PS/2 system control port A (A20 and more)
00:00:15.936282 00a0-00a1 0000000006ba1370 00007ff8e7cee0c0 00007ff8e7cee180 0000000000000001 i8259 PIC #1
00:00:15.936285 00c0-00cf 0000000003e33c30 00007ff8e7d1c320 00007ff8e7d1c260 0000000003e33de0 DMA16 Address
00:00:15.936287 00d0-00df 0000000003e33c30 00007ff8e7d1c4e0 00007ff8e7d1c3b0 0000000003e33de0 DMA16 Control
00:00:15.936289 00f0-00ff 00000000047e1690 00007ff8e7cfb2e0 00007ff8e7cfb330 0000000000000000 Math Co-Processor (DOS/OS2 mode)
00:00:15.936292 01ce-01ce 0000000009ab0000 00007ff8e7cd9850 00007ff8e7cd9760 0000000000000000 VGA/VBE - Index
00:00:15.936294 01cf-01cf 0000000009ab0000 00007ff8e7cd97c0 00007ff8e7cd96d0 0000000000000000 VGA/VBE - Data
00:00:15.936296 0300-031f 0000000006b58370 00007ff8e7cd3290 00007ff8e7cd31d0 0000000000000000 SMC data port
00:00:15.936299 03b0-03b3 0000000009ab0000 00007ff8e7cd9930 00007ff8e7cd98b0 0000000000000000 VGA - 3b0 (HGSMI host)
00:00:15.936301 03b4-03b5 0000000009ab0000 00007ff8e7cd9630 00007ff8e7cd95b0 0000000000000000 VGA - 3b4
00:00:15.936303 03b6-03b6 0000000009ab0000 00007ff8e7cda460 00007ff8e7cda440 0000000000000000 VBE BIOS Extra Data
00:00:15.936305 03b7-03b7 0000000009ab0000 00007ff8e7cda400 00007ff8e7cda410 0000000000000000 VGA BIOS debug/panic
00:00:15.936308 03b8-03b8 0000000009ab0000 00007ff8e7cdb080 00007ff8e7cdae30 0000000000000000 BIOS Logo
00:00:15.936310 03ba-03ba 0000000009ab0000 00007ff8e7cd9630 00007ff8e7cd95b0 0000000000000000 VGA - 3ba
00:00:15.936312 03c0-03cf 0000000009ab0000 00007ff8e7cd9630 00007ff8e7cd95b0 0000000000000000 VGA - 3c0
00:00:15.936314 03d0-03d3 0000000009ab0000 00007ff8e7cd9930 00007ff8e7cd98b0 0000000000000000 VGA - 3d0 (HGSMI guest)
00:00:15.936317 03d4-03d5 0000000009ab0000 00007ff8e7cd9630 00007ff8e7cd95b0 0000000000000000 VGA - 3d4
00:00:15.936319 03da-03da 0000000009ab0000 00007ff8e7cd9630 00007ff8e7cd95b0 0000000000000000 VGA - 3da
00:00:15.936321 04d0-04d0 0000000006ba1370 00007ff8e7cee210 00007ff8e7cee290 0000000006ba1470 i8259 PIC #0 - elcr
00:00:15.936323 04d1-04d1 0000000006ba1370 00007ff8e7cee210 00007ff8e7cee290 0000000006ba14b8 i8259 PIC #1 - elcr
00:00:15.936326 0504-0504 0000000006ba3090 00007ff8e9eaa0f0 00007ff8e7cff5c0 0000000000000000 VMMDev backdoor logging
00:00:15.936328 0505-0505 0000000006ba3090 00007ff8e7cff740 00007ff8e7cff710 0000000000000000 VMMDev timesync backdoor
00:00:15.936330 0cf8-0cf8 0000000006b5c540 00007ff8e7cccfe0 00007ff8e7cccf90 0000000000000000 ICH9 (PCI)
00:00:15.936333 0cfc-0cff 0000000006b5c540 00007ff8e7ccf860 00007ff8e7ccf670 0000000000000000 ICH9 (PCI)
00:00:15.936335 4000-4000 0000000006bbf830 00007ff8e7cf0050 00007ff8e7cf00f0 0000000006bbf930 ACPI PM1a Status
00:00:15.936337 4002-4002 0000000006bbf830 00007ff8e7ceff20 00007ff8e7ceff90 0000000006bbf930 ACPI PM1a Enable
00:00:15.936340 4004-4004 0000000006bbf830 00007ff8e7cf01c0 00007ff8e7cf0260 0000000006bbf930 ACPI PM1a Control
00:00:15.936342 4008-4008 0000000006bbf830 00007ff8e7cf04e0 00007ff8e9eaa180 0000000006bbf930 ACPI PM Timer
00:00:15.936344 4020-4020 0000000006bbf830 00007ff8e7cf05a0 00007ff8e7cf0640 0000000006bbf930 ACPI GPE0 Status
00:00:15.936347 4021-4021 0000000006bbf830 00007ff8e7cf06f0 00007ff8e7cf0790 0000000006bbf930 ACPI GPE0 Enable
00:00:15.936349 4040-4040 0000000006bbf830 00007ff8e9eaa0f0 00007ff8e7cef630 0000000006bbf930 ACPI Battery status index
00:00:15.936352 4044-4044 0000000006bbf830 00007ff8e7cef6f0 00007ff8e9eaa180 0000000006bbf930 ACPI Battery status data
00:00:15.936354 4048-4048 0000000006bbf830 00007ff8e9eaa0f0 00007ff8e7cef910 0000000006bbf930 ACPI system info index
00:00:15.936356 404c-404c 0000000006bbf830 00007ff8e7cef9f0 00007ff8e7cefda0 0000000006bbf930 ACPI system info data
00:00:15.936359 4050-4050 0000000006bbf830 00007ff8e9eaa0f0 00007ff8e7cf0900 0000000006bbf930 ACPI Reset
00:00:15.936361 442e-442e 0000000006bbf830 00007ff8e9eaa0f0 00007ff8e7cf0840 0000000006bbf930 ACPI SMI
00:00:15.936364 c000-c000 0000000006ba3090 00007ff8e9eaa0f0 00007ff8e7cff210 0000000006ba3190 VMMDev Request Handler
00:00:15.936366 c020-c02f 0000000006baaf40 00007ff8e7d846a0 00007ff8e7d84640 0000000000000000 AHCI IDX/DATA
00:00:15.936451 c030-c037 0000000006baaf40 00007ff8e7d84630 00007ff8e7d84620 0000000000000000 AHCI Fake
00:00:15.936456 c038-c03f 0000000006baaf40 00007ff8e7d84630 00007ff8e7d84620 0000000000000000 AHCI Fake
00:00:15.936459 c040-c047 0000000006bb2860 00007ff8e7d7a180 00007ff8e7d7a230 0000000000000000 E1000
00:00:15.936461 c048-c04f 0000000006bb81d0 00007ff8e7d7a180 00007ff8e7d7a230 0000000000000000 E1000
00:00:15.936463 ef10-ef17 00000000088d08e0 00007ff8e7d9fb80 00007ff8e7d9fdb0 0000000000000000 EFI communication ports
00:00:15.936466 I/O Port R0 ranges (pVM=0000000004dd0000)
00:00:15.936466 Range pDevIns In Out pvUser Description
00:00:15.936468 0020-0021 0000000006ba1370 fffff8019d5288b0 fffff8019d528970 0000000000000000 i8259 PIC #0
00:00:15.936471 0040-0043 0000000006ba2370 fffff8019d527a50 fffff8019d527c00 0000000000000000 i8254 Programmable Interval Timer
00:00:15.936473 0060-0060 0000000006b9ec90 fffff8019d526520 fffff8019d526590 0000000000000000 PC Keyboard - Data
00:00:15.936476 0064-0064 0000000006b9ec90 fffff8019d5265c0 fffff8019d5265f0 0000000000000000 PC Keyboard - Command / Status
00:00:15.936478 0070-0073 0000000006ba2850 fffff8019d528d70 fffff8019d528ed0 0000000000000000 MC146818 RTC/CMOS
00:00:15.936481 00a0-00a1 0000000006ba1370 fffff8019d5288b0 fffff8019d528970 0000000000000001 i8259 PIC #1
00:00:15.936484 01ce-01ce 0000000009ab0000 fffff8019d525210 fffff8019d525120 0000000000000000 VGA/VBE - Index (GC)
00:00:15.936486 01cf-01cf 0000000009ab0000 fffff8019d525180 fffff8019d525090 0000000000000000 VGA/VBE - Data (GC)
00:00:15.936489 03b4-03b5 0000000009ab0000 fffff8019d524ff0 fffff8019d524f70 0000000000000000 VGA - 3b4 (GC)
00:00:15.936491 03b7-03b7 0000000009ab0000 fffff8019d525d60 fffff8019d525d70 0000000000000000 VGA BIOS debug/panic
00:00:15.936494 03ba-03ba 0000000009ab0000 fffff8019d524ff0 fffff8019d524f70 0000000000000000 VGA - 3ba (GC)
00:00:15.936497 03c0-03cf 0000000009ab0000 fffff8019d524ff0 fffff8019d524f70 0000000000000000 VGA - 3c0 (GC)
00:00:15.936499 03d4-03d5 0000000009ab0000 fffff8019d524ff0 fffff8019d524f70 0000000000000000 VGA - 3d4 (GC)
00:00:15.936502 03da-03da 0000000009ab0000 fffff8019d524ff0 fffff8019d524f70 0000000000000000 VGA - 3da (GC)
00:00:15.936504 04d0-04d0 0000000006ba1370 fffff8019d528a00 fffff8019d528a80 0000000006ba1470 i8259 PIC #0 - elcr
00:00:15.936507 04d1-04d1 0000000006ba1370 fffff8019d528a00 fffff8019d528a80 0000000006ba14b8 i8259 PIC #1 - elcr
00:00:15.936510 0cf8-0cf8 0000000006b5c540 fffff8019d5227d0 fffff8019d522780 0000000000000000 ICH9 (PCI)
00:00:15.936512 0cfc-0cff 0000000006b5c540 fffff8019d522a10 fffff8019d5228b0 0000000000000000 ICH9 (PCI)
00:00:15.936515 4008-4008 0000000006bbf830 fffff8019d527690 0000000000000000 0000000000000000 ACPI PM Timer
00:00:15.936517 c020-c02f 0000000006baaf40 fffff8019d535ee0 fffff8019d535e80 0000000000000000 AHCI IDX/DATA
00:00:15.936519 c030-c037 0000000006baaf40 fffff8019d535e70 fffff8019d535e60 0000000000000000 AHCI Fake
00:00:15.936522 c038-c03f 0000000006baaf40 fffff8019d535e70 fffff8019d535e60 0000000000000000 AHCI Fake
00:00:15.936525 c040-c047 0000000006bb2860 fffff8019d5329d0 fffff8019d532a80 0000000000000000 E1000
00:00:15.936527 c048-c04f 0000000006bb81d0 fffff8019d5329d0 fffff8019d532a80 0000000000000000 E1000
00:00:15.936530 I/O Port GC ranges (pVM=0000000004dd0000)
00:00:15.936531 Range pDevIns In Out pvUser Description
00:00:15.936532 !!
00:00:15.936533 !! {ldtguest}
00:00:15.936533 !!
00:00:15.936534 Guest LDT (Sel=30 GCAddr=ffffff8023a3b000 limit=17):
00:00:15.936541 000c - 0000ffff 00cff200 - base=00000000 limit=ffffffff dpl=3 DataRW Present Page 32-bit
00:00:15.936542 !!
00:00:15.936543 !! {lpc}
00:00:15.936543 !!
00:00:15.936545 APIC backdoor closed: 00 00
00:00:15.936545 PIRQA -> IRQ11
00:00:15.936546 PIRQB -> IRQ9
00:00:15.936547 PIRQC -> IRQ11
00:00:15.936548 PIRQD -> IRQ9
00:00:15.936548 PIRQE disabled
00:00:15.936549 PIRQF disabled
00:00:15.936549 PIRQG disabled
00:00:15.936550 PIRQH disabled
00:00:15.936551 !!
00:00:15.936551 !! {mmio}
00:00:15.936552 !!
00:00:15.936553 MMIO ranges (pVM=0000000004dd0000)
00:00:15.936553 GC Phys Range pDevIns Read Write Fill pvUser Description
00:00:15.936556 00000000000a0000-00000000000bffff 0000000009ab0000 00007ff8e7cd9fc0 00007ff8e7cda180 00007ff8e7cd9f90 0000000000000000 VGA - VGA Video Buffer
00:00:15.936559 R0 0000000009ab0000 fffff8019d5258b0 fffff8019d525a70 fffff8019d525880 0000000000000000
00:00:15.936563 RC 00000000 00000000 00000000 00000000 00000000
00:00:15.936565 0000000088400000-000000008841ffff 0000000006bb2860 00007ff8e7d7a080 00007ff8e7d7a100 0000000000000000 0000000000000000 E1000
00:00:15.936568 R0 0000000006bb2860 fffff8019d5328d0 fffff8019d532950 0000000000000000 0000000000000000
00:00:15.936571 RC 00000000 00000000 00000000 00000000 00000000
00:00:15.936573 0000000088420000-000000008843ffff 0000000006bb81d0 00007ff8e7d7a080 00007ff8e7d7a100 0000000000000000 0000000000000000 E1000 [1]
00:00:15.936576 R0 0000000006bb81d0 fffff8019d5328d0 fffff8019d532950 0000000000000000 0000000000000000
00:00:15.936579 RC 00000000 00000000 00000000 00000000 00000000
00:00:15.936581 0000000088444000-0000000088445fff 0000000006baaf40 00007ff8e7d84550 00007ff8e7d84570 0000000000000000 0000000000000000 AHCI
00:00:15.936584 R0 0000000006baaf40 fffff8019d535d90 fffff8019d535db0 0000000000000000 0000000000000000
00:00:15.936587 RC 00000000 00000000 00000000 00000000 00000000
00:00:15.936589 0000000088446000-0000000088446fff 0000000006bbded0 00007ff8e7d59680 00007ff8e7d596e0 0000000000000000 0000000000000000 USB OHCI
00:00:15.936592 R0 0000000006bbded0 fffff8019d535300 fffff8019d535360 0000000000000000 0000000000000000
00:00:15.936595 RC 00000000 00000000 00000000 00000000 00000000
00:00:15.936597 00000000dc000000-00000000dfffffff 0000000006b5c540 00007ff8e7ccf9f0 00007ff8e7ccf940 0000000000000000 0000000000000000 MCFG ranges
00:00:15.936600 R0 0000000006b5c540 fffff8019d522da0 fffff8019d522d20 0000000000000000 0000000000000000
00:00:15.936603 RC 00000000 00000000 00000000 00000000 00000000
00:00:15.936605 00000000fec00000-00000000fec00fff 0000000006ba1840 00007ff8ed905950 00007ff8ed9059e0 0000000000000000 0000000006ba1940 I/O APIC Memory
00:00:15.936608 R0 0000000006ba1840 fffff8019d5535a0 fffff8019d553680 0000000000000000 0000000000000000
00:00:15.936611 RC 00000000 00000000 00000000 00000000 00000000
00:00:15.936613 00000000fed00000-00000000fed00fff 0000000006ba1c50 00007ff8e7d1e400 00007ff8e7d1e5d0 0000000000000000 0000000006ba1d50 HPET Memory
00:00:15.936616 R0 0000000006ba1c50 fffff8019d529f50 fffff8019d52a120 0000000000000000 0000000000000000
00:00:15.936619 RC 00000000 00000000 00000000 00000000 00000000
00:00:15.936621 00000000fed1c000-00000000fed1ffff 00000000065dcc30 00007ff8ed9064b0 00007ff8ed9064e0 0000000000000000 00000000065dcd30 LPC Memory
00:00:15.936624 R0 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
00:00:15.936626 RC 00000000 00000000 00000000 00000000 00000000
00:00:15.936628 00000000fee00000-00000000fee00fff 0000000006b9f610 00007ff8ed903d80 00007ff8ed904d00 0000000000000000 0000000006b9f710 APIC Memory
00:00:15.936631 R0 0000000006b9f610 fffff8019d552bb0 fffff8019d5531c0 0000000000000000 0000000000000000
00:00:15.936634 RC 00000000 00000000 00000000 00000000 00000000
00:00:15.936637 !!
00:00:15.936637 !! {nat0}
00:00:15.936638 !!
00:00:15.936639 NAT parameters: MTU=1500
00:00:15.936640 NAT TCP ports:
00:00:15.936641 socket 4992:(proto:6) exp. in 0 state=SS_NOFDREF f_(addr:port)=10.0.2.2:19419 l_(addr:port)=10.0.2.15:22 name=127.0.0.1:2222
00:00:15.936668 socket 4600:(proto:6) exp. in 0 state=SS_FACCEPTCONN f_(addr:port)=10.0.2.2:2222 l_(addr:port)=10.0.2.15:22 name=127.0.0.1:2222
00:00:15.936679 NAT UDP ports:
00:00:15.936680 NAT ARP cache:
00:00:15.936680 10.0.2.15 08:00:27:9b:c9:65
00:00:15.936682 NAT rules:
00:00:15.936683 TCP 2222 => 10.0.2.15:22
00:00:15.936685 !!
00:00:15.936685 !! {nvram}
00:00:15.936686 !!
00:00:15.936687 NVRAM variables: 27
00:00:15.936689 Variable - fAttr=0x07 - '378d7b65-8da9-4773-b6e4-a47826a833e1:RTC' - cb=0x04
00:00:15.936692 0000000008c7ace0 0000: ff 07 00 00 ....
00:00:15.936695 Variable - fAttr=0x07 - '4c19049f-4137-4dd3-9c10-8b97a83ffdfa:MemoryTypeInformation' - cb=0x40
00:00:15.936697 0000000008d0e700 0000: 0a 00 00 00 04 00 00 00-09 00 00 00 0b 00 00 00 ................
00:00:15.936700 0000000008d0e710 0010: 00 00 00 00 04 00 00 00-06 00 00 00 24 00 00 00 ............$...
00:00:15.936703 0000000008d0e720 0020: 05 00 00 00 49 00 00 00-03 00 00 00 dd 01 00 00 ....I...........
00:00:15.936706 0000000008d0e730 0030: 04 00 00 00 1f 20 00 00-0e 00 00 00 00 00 00 00 ..... ..........
00:00:15.936709 Variable - fAttr=0x06 - '4d1ede05-38c7-4a6a-9cc6-4bcca8b38c14:BackgroundClear' - cb=0x04
00:00:15.936712 0000000008c7bd60 0000: 00 00 00 00 ....
00:00:15.936713 Variable - fAttr=0x07 - '4d1ede05-38c7-4a6a-9cc6-4bcca8b38c14:FirmwareFeatures' - cb=0x04
00:00:15.936716 0000000008c7c5a0 0000: 15 00 00 80 ....
00:00:15.936718 Variable - fAttr=0x07 - '4d1ede05-38c7-4a6a-9cc6-4bcca8b38c14:FirmwareFeaturesMask' - cb=0x04
00:00:15.936721 0000000008c7cde0 0000: ff 03 00 80 ....
00:00:15.936722 Variable - fAttr=0x06 - '4d1ede05-38c7-4a6a-9cc6-4bcca8b38c14:MLB' - cb=0x19a
00:00:15.936725 0000000008d0cd50 0000: e9 7f 00 00 00 fa bb 00-f0 8e db bb 7a ff 2e 66 ............z..f
00:00:15.936728 0000000008d0cd60 0010: 0f 01 80 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00:00:15.936731 0000000008d0cd70 0020: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00:00:15.936734 0000000008d0cd80 0030: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00:00:15.936736 0000000008d0cd90 0040: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00:00:15.936739 0000000008d0cda0 0050: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00:00:15.936742 0000000008d0cdb0 0060: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00:00:15.936744 0000000008d0cdc0 0070: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00:00:15.936747 0000000008d0cdd0 0080: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00:00:15.936750 0000000008d0cde0 0090: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00:00:15.936752 0000000008d0cdf0 00a0: 00 00 18 56 b7 7e 00 00-00 00 98 a7 b2 7e 00 00 ...V.~.......~..
00:00:15.936755 0000000008d0ce00 00b0: 00 00 00 a2 c4 7f 00 00-00 00 c2 00 00 00 00 00 ................
00:00:15.936758 0000000008d0ce10 00c0: 00 00 e8 2d c3 7f 00 00-00 00 70 2c c3 7f 00 00 ...-......p,....
00:00:15.936761 0000000008d0ce20 00d0: 00 00 d1 6d c3 7f 00 00-00 00 00 00 00 00 00 00 ...m............
00:00:15.936764 0000000008d0ce30 00e0: 00 00 d0 2d c3 7f 00 00-00 00 70 2c c3 7f 00 00 ...-......p,....
00:00:15.936767 0000000008d0ce40 00f0: 00 00 26 64 af 7f 00 00-00 00 00 00 00 00 00 00 ..&d............
00:00:15.936769 0000000008d0ce50 0100: 00 00 18 b1 b2 7e 00 00-00 00 00 00 00 00 00 00 .....~..........
00:00:15.936772 0000000008d0ce60 0110: 00 00 00 00 00 00 00 00-00 00 d0 2d c3 7f 00 00 ...........-....
00:00:15.936775 0000000008d0ce70 0120: 00 00 e0 2d c3 7f 00 00-00 00 50 2d c3 7f 00 00 ...-......P-....
00:00:15.936778 0000000008d0ce80 0130: 00 00 9e 92 af 7f 00 00-00 00 00 00 00 00 00 00 ................
00:00:15.936781 0000000008d0ce90 0140: 00 00 90 ac b0 7f 00 00-00 00 00 00 00 00 00 00 ................
00:00:15.936783 0000000008d0cea0 0150: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
00:00:15.936786 0000000008d0ceb0 0160: 00 00 08 2d c3 7f 00 00-00 00 00 00 00 00 00 00 ...-............
00:00:15.936789 0000000008d0cec0 0170: 00 00 d8 2c c3 7f 00 00-00 00 d0 2c c3 7f 00 00 ...,.......,....
00:00:15.936792 0000000008d0ced0 0180: 00 00 9f a5 af 7f 06 00-00 00 d0 2d c3 7f 00 00 ...........-....
00:00:15.936795 0000000008d0cee0 0190: 00 00 98 53 b3 7e 00 00-00 00 ...S.~....
00:00:15.936797 Variable - fAttr=0x06 - '4d1ede05-38c7-4a6a-9cc6-4bcca8b38c14:ROM' - cb=0x06
00:00:15.936800 String value (UTF-8,nz): "CƒÃ"
00:00:15.936801 Variable - fAttr=0x06 - '7c436110-ab2a-4bbb-a880-fe41995c9f82:boot-args' - cb=0x24
00:00:15.936803 String value (UTF-8): "usb=0x800 keepsyms=1 -v -serial=0x1"
00:00:15.936804 Variable - fAttr=0x07 - '7c436110-ab2a-4bbb-a880-fe41995c9f82:platform-uuid' - cb=0x10
00:00:15.936807 String value (UTF-8,nz): "pénÊ՗GRƒµMƒÿ†Ï‰"
00:00:15.936808 Variable - fAttr=0x07 - '8be4df61-93ca-11d2-aa0d-00e098032b8c:Boot0000' - cb=0xb2
00:00:15.936810 0000000008d122f0 0000: 01 00 00 00 9a 00 4d 00-61 00 63 00 20 00 42 00 ......M.a.c. .B.
00:00:15.936813 0000000008d12300 0010: 6f 00 6f 00 74 00 00 00-02 01 0c 00 d0 41 03 0a o.o.t........A..
00:00:15.936816 0000000008d12310 0020: 00 00 00 00 01 01 06 00-02 1f 03 12 0a 00 00 00 ................
00:00:15.936819 0000000008d12320 0030: 00 00 00 00 04 01 2a 00-02 00 00 00 28 40 06 00 ......*.....(@..
00:00:15.936821 0000000008d12330 0040: 00 00 00 00 30 2c ac 03-00 00 00 00 86 9e ef ed ....0,..........
00:00:15.936824 0000000008d12340 0050: 2f f7 e3 4e 83 89 36 42-55 5d 62 13 02 02 04 04 /..N..6BU]b.....
00:00:15.936827 0000000008d12350 0060: 50 00 5c 00 53 00 79 00-73 00 74 00 65 00 6d 00 P.\.S.y.s.t.e.m.
00:00:15.936830 0000000008d12360 0070: 5c 00 4c 00 69 00 62 00-72 00 61 00 72 00 79 00 \.L.i.b.r.a.r.y.
00:00:15.936833 0000000008d12370 0080: 5c 00 43 00 6f 00 72 00-65 00 53 00 65 00 72 00 \.C.o.r.e.S.e.r.
00:00:15.936836 0000000008d12380 0090: 76 00 69 00 63 00 65 00-73 00 5c 00 62 00 6f 00 v.i.c.e.s.\.b.o.
00:00:15.936839 0000000008d12390 00a0: 6f 00 74 00 2e 00 65 00-66 00 69 00 00 00 7f ff o.t...e.f.i.....
00:00:15.936841 0000000008d123a0 00b0: 04 00 ..
00:00:15.936843 Variable - fAttr=0x07 - '8be4df61-93ca-11d2-aa0d-00e098032b8c:Boot0001' - cb=0x42
00:00:15.936846 0000000008d0ef90 0000: 01 00 00 00 20 00 45 00-46 00 49 00 20 00 44 00 .... .E.F.I. .D.
00:00:15.936848 0000000008d0efa0 0010: 56 00 44 00 2f 00 43 00-44 00 52 00 4f 00 4d 00 V.D./.C.D.R.O.M.
00:00:15.936851 0000000008d0efb0 0020: 00 00 02 01 0c 00 d0 41-03 0a 00 00 00 00 01 01 .......A........
00:00:15.936854 0000000008d0efc0 0030: 06 00 02 1f 03 12 0a 00-01 00 00 00 00 00 7f ff ................
00:00:15.936857 0000000008d0efd0 0040: 04 00 ..
00:00:15.936858 Variable - fAttr=0x07 - '8be4df61-93ca-11d2-aa0d-00e098032b8c:Boot0002' - cb=0x44
00:00:15.936861 0000000008d0d5e0 0000: 01 00 00 00 20 00 45 00-46 00 49 00 20 00 48 00 .... .E.F.I. .H.
00:00:15.936864 0000000008d0d5f0 0010: 61 00 72 00 64 00 20 00-44 00 72 00 69 00 76 00 a.r.d. .D.r.i.v.
00:00:15.936867 0000000008d0d600 0020: 65 00 00 00 02 01 0c 00-d0 41 03 0a 00 00 00 00 e........A......
00:00:15.936869 0000000008d0d610 0030: 01 01 06 00 02 1f 03 12-0a 00 00 00 00 00 00 00 ................
00:00:15.936872 0000000008d0d620 0040: 7f ff 04 00 ....
00:00:15.936874 Variable - fAttr=0x07 - '8be4df61-93ca-11d2-aa0d-00e098032b8c:Boot0003' - cb=0x5c
00:00:15.936876 0000000008d12b80 0000: 01 00 00 00 30 00 45 00-46 00 49 00 20 00 49 00 ....0.E.F.I. .I.
00:00:15.936879 0000000008d12b90 0010: 6e 00 74 00 65 00 72 00-6e 00 61 00 6c 00 20 00 n.t.e.r.n.a.l. .
00:00:15.936882 0000000008d12ba0 0020: 53 00 68 00 65 00 6c 00-6c 00 00 00 01 03 18 00 S.h.e.l.l.......
00:00:15.936885 0000000008d12bb0 0030: 0b 00 00 00 00 f0 c4 7f-00 00 00 00 ff ef fb 7f ................
00:00:15.936888 0000000008d12bc0 0040: 00 00 00 00 04 06 14 00-83 a5 04 7c 3e 9e 1c 4f ...........|>..O
00:00:15.936891 0000000008d12bd0 0050: ad 65 e0 52 68 d0 b4 d1-7f ff 04 00 .e.Rh.......
00:00:15.936893 Variable - fAttr=0x06 - '8be4df61-93ca-11d2-aa0d-00e098032b8c:BootCurrent' - cb=0x02
00:00:15.936896 0000000008d13410 0000: 00 00 ..
00:00:15.936897 Variable - fAttr=0x06 - '8be4df61-93ca-11d2-aa0d-00e098032b8c:BootOptionSupport' - cb=0x04
00:00:15.936900 0000000008c7de60 0000: 03 03 00 00 ....
00:00:15.936902 Variable - fAttr=0x07 - '8be4df61-93ca-11d2-aa0d-00e098032b8c:BootOrder' - cb=0x08
00:00:15.936905 0000000008d10940 0000: 00 00 01 00 02 00 03 00 ........
00:00:15.936907 Variable - fAttr=0x07 - '8be4df61-93ca-11d2-aa0d-00e098032b8c:ConIn' - cb=0x22
00:00:15.936909 00000000049b8b30 0000: 02 01 0c 00 d0 41 03 0a-00 00 00 00 01 01 06 00 .....A..........
00:00:15.936912 00000000049b8b40 0010: 00 1f 02 01 0c 00 d0 41-03 03 00 00 00 00 7f ff .......A........
00:00:15.936915 00000000049b8b50 0020: 04 00 ..
00:00:15.936916 Variable - fAttr=0x06 - '8be4df61-93ca-11d2-aa0d-00e098032b8c:ConInDev' - cb=0x22
00:00:15.936919 0000000008d100b0 0000: 02 01 0c 00 d0 41 03 0a-00 00 00 00 01 01 06 00 .....A..........
00:00:15.936922 0000000008d100c0 0010: 00 1f 02 01 0c 00 d0 41-03 03 00 00 00 00 7f ff .......A........
00:00:15.936925 0000000008d100d0 0020: 04 00 ..
00:00:15.936926 Variable - fAttr=0x07 - '8be4df61-93ca-11d2-aa0d-00e098032b8c:ConOut' - cb=0x1e
00:00:15.936929 00000000065d1fb0 0000: 02 01 0c 00 d0 41 03 0a-00 00 00 00 01 01 06 00 .....A..........
00:00:15.936931 00000000065d1fc0 0010: 00 02 02 03 08 00 00 01-01 80 7f ff 04 00 ..............
00:00:15.936934 Variable - fAttr=0x06 - '8be4df61-93ca-11d2-aa0d-00e098032b8c:ConOutDev' - cb=0x1e
00:00:15.936937 0000000001fa26b0 0000: 02 01 0c 00 d0 41 03 0a-00 00 00 00 01 01 06 00 .....A..........
00:00:15.936940 0000000001fa26c0 0010: 00 02 02 03 08 00 00 01-01 80 7f ff 04 00 ..............
00:00:15.936942 Variable - fAttr=0x07 - '8be4df61-93ca-11d2-aa0d-00e098032b8c:Lang' - cb=0x04
00:00:15.936945 String value (UTF-8): "eng"
00:00:15.936946 Variable - fAttr=0x06 - '8be4df61-93ca-11d2-aa0d-00e098032b8c:LangCodes' - cb=0x0d
00:00:15.936948 String value (UTF-8): "engfraengfra"
00:00:15.936949 Variable - fAttr=0x07 - '8be4df61-93ca-11d2-aa0d-00e098032b8c:PlatformLang' - cb=0x06
00:00:15.936952 String value (UTF-8): "en-US"
00:00:15.936953 Variable - fAttr=0x06 - '8be4df61-93ca-11d2-aa0d-00e098032b8c:PlatformLangCodes' - cb=0x12
00:00:15.936955 String value (UTF-8): "en;fr;en-US;fr-FR"
00:00:15.936956 Variable - fAttr=0x07 - 'e660597e-b94d-4209-9c80-1805b5d19b69:Test0' - cb=0x10
00:00:15.936959 String value (UTF-8): "This is test!!!"
00:00:15.936960 Variable - fAttr=0x07 - 'e660597e-b94d-4209-9c80-1805b5d19b69:Test1' - cb=0x20
00:00:15.936962 String value (UTF-16): "This is test!!!"
00:00:15.936964 Variable - fAttr=0x07 - 'eb704011-1402-11d3-8e77-00a0c969723b:MTC' - cb=0x04
00:00:15.936967 0000000008c7b520 0000: 01 00 00 00 ....
00:00:15.936969 !!
00:00:15.936969 !! {ohci}
00:00:15.936969 !!
00:00:15.936970 HcControl: 00000200 - CBSR=0 PLE=0 IE=0 CLE=0 BLE=0 HCFS=0x0 IR=0 RWC=1 RWE=0
00:00:15.936973 HcCommandStatus: 00000000 - HCR=0 CLF=0 BLF=0 OCR=0 SOC=0
00:00:15.936974 HcInterruptStatus: 00000040 - SO=0 WDH=0 SF=0 RD=0 UE=0 FNO=0 RHSC=1 OC=0
00:00:15.936976 HcInterruptEnable: 80000000 - SO=0 WDH=0 SF=0 RD=0 UE=0 FNO=0 RHSC=0 OC=0 MIE=1
00:00:15.936978 HcHCCA: 00000000
00:00:15.936978 HcPeriodCurrentED: 00000000
00:00:15.936979 HcControlHeadED: 00000000
00:00:15.936980 HcControlCurrentED: 00000000
00:00:15.936980 HcBulkHeadED: 00000000
00:00:15.936981 HcBulkCurrentED: 00000000
00:00:15.936982 HcDoneHead: 00000000
00:00:15.936982
00:00:15.936983 !!
00:00:15.936984 !! {pci}
00:00:15.936984 !!
00:00:15.936985 Invalid argument. Recognized arguments are 'basic', 'verbose'.
00:00:15.936988 !!
00:00:15.936989 !! {pdmtracingids}
00:00:15.936989 !!
00:00:15.936990 Device tracing IDs:
00:00:15.936991 00001 pcarch
00:00:15.936992 00002 smc
00:00:15.936993 00003 efi
00:00:15.936994 00004 ich9pci
00:00:15.936995 00005 ich9pcibridge
00:00:15.936996 00006 ich9pcibridge
00:00:15.936996 00007 pckbd
00:00:15.936997 00008 apic
00:00:15.936998 00009 i8259
00:00:15.936999 00010 ioapic
00:00:15.937000 00011 hpet
00:00:15.937001 00012 i8254
00:00:15.937001 00013 mc146818
00:00:15.937003 00014 8237A
00:00:15.937004 00015 VMMDev
00:00:15.937004 00016 vga
00:00:15.937005 00017 ahci
00:00:15.937006 00018 e1000
00:00:15.937007 00019 e1000
00:00:15.937008 00020 usb-ohci
00:00:15.937008 00021 acpi
00:00:15.937009 00022 GIMDev
00:00:15.937010 00023 lpc
00:00:15.937011 USB device tracing IDs:
00:00:15.937012 01045 HidKeyboard
00:00:15.937013 01048 HidMouse
00:00:15.937013 Driver tracing IDs:
00:00:15.937014 01025 NvramStorage (level 0, lun 0, dev efi)
00:00:15.937016 01026 KeyboardQueue (level 0, lun 0, dev pckbd)
00:00:15.937018 01027 MainKeyboard (level 1, lun 0, dev pckbd)
00:00:15.937019 01028 MouseQueue (level 0, lun 1, dev pckbd)
00:00:15.937021 01029 MainMouse (level 1, lun 1, dev pckbd)
00:00:15.937022 01030 HGCM (level 0, lun 0, dev VMMDev)
00:00:15.937024 01031 MainStatus (level 0, lun 999, dev VMMDev)
00:00:15.937025 01032 MainDisplay (level 0, lun 0, dev vga)
00:00:15.937027 01033 MainStatus (level 0, lun 999, dev vga)
00:00:15.937028 01034 Block (level 0, lun 0, dev ahci)
00:00:15.937030 01035 VD (level 1, lun 0, dev ahci)
00:00:15.937031 01036 Block (level 0, lun 1, dev ahci)
00:00:15.937032 01037 MainStatus (level 0, lun 999, dev ahci)
00:00:15.937034 01038 MainStatus (level 0, lun 999, dev e1000)
00:00:15.937035 01039 NAT (level 0, lun 0, dev e1000)
00:00:15.937036 01040 MainStatus (level 0, lun 999, dev e1000)
00:00:15.937037 01041 IntNet (level 0, lun 0, dev e1000)
00:00:15.937039 01042 VUSBRootHub (level 0, lun 0, dev usb-ohci)
00:00:15.937040 01043 MainStatus (level 0, lun 999, dev usb-ohci)
00:00:15.937042 01044 ACPIHost (level 0, lun 0, dev acpi)
00:00:15.937043 01046 KeyboardQueue (level 0, lun 0, dev HidKeyboard)
00:00:15.937044 01047 MainKeyboard (level 1, lun 0, dev HidKeyboard)
00:00:15.937046 01049 MouseQueue (level 0, lun 0, dev HidMouse)
00:00:15.937047 01050 MainMouse (level 1, lun 0, dev HidMouse)
00:00:15.937049 !!
00:00:15.937049 !! {phys}
00:00:15.937050 !!
00:00:15.937051 RAM ranges (pVM=0000000004dd0000)
00:00:15.937051 GC Phys Range pvHC
00:00:15.937053 0000000000000000-000000007fffffff 0000000000000000 Base RAM
00:00:15.937055 0000000080000000-0000000087ffffff 000000000a240000 VRam
00:00:15.937056 0000000088000000-00000000883fffff 0000000009d40000 VMMDev
00:00:15.937058 0000000088400000-000000008841ffff 0000000000000000 E1000
00:00:15.937059 0000000088420000-000000008843ffff 0000000000000000 E1000 [1]
00:00:15.937061 0000000088440000-0000000088443fff 0000000009aa0000 VMMDev Heap
00:00:15.937063 0000000088444000-0000000088445fff 0000000000000000 AHCI
00:00:15.937064 0000000088446000-0000000088446fff 0000000000000000 USB OHCI
00:00:15.937066 00000000dc000000-00000000dfffffff 0000000000000000 MCFG ranges
00:00:15.937067 00000000fec00000-00000000fec00fff 0000000000000000 I/O APIC Memory
00:00:15.937069 00000000fed00000-00000000fed00fff 0000000000000000 HPET Memory
00:00:15.937070 00000000fed1c000-00000000fed1ffff 0000000000000000 LPC Memory
00:00:15.937072 00000000fee00000-00000000fee00fff 0000000000000000 APIC Memory
00:00:15.937073 00000000fff00000-00000000fff3ffff 0000000000000000 EFI Firmware Volume
00:00:15.937075 00000000fff40000-00000000fff7ffff 0000000000000000 EFI Firmware Volume (Part 2)
00:00:15.937076 00000000fff80000-00000000fffbffff 0000000000000000 EFI Firmware Volume (Part 3)
00:00:15.937078 00000000fffc0000-00000000ffffffff 0000000000000000 EFI Firmware Volume (Part 4)
00:00:15.937080 !!
00:00:15.937080 !! {pic}
00:00:15.937081 !!
00:00:15.937082 PIC0:
00:00:15.937082 IMR :ff ISR :00 IRR :00 LIRR:00
00:00:15.937084 Base:68 PriAdd:00 RegSel:00
00:00:15.937085 Poll:00 SpMask:00 IState:00
00:00:15.937086 AEOI:00 Rotate:00 FNest :00 Ini4:01
00:00:15.937086 ELCR:00 ELMask:f8
00:00:15.937087 PIC1:
00:00:15.937088 IMR :ff ISR :00 IRR :00 LIRR:00
00:00:15.937089 Base:70 PriAdd:00 RegSel:00
00:00:15.937090 Poll:00 SpMask:00 IState:00
00:00:15.937091 AEOI:00 Rotate:00 FNest :00 Ini4:01
00:00:15.937092 ELCR:00 ELMask:de
00:00:15.937093 !!
00:00:15.937093 !! {pit}
00:00:15.937094 !!
00:00:15.937095 PIT (i8254) channel 0 status: irq=0x0
00:00:15.937095 count=00002e9c latched_count=0000 count_latched=00
00:00:15.937096 status=00 status_latched=00 read_state=03
00:00:15.937097 write_state=03 write_latch=9c rw_mode=03
00:00:15.937098 mode=03 bcd=00 gate=01
00:00:15.937099 count_load_time=000000001e1f033a next_transition_time=000000022ed2836d
00:00:15.937100 u64ReloadTS=000000022e39ec56 u64NextTS=000000022ed2836d
00:00:15.937102 PIT (i8254) channel 1 status: irq=0x0
00:00:15.937103 count=00010000 latched_count=0000 count_latched=00
00:00:15.937104 status=00 status_latched=00 read_state=00
00:00:15.937105 write_state=00 write_latch=00 rw_mode=00
00:00:15.937106 mode=03 bcd=00 gate=01
00:00:15.937106 count_load_time=0000000000000000 next_transition_time=0000000000000000
00:00:15.937107 u64ReloadTS=0000000000000000 u64NextTS=ffffffffffffffff
00:00:15.937109 PIT (i8254) channel 2 status: irq=0x0
00:00:15.937110 count=00010000 latched_count=0000 count_latched=00
00:00:15.937111 status=00 status_latched=00 read_state=00
00:00:15.937112 write_state=00 write_latch=00 rw_mode=00
00:00:15.937112 mode=03 bcd=00 gate=00
00:00:15.937113 count_load_time=0000000000000000 next_transition_time=0000000000000000
00:00:15.937114 u64ReloadTS=0000000000000000 u64NextTS=ffffffffffffffff
00:00:15.937116 speaker_data_on=0x0
00:00:15.937117 !!
00:00:15.937117 !! {plugins}
00:00:15.937118 !!
00:00:15.937119 No plug-ins loaded
00:00:15.937120 !!
00:00:15.937120 !! {ps2k}
00:00:15.937120 !!
00:00:15.937122 PS/2 Keyboard: scan set 2, scanning enabled
00:00:15.937122 Active command 00
00:00:15.937123 LED state 00, Num Lock off
00:00:15.937124 Typematic delay 500ms, repeat period 91ms
00:00:15.937125 Command queue: 0 items (4 max)
00:00:15.937126 Input queue : 0 items (64 max)
00:00:15.937127 !!
00:00:15.937127 !! {ps2m}
00:00:15.937128 !!
00:00:15.937129 PS/2 mouse state: normal, stream mode, reporting disabled
00:00:15.937130 Protocol: PS/2, scaling 1:1
00:00:15.937131 Active command 00
00:00:15.937131 Sampling rate 100 reports/sec, resolution 4 counts/mm
00:00:15.937132 Command queue: 0 items (8 max)
00:00:15.937133 Event queue : 0 items (256 max)
00:00:15.937134 !!
00:00:15.937135 !! {rtc}
00:00:15.937135 !!
00:00:15.937136 Time: 16:19:09 Date: 15-08-02
00:00:15.937137 REG A=26 B=02 C=00 D=80
00:00:15.937139 !!
00:00:15.937139 !! {tracebuf}
00:00:15.937140 !!
00:00:15.937141 Tracing is disable
00:00:15.937142 !!
00:00:15.937142 !! {vbe}
00:00:15.937142 !!
00:00:15.937144 LFB at 0000000080000000
00:00:15.937145 VBE state (chip ID 0xb0c0):
00:00:15.937146 Display resolution: 1024 x 768 @ 32bpp
00:00:15.937147 Virtual resolution: 1024 x 65535
00:00:15.937148 Display start addr: 0, 0
00:00:15.937148 Linear scanline pitch: 0x1000
00:00:15.937149 Linear display start : 0x0000
00:00:15.937150 Selected bank: 0x0000
00:00:15.937151 !!
00:00:15.937151 !! {vga}
00:00:15.937152 !!
00:00:15.937153 pixel clock: Reserved?!
00:00:15.937153 double scanning off
00:00:15.937154 double clocking off
00:00:15.937155 htotal: 1344 px (168 cclk)
00:00:15.937156 vtotal: 810 px
00:00:15.937156 hdisp : 1024 px (128 cclk)
00:00:15.937157 vdisp : 1280 px
00:00:15.937158 split : 1023 ln
00:00:15.937159 start : 0x0
00:00:15.937160 display refresh interval: 20 ms
00:00:15.937161 !!
00:00:15.937161 !! {vgaar}
00:00:15.937162 !!
00:00:15.937162 VGA Attribute Controller (3C0): index reg 20, flip-flop: 1 (data)
00:00:15.937163 Palette: 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
00:00:15.937167 AR10:41 AR11:00 AR12:0F AR13:00 AR14:00
00:00:15.937169 !!
00:00:15.937169 !! {vgacr}
00:00:15.937170 !!
00:00:15.937171 VGA CRTC (3D5): CRTC index 3D4:18
00:00:15.937171 CR00:A3 CR01:7F CR02:81 CR03:90 CR04:88 CR05:05 CR06:28 CR07:FD CR08:00 CR09:60
00:00:15.937175 CR0A:00 CR0B:00 CR0C:00 CR0D:00 CR0E:00 CR0F:00 CR10:06 CR11:0F CR12:FF CR13:40
00:00:15.937178 CR14:4F CR15:05 CR16:1A CR17:E3 CR18:FF
00:00:15.937181 !!
00:00:15.937181 !! {vgadac}
00:00:15.937181 !!
00:00:15.937182 VGA DAC contents:
00:00:15.937182 00: 00 00 00
00:00:15.937183 01: 00 00 00
00:00:15.937184 02: 00 00 00
00:00:15.937185 03: 00 00 00
00:00:15.937186 04: 00 00 00
00:00:15.937187 05: 00 00 00
00:00:15.937187 06: 00 00 00
00:00:15.937188 07: 00 00 00
00:00:15.937189 08: 00 00 00
00:00:15.937190 09: 00 00 00
00:00:15.937191 0A: 00 00 00
00:00:15.937192 0B: 00 00 00
00:00:15.937192 0C: 00 00 00
00:00:15.937193 0D: 00 00 00
00:00:15.937194 0E: 00 00 00
00:00:15.937195 0F: 00 00 00
00:00:15.937196 10: 00 00 00
00:00:15.937196 11: 00 00 00
00:00:15.937197 12: 00 00 00
00:00:15.937198 13: 00 00 00
00:00:15.937199 14: 00 00 00
00:00:15.937200 15: 00 00 00
00:00:15.937201 16: 00 00 00
00:00:15.937201 17: 00 00 00
00:00:15.937202 18: 00 00 00
00:00:15.937203 19: 00 00 00
00:00:15.937204 1A: 00 00 00
00:00:15.937205 1B: 00 00 00
00:00:15.937206 1C: 00 00 00
00:00:15.937206 1D: 00 00 00
00:00:15.937207 1E: 00 00 00
00:00:15.937208 1F: 00 00 00
00:00:15.937209 20: 00 00 00
00:00:15.937210 21: 00 00 00
00:00:15.937211 22: 00 00 00
00:00:15.937211 23: 00 00 00
00:00:15.937212 24: 00 00 00
00:00:15.937213 25: 00 00 00
00:00:15.937214 26: 00 00 00
00:00:15.937215 27: 00 00 00
00:00:15.937216 28: 00 00 00
00:00:15.937216 29: 00 00 00
00:00:15.937217 2A: 00 00 00
00:00:15.937218 2B: 00 00 00
00:00:15.937219 2C: 00 00 00
00:00:15.937220 2D: 00 00 00
00:00:15.937221 2E: 00 00 00
00:00:15.937221 2F: 00 00 00
00:00:15.937222 30: 00 00 00
00:00:15.937223 31: 00 00 00
00:00:15.937224 32: 00 00 00
00:00:15.937225 33: 00 00 00
00:00:15.937226 34: 00 00 00
00:00:15.937226 35: 00 00 00
00:00:15.937227 36: 00 00 00
00:00:15.937228 37: 00 00 00
00:00:15.937229 38: 00 00 00
00:00:15.937230 39: 00 00 00
00:00:15.937231 3A: 00 00 00
00:00:15.937231 3B: 00 00 00
00:00:15.937232 3C: 00 00 00
00:00:15.937233 3D: 00 00 00
00:00:15.937234 3E: 00 00 00
00:00:15.937235 3F: 00 00 00
00:00:15.937235 40: 00 00 00
00:00:15.937236 41: 00 00 00
00:00:15.937237 42: 00 00 00
00:00:15.937238 43: 00 00 00
00:00:15.937239 44: 00 00 00
00:00:15.937240 45: 00 00 00
00:00:15.937240 46: 00 00 00
00:00:15.937241 47: 00 00 00
00:00:15.937242 48: 00 00 00
00:00:15.937243 49: 00 00 00
00:00:15.937244 4A: 00 00 00
00:00:15.937245 4B: 00 00 00
00:00:15.937245 4C: 00 00 00
00:00:15.937246 4D: 00 00 00
00:00:15.937247 4E: 00 00 00
00:00:15.937248 4F: 00 00 00
00:00:15.937249 50: 00 00 00
00:00:15.937250 51: 00 00 00
00:00:15.937250 52: 00 00 00
00:00:15.937251 53: 00 00 00
00:00:15.937252 54: 00 00 00
00:00:15.937253 55: 00 00 00
00:00:15.937254 56: 00 00 00
00:00:15.937255 57: 00 00 00
00:00:15.937255 58: 00 00 00
00:00:15.937256 59: 00 00 00
00:00:15.937257 5A: 00 00 00
00:00:15.937258 5B: 00 00 00
00:00:15.937259 5C: 00 00 00
00:00:15.937260 5D: 00 00 00
00:00:15.937260 5E: 00 00 00
00:00:15.937261 5F: 00 00 00
00:00:15.937262 60: 00 00 00
00:00:15.937263 61: 00 00 00
00:00:15.937264 62: 00 00 00
00:00:15.937265 63: 00 00 00
00:00:15.937265 64: 00 00 00
00:00:15.937266 65: 00 00 00
00:00:15.937267 66: 00 00 00
00:00:15.937268 67: 00 00 00
00:00:15.937269 68: 00 00 00
00:00:15.937270 69: 00 00 00
00:00:15.937270 6A: 00 00 00
00:00:15.937271 6B: 00 00 00
00:00:15.937272 6C: 00 00 00
00:00:15.937273 6D: 00 00 00
00:00:15.937274 6E: 00 00 00
00:00:15.937275 6F: 00 00 00
00:00:15.937275 70: 00 00 00
00:00:15.937276 71: 00 00 00
00:00:15.937277 72: 00 00 00
00:00:15.937278 73: 00 00 00
00:00:15.937279 74: 00 00 00
00:00:15.937280 75: 00 00 00
00:00:15.937280 76: 00 00 00
00:00:15.937281 77: 00 00 00
00:00:15.937282 78: 00 00 00
00:00:15.937283 79: 00 00 00
00:00:15.937284 7A: 00 00 00
00:00:15.937285 7B: 00 00 00
00:00:15.937285 7C: 00 00 00
00:00:15.937286 7D: 00 00 00
00:00:15.937287 7E: 00 00 00
00:00:15.937288 7F: 00 00 00
00:00:15.937289 80: 00 00 00
00:00:15.937289 81: 00 00 00
00:00:15.937290 82: 00 00 00
00:00:15.937291 83: 00 00 00
00:00:15.937292 84: 00 00 00
00:00:15.937293 85: 00 00 00
00:00:15.937294 86: 00 00 00
00:00:15.937294 87: 00 00 00
00:00:15.937295 88: 00 00 00
00:00:15.937296 89: 00 00 00
00:00:15.937297 8A: 00 00 00
00:00:15.937298 8B: 00 00 00
00:00:15.937299 8C: 00 00 00
00:00:15.937299 8D: 00 00 00
00:00:15.937300 8E: 00 00 00
00:00:15.937301 8F: 00 00 00
00:00:15.937302 90: 00 00 00
00:00:15.937303 91: 00 00 00
00:00:15.937304 92: 00 00 00
00:00:15.937304 93: 00 00 00
00:00:15.937305 94: 00 00 00
00:00:15.937306 95: 00 00 00
00:00:15.937307 96: 00 00 00
00:00:15.937308 97: 00 00 00
00:00:15.937309 98: 00 00 00
00:00:15.937309 99: 00 00 00
00:00:15.937310 9A: 00 00 00
00:00:15.937311 9B: 00 00 00
00:00:15.937312 9C: 00 00 00
00:00:15.937313 9D: 00 00 00
00:00:15.937314 9E: 00 00 00
00:00:15.937314 9F: 00 00 00
00:00:15.937315 A0: 00 00 00
00:00:15.937316 A1: 00 00 00
00:00:15.937317 A2: 00 00 00
00:00:15.937318 A3: 00 00 00
00:00:15.937319 A4: 00 00 00
00:00:15.937319 A5: 00 00 00
00:00:15.937320 A6: 00 00 00
00:00:15.937321 A7: 00 00 00
00:00:15.937322 A8: 00 00 00
00:00:15.937323 A9: 00 00 00
00:00:15.937324 AA: 00 00 00
00:00:15.937324 AB: 00 00 00
00:00:15.937325 AC: 00 00 00
00:00:15.937326 AD: 00 00 00
00:00:15.937327 AE: 00 00 00
00:00:15.937328 AF: 00 00 00
00:00:15.937329 B0: 00 00 00
00:00:15.937329 B1: 00 00 00
00:00:15.937330 B2: 00 00 00
00:00:15.937331 B3: 00 00 00
00:00:15.937332 B4: 00 00 00
00:00:15.937333 B5: 00 00 00
00:00:15.937334 B6: 00 00 00
00:00:15.937334 B7: 00 00 00
00:00:15.937335 B8: 00 00 00
00:00:15.937336 B9: 00 00 00
00:00:15.937337 BA: 00 00 00
00:00:15.937338 BB: 00 00 00
00:00:15.937339 BC: 00 00 00
00:00:15.937339 BD: 00 00 00
00:00:15.937340 BE: 00 00 00
00:00:15.937341 BF: 00 00 00
00:00:15.937342 C0: 00 00 00
00:00:15.937343 C1: 00 00 00
00:00:15.937344 C2: 00 00 00
00:00:15.937344 C3: 00 00 00
00:00:15.937345 C4: 00 00 00
00:00:15.937346 C5: 00 00 00
00:00:15.937347 C6: 00 00 00
00:00:15.937348 C7: 00 00 00
00:00:15.937349 C8: 00 00 00
00:00:15.937349 C9: 00 00 00
00:00:15.937350 CA: 00 00 00
00:00:15.937351 CB: 00 00 00
00:00:15.937352 CC: 00 00 00
00:00:15.937353 CD: 00 00 00
00:00:15.937353 CE: 00 00 00
00:00:15.937354 CF: 00 00 00
00:00:15.937355 D0: 00 00 00
00:00:15.937356 D1: 00 00 00
00:00:15.937357 D2: 00 00 00
00:00:15.937358 D3: 00 00 00
00:00:15.937358 D4: 00 00 00
00:00:15.937359 D5: 00 00 00
00:00:15.937360 D6: 00 00 00
00:00:15.937361 D7: 00 00 00
00:00:15.937362 D8: 00 00 00
00:00:15.937363 D9: 00 00 00
00:00:15.937363 DA: 00 00 00
00:00:15.937364 DB: 00 00 00
00:00:15.937365 DC: 00 00 00
00:00:15.937366 DD: 00 00 00
00:00:15.937367 DE: 00 00 00
00:00:15.937368 DF: 00 00 00
00:00:15.937368 E0: 00 00 00
00:00:15.937369 E1: 00 00 00
00:00:15.937370 E2: 00 00 00
00:00:15.937371 E3: 00 00 00
00:00:15.937372 E4: 00 00 00
00:00:15.937373 E5: 00 00 00
00:00:15.937373 E6: 00 00 00
00:00:15.937374 E7: 00 00 00
00:00:15.937375 E8: 00 00 00
00:00:15.937376 E9: 00 00 00
00:00:15.937377 EA: 00 00 00
00:00:15.937378 EB: 00 00 00
00:00:15.937378 EC: 00 00 00
00:00:15.937379 ED: 00 00 00
00:00:15.937380 EE: 00 00 00
00:00:15.937381 EF: 00 00 00
00:00:15.937382 F0: 00 00 00
00:00:15.937383 F1: 00 00 00
00:00:15.937383 F2: 00 00 00
00:00:15.937384 F3: 00 00 00
00:00:15.937385 F4: 00 00 00
00:00:15.937386 F5: 00 00 00
00:00:15.937387 F6: 00 00 00
00:00:15.937388 F7: 00 00 00
00:00:15.937388 F8: 00 00 00
00:00:15.937389 F9: 00 00 00
00:00:15.937390 FA: 00 00 00
00:00:15.937391 FB: 00 00 00
00:00:15.937392 FC: 00 00 00
00:00:15.937393 FD: 00 00 00
00:00:15.937393 FE: 00 00 00
00:00:15.937394 FF: 00 00 00
00:00:15.937396 !!
00:00:15.937396 !! {vgagr}
00:00:15.937396 !!
00:00:15.937397 VGA Graphics Controller (3CF): GR index 3CE:08
00:00:15.937398 GR00:00 GR01:00 GR02:00 GR03:00 GR04:00 GR05:40 GR06:05 GR07:0F GR08:FF
00:00:15.937401 !!
00:00:15.937401 !! {vgapl}
00:00:15.937402 !!
00:00:15.937403 read mode : 0 write mode: 0
00:00:15.937403 set/reset data: 00 S/R enable: 00
00:00:15.937404 color compare : 00 read map : 0
00:00:15.937405 rotate : 0 function : 0
00:00:15.937406 don't care : 0F bit mask : FF
00:00:15.937407 seq plane mask: 0F chain-4 : on
00:00:15.937408 !!
00:00:15.937408 !! {vgasr}
00:00:15.937409 !!
00:00:15.937409 VGA Sequencer (3C5): SR index 3C4:00
00:00:15.937410 SR00:03 SR01:01 SR02:0F SR03:00 SR04:0A
00:00:15.937412 !!
00:00:15.937412 !! {vgatext}
00:00:15.937413 !!
00:00:15.937414 Not in text mode!
00:00:15.937415 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
00:00:15.937444 emR3Debug: rc=VINF_EM_TRIPLE_FAULT
00:00:16.942852 Changing the VM state from 'RUNNING' to 'GURU_MEDITATION'
00:00:16.942900 Console: Machine state changed to 'GuruMeditation'
00:00:45.589037 Console: Machine state changed to 'Stopping'
00:00:45.594577 Console::powerDown(): A request to power off the VM has been issued (mMachineState=Stopping, InUninit=0)
00:00:45.596540 Display::handleDisplayResize: uScreenId=0 pvVRAM=000000000a240000 w=1024 h=768 bpp=32 cbLine=0x1000 flags=0x1
00:00:45.596616 GUI: UIFrameBufferPrivate::NotifyChange: Screen=0, Origin=0x0, Size=1024x768, Sending to async-handler
00:00:45.603364 Changing the VM state from 'GURU_MEDITATION' to 'POWERING_OFF'
00:00:45.603418 ****************** Guest state at power off ******************
00:00:45.603426 Guest CPUM (VCPU 0) state:
00:00:45.603429 rax=0000000000000470 rbx=000000000000000e rcx=0000000000000000 rdx=ffffff80234364b0
00:00:45.603434 rsi=0000000000000008 rdi=0000000000000055 r8 =0000000000000003 r9 =0000000000000000
00:00:45.603436 r10=0000000000000001 r11=000000000000013d r12=ffffff802310bec4 r13=ffffff8023abd000
00:00:45.603438 r14=0000000000000200 r15=ffffff8023106f40
00:00:45.603440 rip=ffffff8023435d5d rsp=ffffff8023106f40 rbp=ffffff802310bf20 iopl=0 nv up di pl nz na po nc
00:00:45.603443 cs={0008 base=0000000000000000 limit=ffffffff flags=0000a09b}
00:00:45.603445 ds={0000 base=0000000000000000 limit=ffffffff flags=00000000}
00:00:45.603446 es={0000 base=0000000000000000 limit=ffffffff flags=00000000}
00:00:45.603448 fs={0000 base=0000000000000000 limit=ffffffff flags=00000000}
00:00:45.603449 gs={0000 base=ffffff8023a29dc0 limit=ffffffff flags=00000000}
00:00:45.603451 ss={0000 base=0000000000000000 limit=ffffffff flags=00004000}
00:00:45.603452 cr0=00000000c0010033 cr2=0000000000000470 cr3=00000000255e5000 cr4=0000000000000020
00:00:45.603454 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
00:00:45.603455 dr4=0000000000000000 dr5=0000000000000000 dr6=00000000ffff0ff0 dr7=0000000000000400
00:00:45.603457 gdtr=ffffff8000001000:0097 idtr=ffffff8000000000:1000 eflags=00000046
00:00:45.603460 ldtr={0030 base=ffffff8023a3b000 limit=00000017 flags=00000082}
00:00:45.603461 tr ={0040 base=ffffff8023a3a000 limit=00000067 flags=0000008b}
00:00:45.603463 SysEnter={cs=000b eip=00000000234360b0 esp=0000000023b14080}
00:00:45.603465 xcr=0000000000000001 xcr1=0000000000000000 xss=0000000000000000 (fXStateMask=0000000000000000)
00:00:45.603467 FCW=027f FSW=0000 FTW=0000 FOP=0000 MXCSR=00001f80 MXCSR_MASK=0002ffff
00:00:45.603469 FPUIP=00000000 CS=0010 Rsrvd1=0000 FPUDP=00000000 DS=002b Rsvrd2=0000
00:00:45.603470 ST(0)=FPR0={0000'00000000'00000000} t0 +0.0000000000000000000000 ^ 0 (*)
00:00:45.603473 ST(1)=FPR1={0000'00000000'00000000} t0 +0.0000000000000000000000 ^ 0 (*)
00:00:45.603475 ST(2)=FPR2={0000'00000000'00000000} t0 +0.0000000000000000000000 ^ 0 (*)
00:00:45.603477 ST(3)=FPR3={0000'00000000'00000000} t0 +0.0000000000000000000000 ^ 0 (*)
00:00:45.603479 ST(4)=FPR4={0000'00000000'00000000} t0 +0.0000000000000000000000 ^ 0 (*)
00:00:45.603481 ST(5)=FPR5={0000'00000000'00000000} t0 +0.0000000000000000000000 ^ 0 (*)
00:00:45.603482 ST(6)=FPR6={0000'00000000'00000000} t0 +0.0000000000000000000000 ^ 0 (*)
00:00:45.603484 ST(7)=FPR7={0000'00000000'00000000} t0 +0.0000000000000000000000 ^ 0 (*)
00:00:45.603486 XMM0 =00000000'00000000'00000000'00000000 XMM1 =00000000'00000000'00000000'00000000
00:00:45.603489 XMM2 =00000000'00000000'00000000'00000000 XMM3 =00000000'00000000'00000000'00000000
00:00:45.603491 XMM4 =00000000'00000000'00000000'00000000 XMM5 =00000000'00000000'00000000'00000000
00:00:45.603494 XMM6 =00000000'00000000'00000000'00000000 XMM7 =00000000'00000000'00000000'00000000
00:00:45.603496 XMM8 =00000000'00000000'00000000'00000000 XMM9 =00000000'00000000'00000000'00000000
00:00:45.603498 XMM10=00000000'00000000'00000000'00000000 XMM11=00000000'00000000'00000000'00000000
00:00:45.603501 XMM12=00000000'00000000'00000000'00000000 XMM13=00000000'00000000'00000000'00000000
00:00:45.603503 XMM14=00000000'00000000'00000000'00000000 XMM15=00000000'00000000'00000000'00000000
00:00:45.603505 EFER =0000000000000d01
00:00:45.603506 PAT =0007040600070406
00:00:45.603507 STAR =001b000800000000
00:00:45.603508 CSTAR =0000000000000000
00:00:45.603509 LSTAR =ffffff8023436050
00:00:45.603510 SFMASK =0000000000004700
00:00:45.603511 KERNELGSBASE =ffffff8023a29dc0
00:00:45.603512 ***
00:00:45.603516 Guest paging mode: AMD64+NX (changed 5 times), A20 enabled (changed 0 times)
00:00:45.603518 Shadow paging mode: Nested
00:00:45.603519 Host paging mode: AMD64+G+NX
00:00:45.603520 ***
00:00:45.603522 Active Timers (pVM=0000000004dd0000)
00:00:45.603523 pTimerR3 offNext offPrev offSched Clock Time Expire HzHint State Description
00:00:45.603528 0000000006baae00 00017c50 00000000 00000000 Real 15974568 15974577 0 2-ACTIVE VGA Refresh Timer
00:00:45.603532 0000000006bc2a50 00000000 fffe83b0 00000000 Real 15974568 15975413 0 2-ACTIVE CPU Load Timer
00:00:45.603538 0000000006ba26b0 000005e0 00000000 00000000 VrSy 39039882972 39040930250 99 2-ACTIVE i8254 Programmable Interval Timer
00:00:45.603542 0000000006ba2c90 0001e750 fffffa20 00000000 VrSy 39039938531 39990000000 0 2-ACTIVE MC146818 RTC/CMOS - Second
00:00:45.603546 0000000006bc13e0 00000000 fffe18b0 00000000 VrSy 39039989887 599932015941 0 2-ACTIVE ACPI PM Timer
00:00:45.603550 ***
00:00:45.603553 ***
00:00:45.603554 ************** End of Guest state at power off ***************
00:00:45.614091 GUI: UIMachineView::sltHandleNotifyChange: Screen=0, Size=1024x768
00:00:45.674459 PDMR3PowerOff: 70 868 780 ns run time
00:00:45.674487 Changing the VM state from 'POWERING_OFF' to 'OFF'
00:00:45.678051 Changing the VM state from 'OFF' to 'DESTROYING'
00:00:45.678168 ************************* Statistics *************************
00:00:45.678267 /CPUM/MSR-Totals/Reads 7 times
00:00:45.678274 /CPUM/MSR-Totals/ReadsRaisingGP 0 times
00:00:45.678278 /CPUM/MSR-Totals/ReadsUnknown 0 times
00:00:45.678282 /CPUM/MSR-Totals/Writes 6 times
00:00:45.678294 /CPUM/MSR-Totals/WritesRaisingGP 2 times
00:00:45.678301 /CPUM/MSR-Totals/WritesToIgnoredBits 0 times
00:00:45.678305 /CPUM/MSR-Totals/WritesUnknown 0 times
00:00:45.678309 /Devices/E1k0/ReceiveBytes 0 bytes
00:00:45.678313 /Devices/E1k0/TransmitBytes 0 bytes
00:00:45.678317 /Devices/E1k1/ReceiveBytes 0 bytes
00:00:45.678321 /Devices/E1k1/TransmitBytes 0 bytes
00:00:45.678325 /Devices/SATA0/Port0/DMA 3390 times
00:00:45.678330 /Devices/SATA0/Port0/ReadBytes 14049792 bytes
00:00:45.678344 /Devices/VMMDev/BalloonChunks 0 count
00:00:45.678349 /Drivers/IntNet-0/BadFrames 0 count
00:00:45.678353 /Drivers/IntNet-0/Bytes/Received 1926 bytes
00:00:45.678357 /Drivers/IntNet-0/Bytes/Sent 0 bytes
00:00:45.678361 /Drivers/IntNet-0/Overflows/Recv 0 count
00:00:45.678365 /Drivers/IntNet-0/Overflows/Sent 0 count
00:00:45.678369 /Drivers/IntNet-0/Packets/Lost 0 count
00:00:45.678373 /Drivers/IntNet-0/Packets/Received 33 count
00:00:45.678377 /Drivers/IntNet-0/Packets/Received-Gso 0 count
00:00:45.678385 /Drivers/IntNet-0/Packets/Sent 0 count
00:00:45.678452 /Drivers/IntNet-0/Packets/Sent-Gso 0 count
00:00:45.678456 /Drivers/IntNet-0/Packets/Sent-R0 0 count
00:00:45.678461 /Drivers/IntNet-0/Recv1 0 ticks/call ( 0 ticks, 0 times, max 0, min -1)
00:00:45.678466 /Drivers/IntNet-0/Recv2 0 ticks/call ( 0 ticks, 0 times, max 0, min -1)
00:00:45.678471 /Drivers/IntNet-0/Reserved 0 ticks/call ( 0 ticks, 0 times, max 0, min -1)
00:00:45.678476 /Drivers/IntNet-0/Send1 0 ticks/call ( 0 ticks, 0 times, max 0, min -1)
00:00:45.678481 /Drivers/IntNet-0/Send2 0 ticks/call ( 0 ticks, 0 times, max 0, min -1)
00:00:45.678486 /Drivers/IntNet-0/XmitProcessRing 0 count
00:00:45.678490 /Drivers/IntNet-0/XmitWakeup-R0 0 count
00:00:45.678494 /Drivers/IntNet-0/XmitWakeup-R3 0 count
00:00:45.678498 /Drivers/IntNet-0/YieldNok 0 count
00:00:45.678502 /Drivers/IntNet-0/YieldOk 0 count
00:00:45.678507 /FT/Checkpoint/Network 0 times
00:00:45.678510 /FT/Checkpoint/Storage 0 times
00:00:45.678515 /FT/Received/Mem 0 bytes
00:00:45.678519 /FT/Received/State 0 bytes
00:00:45.678525 /FT/Sent/Mem 0 bytes
00:00:45.678530 /FT/Sent/State 0 bytes
00:00:45.678535 /FT/Sync/DeltaMem 0 times
00:00:45.678540 /FT/Sync/DeltaVM 0 times
00:00:45.678544 /FT/Sync/Full 0 times
00:00:45.678548 /GMM/VM/Allocated/cBasePages 35872 pages
00:00:45.678552 /GMM/VM/Allocated/cFixedPages 0 pages
00:00:45.678557 /GMM/VM/Allocated/cShadowPages 0 pages
00:00:45.678561 /GMM/VM/Reserved/cBasePages 524928 pages
00:00:45.678565 /GMM/VM/Reserved/cFixedPages 33796 pages
00:00:45.678569 /GMM/VM/Reserved/cShadowPages 1 pages
00:00:45.678573 /GMM/VM/cBalloonedPages 0 pages
00:00:45.678577 /GMM/VM/cMaxBalloonedPages 0 pages
00:00:45.678581 /GMM/VM/cPrivatePages 35872 pages
00:00:45.678585 /GMM/VM/cReqActuallyBalloonedPages 0 pages
00:00:45.678589 /GMM/VM/cReqBalloonedPages 0 pages
00:00:45.678593 /GMM/VM/cReqDeflatePages 0 pages
00:00:45.678597 /GMM/VM/cShareableModules 0 count
00:00:45.678601 /GMM/VM/cSharedPages 0 pages
00:00:45.678605 /GMM/VM/enmPolicy 1
00:00:45.678609 /GMM/VM/enmPriority 2
00:00:45.678615 /GMM/VM/fBallooningEnabled false
00:00:45.678622 /GMM/VM/fMayAllocate true
00:00:45.678640 /GMM/VM/fSharedPagingEnabled false
00:00:45.678645 /GMM/cAllocatedPages 35872 pages
00:00:45.678649 /GMM/cBalloonedPages 0 pages
00:00:45.678653 /GMM/cChunks 71 count
00:00:45.678657 /GMM/cDuplicatePages 0 pages
00:00:45.678661 /GMM/cFreedChunks 0 count
00:00:45.678665 /GMM/cLeftBehindSharedPages 0 pages
00:00:45.678669 /GMM/cMaxPages 4294967295 pages
00:00:45.678673 /GMM/cOverCommittedPages 0 pages
00:00:45.678677 /GMM/cReservedPages 558725 pages
00:00:45.678681 /GMM/cShareableModules 0 count
00:00:45.678685 /GMM/cSharedPages 0 pages
00:00:45.678689 /GVMM/EMTs 4 calls
00:00:45.678693 /GVMM/HostCPUs 4 calls
00:00:45.678697 /GVMM/HostCpus/0 0
00:00:45.678701 /GVMM/HostCpus/0/CurTimerHz 0 Hz
00:00:45.678705 /GVMM/HostCpus/0/DesiredHz 0 Hz
00:00:45.678709 /GVMM/HostCpus/0/PPTChanges 0 times
00:00:45.678713 /GVMM/HostCpus/0/PPTStarts 0 times
00:00:45.678717 /GVMM/HostCpus/0/idxCpuSet 0
00:00:45.678720 /GVMM/HostCpus/1 1
00:00:45.678724 /GVMM/HostCpus/1/CurTimerHz 0 Hz
00:00:45.678728 /GVMM/HostCpus/1/DesiredHz 0 Hz
00:00:45.678732 /GVMM/HostCpus/1/PPTChanges 0 times
00:00:45.678735 /GVMM/HostCpus/1/PPTStarts 0 times
00:00:45.678739 /GVMM/HostCpus/1/idxCpuSet 1
00:00:45.678743 /GVMM/HostCpus/2 2
00:00:45.678747 /GVMM/HostCpus/2/CurTimerHz 0 Hz
00:00:45.678750 /GVMM/HostCpus/2/DesiredHz 0 Hz
00:00:45.678759 /GVMM/HostCpus/2/PPTChanges 0 times
00:00:45.678763 /GVMM/HostCpus/2/PPTStarts 0 times
00:00:45.678767 /GVMM/HostCpus/2/idxCpuSet 2
00:00:45.678771 /GVMM/HostCpus/3 3
00:00:45.678774 /GVMM/HostCpus/3/CurTimerHz 0 Hz
00:00:45.678778 /GVMM/HostCpus/3/DesiredHz 0 Hz
00:00:45.678782 /GVMM/HostCpus/3/PPTChanges 0 times
00:00:45.678786 /GVMM/HostCpus/3/PPTStarts 0 times
00:00:45.678790 /GVMM/HostCpus/3/idxCpuSet 3
00:00:45.678793 /GVMM/Sum/HaltBlocking 8650 calls
00:00:45.678797 /GVMM/Sum/HaltCalls 8650 calls
00:00:45.678801 /GVMM/Sum/HaltNotBlocking 0 calls
00:00:45.678805 /GVMM/Sum/HaltTimeouts 7999 calls
00:00:45.678809 /GVMM/Sum/HaltWakeUps 0 calls
00:00:45.678813 /GVMM/Sum/PokeCalls 30 calls
00:00:45.678817 /GVMM/Sum/PokeNotBusy 8 calls
00:00:45.678821 /GVMM/Sum/PollCalls 0 calls
00:00:45.678825 /GVMM/Sum/PollHalts 0 calls
00:00:45.678829 /GVMM/Sum/PollWakeUps 0 calls
00:00:45.678833 /GVMM/Sum/WakeUpCalls 651 calls
00:00:45.678837 /GVMM/Sum/WakeUpNotHalted 200 calls
00:00:45.678841 /GVMM/Sum/WakeUpWakeUps 0 calls
00:00:45.678845 /GVMM/VM/HaltBlocking 8650 calls
00:00:45.678849 /GVMM/VM/HaltCalls 8650 calls
00:00:45.678853 /GVMM/VM/HaltNotBlocking 0 calls
00:00:45.678857 /GVMM/VM/HaltTimeouts 7999 calls
00:00:45.678861 /GVMM/VM/HaltWakeUps 0 calls
00:00:45.678865 /GVMM/VM/PokeCalls 30 calls
00:00:45.678869 /GVMM/VM/PokeNotBusy 8 calls
00:00:45.678873 /GVMM/VM/PollCalls 0 calls
00:00:45.678877 /GVMM/VM/PollHalts 0 calls
00:00:45.678881 /GVMM/VM/PollWakeUps 0 calls
00:00:45.678885 /GVMM/VM/WakeUpCalls 651 calls
00:00:45.678889 /GVMM/VM/WakeUpNotHalted 200 calls
00:00:45.678893 /GVMM/VM/WakeUpWakeUps 0 calls
00:00:45.678899 /GVMM/VMs 1 calls
00:00:45.678904 /HM/CPU0/Exit/HostNmiInGC 0 times
00:00:45.678909 /HM/CPU1/Exit/HostNmiInGC 0 times
00:00:45.678913 /HM/CPU2/Exit/HostNmiInGC 0 times
00:00:45.678917 /HM/CPU3/Exit/HostNmiInGC 0 times
00:00:45.678921 /IEM/CPU0/cInstructions 122142 count
00:00:45.678925 /IEM/CPU0/cPendingCommit 0 bytes
00:00:45.678929 /IEM/CPU0/cPotentialExits 117538 count
00:00:45.678933 /IEM/CPU0/cRetAspectNotImplemented 0 count
00:00:45.678937 /IEM/CPU0/cRetErrStatuses 0 count
00:00:45.678941 /IEM/CPU0/cRetInfStatuses 1986 count
00:00:45.678945 /IEM/CPU0/cRetInstrNotImplemented 0 count
00:00:45.678949 /IEM/CPU0/cbWritten 165960 bytes
00:00:45.678953 /IEM/CPU1/cInstructions 0 count
00:00:45.678957 /IEM/CPU1/cPendingCommit 0 bytes
00:00:45.678961 /IEM/CPU1/cPotentialExits 0 count
00:00:45.678964 /IEM/CPU1/cRetAspectNotImplemented 0 count
00:00:45.678968 /IEM/CPU1/cRetErrStatuses 0 count
00:00:45.678972 /IEM/CPU1/cRetInfStatuses 0 count
00:00:45.678976 /IEM/CPU1/cRetInstrNotImplemented 0 count
00:00:45.678980 /IEM/CPU1/cbWritten 0 bytes
00:00:45.678984 /IEM/CPU2/cInstructions 0 count
00:00:45.678988 /IEM/CPU2/cPendingCommit 0 bytes
00:00:45.678992 /IEM/CPU2/cPotentialExits 0 count
00:00:45.678996 /IEM/CPU2/cRetAspectNotImplemented 0 count
00:00:45.679000 /IEM/CPU2/cRetErrStatuses 0 count
00:00:45.679003 /IEM/CPU2/cRetInfStatuses 0 count
00:00:45.679007 /IEM/CPU2/cRetInstrNotImplemented 0 count
00:00:45.679011 /IEM/CPU2/cbWritten 0 bytes
00:00:45.679015 /IEM/CPU3/cInstructions 0 count
00:00:45.679019 /IEM/CPU3/cPendingCommit 0 bytes
00:00:45.679023 /IEM/CPU3/cPotentialExits 0 count
00:00:45.679027 /IEM/CPU3/cRetAspectNotImplemented 0 count
00:00:45.679031 /IEM/CPU3/cRetErrStatuses 0 count
00:00:45.679034 /IEM/CPU3/cRetInfStatuses 0 count
00:00:45.679038 /IEM/CPU3/cRetInstrNotImplemented 0 count
00:00:45.679042 /IEM/CPU3/cbWritten 0 bytes
00:00:45.679046 /MM/HyperHeap/cbFree 1807312 bytes
00:00:45.679050 /MM/HyperHeap/cbHeap 2358976 bytes
00:00:45.679055 /PDM/BlkCache/cbCached 0 bytes
00:00:45.679059 /PDM/BlkCache/cbCachedFru 0 bytes
00:00:45.679062 /PDM/BlkCache/cbCachedMruIn 0 bytes
00:00:45.679068 /PDM/BlkCache/cbCachedMruOut 0 bytes
00:00:45.679072 /PDM/BlkCache/cbMax 5242880 bytes
00:00:45.679076 /PDM/CritSects/8237A#0Auto/ContentionR3 0 times
00:00:45.679082 /PDM/CritSects/8237A#0Auto/ContentionRZLock 0 times
00:00:45.679087 /PDM/CritSects/8237A#0Auto/ContentionRZUnlock 0 times
00:00:45.679091 /PDM/CritSects/AHCI#0/ContentionR3 0 times
00:00:45.679095 /PDM/CritSects/AHCI#0/ContentionRZLock 0 times
00:00:45.679100 /PDM/CritSects/AHCI#0/ContentionRZUnlock 0 times
00:00:45.679104 /PDM/CritSects/E1000#0/ContentionR3 0 times
00:00:45.679108 /PDM/CritSects/E1000#0/ContentionRZLock 0 times
00:00:45.679112 /PDM/CritSects/E1000#0/ContentionRZUnlock 0 times
00:00:45.679118 /PDM/CritSects/E1000#0RX/ContentionR3 0 times
00:00:45.679122 /PDM/CritSects/E1000#0RX/ContentionRZLock 0 times
00:00:45.679161 /PDM/CritSects/E1000#0RX/ContentionRZUnlock 0 times
00:00:45.679167 /PDM/CritSects/E1000#0TX/ContentionR3 0 times
00:00:45.679172 /PDM/CritSects/E1000#0TX/ContentionRZLock 0 times
00:00:45.679176 /PDM/CritSects/E1000#0TX/ContentionRZUnlock 0 times
00:00:45.679180 /PDM/CritSects/E1000#1/ContentionR3 0 times
00:00:45.679184 /PDM/CritSects/E1000#1/ContentionRZLock 0 times
00:00:45.679195 /PDM/CritSects/E1000#1/ContentionRZUnlock 0 times
00:00:45.679204 /PDM/CritSects/E1000#1RX/ContentionR3 0 times
00:00:45.679208 /PDM/CritSects/E1000#1RX/ContentionRZLock 0 times
00:00:45.679212 /PDM/CritSects/E1000#1RX/ContentionRZUnlock 0 times
00:00:45.679216 /PDM/CritSects/E1000#1TX/ContentionR3 0 times
00:00:45.679219 /PDM/CritSects/E1000#1TX/ContentionRZLock 0 times
00:00:45.679223 /PDM/CritSects/E1000#1TX/ContentionRZUnlock 0 times
00:00:45.679227 /PDM/CritSects/EM-REM/ContentionR3 0 times
00:00:45.679231 /PDM/CritSects/EM-REM/ContentionRZLock 0 times
00:00:45.679235 /PDM/CritSects/EM-REM/ContentionRZUnlock 0 times
00:00:45.679239 /PDM/CritSects/FTM/ContentionR3 0 times
00:00:45.679243 /PDM/CritSects/FTM/ContentionRZLock 0 times
00:00:45.679247 /PDM/CritSects/FTM/ContentionRZUnlock 0 times
00:00:45.679264 /PDM/CritSects/GIMDev#0Auto/ContentionR3 0 times
00:00:45.679268 /PDM/CritSects/GIMDev#0Auto/ContentionRZLock 0 times
00:00:45.679272 /PDM/CritSects/GIMDev#0Auto/ContentionRZUnlock 0 times
00:00:45.679276 /PDM/CritSects/HPET/ContentionR3 0 times
00:00:45.679279 /PDM/CritSects/HPET/ContentionRZLock 0 times
00:00:45.679283 /PDM/CritSects/HPET/ContentionRZUnlock 0 times
00:00:45.679287 /PDM/CritSects/IntNetXmit_0/ContentionR3 0 times
00:00:45.679291 /PDM/CritSects/IntNetXmit_0/ContentionRZLock 0 times
00:00:45.679295 /PDM/CritSects/IntNetXmit_0/ContentionRZUnlock 0 times
00:00:45.679298 /PDM/CritSects/MM-HYPER/ContentionR3 0 times
00:00:45.679302 /PDM/CritSects/MM-HYPER/ContentionRZLock 0 times
00:00:45.679306 /PDM/CritSects/MM-HYPER/ContentionRZUnlock 0 times
00:00:45.679310 /PDM/CritSects/NOP/ContentionR3 0 times
00:00:45.679314 /PDM/CritSects/NOP/ContentionRZLock 0 times
00:00:45.679318 /PDM/CritSects/NOP/ContentionRZUnlock 0 times
00:00:45.679321 /PDM/CritSects/OHCI#0Irq/ContentionR3 0 times
00:00:45.679326 /PDM/CritSects/OHCI#0Irq/ContentionRZLock 0 times
00:00:45.679329 /PDM/CritSects/OHCI#0Irq/ContentionRZUnlock 0 times
00:00:45.679333 /PDM/CritSects/PDM/ContentionR3 0 times
00:00:45.679337 /PDM/CritSects/PDM/ContentionRZLock 5 times
00:00:45.679341 /PDM/CritSects/PDM/ContentionRZUnlock 0 times
00:00:45.679345 /PDM/CritSects/PGM/ContentionR3 0 times
00:00:45.679349 /PDM/CritSects/PGM/ContentionRZLock 21 times
00:00:45.679353 /PDM/CritSects/PGM/ContentionRZUnlock 0 times
00:00:45.679357 /PDM/CritSects/REM-Register/ContentionR3 0 times
00:00:45.679361 /PDM/CritSects/REM-Register/ContentionRZLock 0 times
00:00:45.679365 /PDM/CritSects/REM-Register/ContentionRZUnlock 0 times
00:00:45.679369 /PDM/CritSects/TM Timer Lock/ContentionR3 0 times
00:00:45.679373 /PDM/CritSects/TM Timer Lock/ContentionRZLock 0 times
00:00:45.679377 /PDM/CritSects/TM Timer Lock/ContentionRZUnlock 0 times
00:00:45.679380 /PDM/CritSects/TM VirtualSync Lock/ContentionR3 0 times
00:00:45.679384 /PDM/CritSects/TM VirtualSync Lock/ContentionRZLock 138 times
00:00:45.679388 /PDM/CritSects/TM VirtualSync Lock/ContentionRZUnlock 0 times
00:00:45.679393 /PDM/CritSects/VGA#0/ContentionR3 0 times
00:00:45.679396 /PDM/CritSects/VGA#0/ContentionRZLock 2 times
00:00:45.679400 /PDM/CritSects/VGA#0/ContentionRZUnlock 0 times
00:00:45.679404 /PDM/CritSects/VMMDev#0/ContentionR3 0 times
00:00:45.679408 /PDM/CritSects/VMMDev#0/ContentionRZLock 0 times
00:00:45.679412 /PDM/CritSects/VMMDev#0/ContentionRZUnlock 0 times
00:00:45.679416 /PDM/CritSects/acpi#0/ContentionR3 0 times
00:00:45.679420 /PDM/CritSects/acpi#0/ContentionRZLock 0 times
00:00:45.679424 /PDM/CritSects/acpi#0/ContentionRZUnlock 0 times
00:00:45.679428 /PDM/CritSects/efi#0Auto/ContentionR3 0 times
00:00:45.679432 /PDM/CritSects/efi#0Auto/ContentionRZLock 0 times
00:00:45.679438 /PDM/CritSects/efi#0Auto/ContentionRZUnlock 0 times
00:00:45.679443 /PDM/CritSects/ich9pci#0Auto/ContentionR3 0 times
00:00:45.679448 /PDM/CritSects/ich9pci#0Auto/ContentionRZLock 0 times
00:00:45.679452 /PDM/CritSects/ich9pci#0Auto/ContentionRZUnlock 0 times
00:00:45.679455 /PDM/CritSects/lpc#0Auto/ContentionR3 0 times
00:00:45.679459 /PDM/CritSects/lpc#0Auto/ContentionRZLock 0 times
00:00:45.679463 /PDM/CritSects/lpc#0Auto/ContentionRZUnlock 0 times
00:00:45.679467 /PDM/CritSects/mc146818#0Auto/ContentionR3 0 times
00:00:45.679471 /PDM/CritSects/mc146818#0Auto/ContentionRZLock 0 times
00:00:45.679475 /PDM/CritSects/mc146818#0Auto/ContentionRZUnlock 0 times
00:00:45.679479 /PDM/CritSects/pcarch#0Auto/ContentionR3 0 times
00:00:45.679482 /PDM/CritSects/pcarch#0Auto/ContentionRZLock 0 times
00:00:45.679486 /PDM/CritSects/pcarch#0Auto/ContentionRZUnlock 0 times
00:00:45.679490 /PDM/CritSects/pckbd#0Auto/ContentionR3 0 times
00:00:45.679494 /PDM/CritSects/pckbd#0Auto/ContentionRZLock 0 times
00:00:45.679498 /PDM/CritSects/pckbd#0Auto/ContentionRZUnlock 0 times
00:00:45.679502 /PDM/CritSects/pit#0/ContentionR3 0 times
00:00:45.679505 /PDM/CritSects/pit#0/ContentionRZLock 0 times
00:00:45.679509 /PDM/CritSects/pit#0/ContentionRZUnlock 0 times
00:00:45.679513 /PDM/CritSects/smc#0Auto/ContentionR3 0 times
00:00:45.679517 /PDM/CritSects/smc#0Auto/ContentionRZLock 0 times
00:00:45.679521 /PDM/CritSects/smc#0Auto/ContentionRZUnlock 0 times
00:00:45.679524 /PDM/CritSects/usb-ohci#0Auto/ContentionR3 0 times
00:00:45.679528 /PDM/CritSects/usb-ohci#0Auto/ContentionRZLock 0 times
00:00:45.679532 /PDM/CritSects/usb-ohci#0Auto/ContentionRZUnlock 0 times
00:00:45.679536 /PDM/CritSectsRw/IOM Lock/ContentionR3EnterExcl 0 times
00:00:45.679539 /PDM/CritSectsRw/IOM Lock/ContentionR3EnterShared 0 times
00:00:45.679543 /PDM/CritSectsRw/IOM Lock/ContentionRZEnterExcl 0 times
00:00:45.679547 /PDM/CritSectsRw/IOM Lock/ContentionRZEnterShared 0 times
00:00:45.679551 /PDM/CritSectsRw/IOM Lock/ContentionRZLeaveExcl 0 times
00:00:45.679555 /PDM/CritSectsRw/IOM Lock/ContentionRZLeaveShared 0 times
00:00:45.679559 /PDM/CritSectsRw/IOM Lock/R3EnterExcl 300 times
00:00:45.679562 /PDM/CritSectsRw/IOM Lock/R3EnterShared 25688 times
00:00:45.679566 /PDM/CritSectsRw/IOM Lock/RZEnterExcl 0 times
00:00:45.679570 /PDM/CritSectsRw/IOM Lock/RZEnterShared 4009017 times
00:00:45.679574 /PDM/Queue/AHCI-Xmit/AllocFailures 0 times
00:00:45.679578 /PDM/Queue/AHCI-Xmit/Flush 0 calls
00:00:45.679582 /PDM/Queue/AHCI-Xmit/FlushLeftovers 0 times
00:00:45.679586 /PDM/Queue/AHCI-Xmit/Insert 0 calls
00:00:45.679590 /PDM/Queue/AHCI-Xmit/cItems 60 count
00:00:45.679594 /PDM/Queue/AHCI-Xmit/cbItem 32 bytes
00:00:45.679598 /PDM/Queue/DevHlp/AllocFailures 0 times
00:00:45.679602 /PDM/Queue/DevHlp/Flush 0 calls
00:00:45.679606 /PDM/Queue/DevHlp/FlushLeftovers 0 times
00:00:45.679610 /PDM/Queue/DevHlp/Insert 0 calls
00:00:45.679614 /PDM/Queue/DevHlp/cItems 8 count
00:00:45.679618 /PDM/Queue/DevHlp/cbItem 56 bytes
00:00:45.679622 /PDM/Queue/E1000-Rcv/AllocFailures 0 times
00:00:45.679626 /PDM/Queue/E1000-Rcv/Flush 0 calls
00:00:45.679630 /PDM/Queue/E1000-Rcv/FlushLeftovers 0 times
00:00:45.679634 /PDM/Queue/E1000-Rcv/Insert 0 calls
00:00:45.679637 /PDM/Queue/E1000-Rcv/cItems 1 count
00:00:45.679641 /PDM/Queue/E1000-Rcv/cbItem 24 bytes
00:00:45.679645 /PDM/Queue/E1000-Rcv_1/AllocFailures 0 times
00:00:45.679649 /PDM/Queue/E1000-Rcv_1/Flush 0 calls
00:00:45.679653 /PDM/Queue/E1000-Rcv_1/FlushLeftovers 0 times
00:00:45.679658 /PDM/Queue/E1000-Rcv_1/Insert 0 calls
00:00:45.679663 /PDM/Queue/E1000-Rcv_1/cItems 1 count
00:00:45.679667 /PDM/Queue/E1000-Rcv_1/cbItem 24 bytes
00:00:45.679671 /PDM/Queue/E1000-Xmit/AllocFailures 0 times
00:00:45.679675 /PDM/Queue/E1000-Xmit/Flush 0 calls
00:00:45.679679 /PDM/Queue/E1000-Xmit/FlushLeftovers 0 times
00:00:45.679682 /PDM/Queue/E1000-Xmit/Insert 0 calls
00:00:45.679686 /PDM/Queue/E1000-Xmit/cItems 1 count
00:00:45.679690 /PDM/Queue/E1000-Xmit/cbItem 24 bytes
00:00:45.679694 /PDM/Queue/E1000-Xmit_1/AllocFailures 0 times
00:00:45.679698 /PDM/Queue/E1000-Xmit_1/Flush 0 calls
00:00:45.679701 /PDM/Queue/E1000-Xmit_1/FlushLeftovers 0 times
00:00:45.679705 /PDM/Queue/E1000-Xmit_1/Insert 0 calls
00:00:45.679709 /PDM/Queue/E1000-Xmit_1/cItems 1 count
00:00:45.679713 /PDM/Queue/E1000-Xmit_1/cbItem 24 bytes
00:00:45.679717 /PDM/Queue/Keyboard/AllocFailures 0 times
00:00:45.679721 /PDM/Queue/Keyboard/Flush 0 calls
00:00:45.679725 /PDM/Queue/Keyboard/FlushLeftovers 0 times
00:00:45.679728 /PDM/Queue/Keyboard/Insert 0 calls
00:00:45.679732 /PDM/Queue/Keyboard/cItems 64 count
00:00:45.679736 /PDM/Queue/Keyboard/cbItem 32 bytes
00:00:45.679740 /PDM/Queue/Keyboard_1/AllocFailures 0 times
00:00:45.679744 /PDM/Queue/Keyboard_1/Flush 0 calls
00:00:45.679748 /PDM/Queue/Keyboard_1/FlushLeftovers 0 times
00:00:45.679764 /PDM/Queue/Keyboard_1/Insert 0 calls
00:00:45.679768 /PDM/Queue/Keyboard_1/cItems 64 count
00:00:45.679771 /PDM/Queue/Keyboard_1/cbItem 32 bytes
00:00:45.679775 /PDM/Queue/Mouse/AllocFailures 0 times
00:00:45.679779 /PDM/Queue/Mouse/Flush 0 calls
00:00:45.679783 /PDM/Queue/Mouse/FlushLeftovers 0 times
00:00:45.679787 /PDM/Queue/Mouse/Insert 0 calls
00:00:45.679829 /PDM/Queue/Mouse/cItems 128 count
00:00:45.679843 /PDM/Queue/Mouse/cbItem 48 bytes
00:00:45.679849 /PDM/Queue/Mouse_1/AllocFailures 0 times
00:00:45.679854 /PDM/Queue/Mouse_1/Flush 0 calls
00:00:45.679859 /PDM/Queue/Mouse_1/FlushLeftovers 0 times
00:00:45.679863 /PDM/Queue/Mouse_1/Insert 0 calls
00:00:45.679867 /PDM/Queue/Mouse_1/cItems 128 count
00:00:45.679871 /PDM/Queue/Mouse_1/cbItem 48 bytes
00:00:45.679876 /PGM/CPU0/cA20Changes 0 times
00:00:45.679880 /PGM/CPU0/cGuestModeChanges 5 times
00:00:45.679884 /PGM/CPU1/cA20Changes 0 times
00:00:45.679888 /PGM/CPU1/cGuestModeChanges 1 times
00:00:45.679892 /PGM/CPU2/cA20Changes 0 times
00:00:45.679896 /PGM/CPU2/cGuestModeChanges 1 times
00:00:45.679900 /PGM/CPU3/cA20Changes 0 times
00:00:45.679904 /PGM/CPU3/cGuestModeChanges 1 times
00:00:45.679908 /PGM/ChunkR3Map/Mapped 71 count
00:00:45.679912 /PGM/ChunkR3Map/Unmapped 0 count
00:00:45.679916 /PGM/ChunkR3Map/c 71 count
00:00:45.679920 /PGM/ChunkR3Map/cMax 4294967295 count
00:00:45.679924 /PGM/LargePage/Recheck 0 times
00:00:45.679928 /PGM/LargePage/Refused 0 times
00:00:45.679932 /PGM/LargePage/Reused 0 times
00:00:45.679939 /PGM/Page/cAllPages 575054 count
00:00:45.679943 /PGM/Page/cBalloonedPages 0 count
00:00:45.679947 /PGM/Page/cHandyPages 64 count
00:00:45.679951 /PGM/Page/cLargePages 0 count
00:00:45.679955 /PGM/Page/cLargePagesDisabled 0 count
00:00:45.679959 /PGM/Page/cMonitoredPages 0 count
00:00:45.679963 /PGM/Page/cPrivatePages 69604 count
00:00:45.679967 /PGM/Page/cPureMmioPages 16458 count
00:00:45.679971 /PGM/Page/cReadLockedPages 0 count
00:00:45.679983 /PGM/Page/cReusedSharedPages 0 count
00:00:45.679991 /PGM/Page/cSharedPages 0 count
00:00:45.679995 /PGM/Page/cWriteLockedPages 0 count
00:00:45.680000 /PGM/Page/cWrittenToPages 0 count
00:00:45.680003 /PGM/Page/cZeroPages 488992 count
00:00:45.680008 /PGM/ShMod/Check 0 ticks/call ( 0 ticks, 0 times, max 0, min -1)
00:00:45.680013 /PGM/cRelocations 0 times
00:00:45.680017 /PROF/CPU0/EM/Capped 0 ticks/call ( 0 ticks, 0 times, max 0, min -1)
00:00:45.680022 /PROF/CPU0/EM/ForcedActions 1516 times
00:00:45.680026 /PROF/CPU0/EM/Halted 0 times
00:00:45.680030 /PROF/CPU0/EM/RAWTotal 0 times
00:00:45.680034 /PROF/CPU0/EM/REMTotal 0 times
00:00:45.680038 /PROF/CPU0/EM/Total 31141602674 ticks/call ( 31141602674 ticks, 1 times, max 31141602674, min 31141602674)
00:00:45.680044 /PROF/CPU0/VM/Halt/Block 0 ns/call ( 0 ticks, 0 times, max 0, min -1)
00:00:45.680049 /PROF/CPU0/VM/Halt/BlockInsomnia 0 ns/call ( 0 ticks, 0 times, max 0, min -1)
00:00:45.680054 /PROF/CPU0/VM/Halt/BlockOnTime 0 ns/call ( 0 ticks, 0 times, max 0, min -1)
00:00:45.680059 /PROF/CPU0/VM/Halt/BlockOverslept 0 ns/call ( 0 ticks, 0 times, max 0, min -1)
00:00:45.680064 /PROF/CPU0/VM/Halt/Timers 0 ns/call ( 0 ticks, 0 times, max 0, min -1)
00:00:45.680068 /PROF/CPU0/VM/Halt/Yield 0 ns/call ( 0 ticks, 0 times, max 0, min -1)
00:00:45.680073 /PROF/CPU1/EM/Capped 0 ticks/call ( 0 ticks, 0 times, max 0, min -1)
00:00:45.680077 /PROF/CPU1/EM/ForcedActions 15 times
00:00:45.680081 /PROF/CPU1/EM/Halted 15 times
00:00:45.680085 /PROF/CPU1/EM/RAWTotal 0 times
00:00:45.680089 /PROF/CPU1/EM/REMTotal 0 times
00:00:45.680093 /PROF/CPU1/EM/Total 117341478950 ticks/call (117341478950 ticks, 1 times, max 117341478950, min 117341478950)
00:00:45.680099 /PROF/CPU1/VM/Halt/Block 406299869 ns/call ( 39004787450 ticks, 96 times, max 501795361, min 22897)
00:00:45.680105 /PROF/CPU1/VM/Halt/BlockInsomnia 0 ns/call ( 0 ticks, 0 times, max 0, min -1)
00:00:45.680110 /PROF/CPU1/VM/Halt/BlockOnTime 0 ns/call ( 0 ticks, 0 times, max 0, min -1)
00:00:45.680114 /PROF/CPU1/VM/Halt/BlockOverslept 0 ns/call ( 0 ticks, 0 times, max 0, min -1)
00:00:45.680119 /PROF/CPU1/VM/Halt/Timers 1704 ns/call ( 189162 ticks, 111 times, max 3017, min 105)
00:00:45.680124 /PROF/CPU1/VM/Halt/Yield 0 ns/call ( 0 ticks, 0 times, max 0, min -1)
00:00:45.680128 /PROF/CPU2/EM/Capped 0 ticks/call ( 0 ticks, 0 times, max 0, min -1)
00:00:45.680133 /PROF/CPU2/EM/ForcedActions 14 times
00:00:45.680137 /PROF/CPU2/EM/Halted 14 times
00:00:45.680141 /PROF/CPU2/EM/RAWTotal 0 times
00:00:45.680145 /PROF/CPU2/EM/REMTotal 0 times
00:00:45.680149 /PROF/CPU2/EM/Total 117341439378 ticks/call (117341439378 ticks, 1 times, max 117341439378, min 117341439378)
00:00:45.680156 /PROF/CPU2/VM/Halt/Block 410578942 ns/call ( 39004999509 ticks, 95 times, max 501088927, min 228206)
00:00:45.680161 /PROF/CPU2/VM/Halt/BlockInsomnia 0 ns/call ( 0 ticks, 0 times, max 0, min -1)
00:00:45.680166 /PROF/CPU2/VM/Halt/BlockOnTime 0 ns/call ( 0 ticks, 0 times, max 0, min -1)
00:00:45.680172 /PROF/CPU2/VM/Halt/BlockOverslept 0 ns/call ( 0 ticks, 0 times, max 0, min -1)
00:00:45.680178 /PROF/CPU2/VM/Halt/Timers 1871 ns/call ( 204005 ticks, 109 times, max 3350, min 114)
00:00:45.680183 /PROF/CPU2/VM/Halt/Yield 0 ns/call ( 0 ticks, 0 times, max 0, min -1)
00:00:45.680188 /PROF/CPU3/EM/Capped 0 ticks/call ( 0 ticks, 0 times, max 0, min -1)
00:00:45.680192 /PROF/CPU3/EM/ForcedActions 24 times
00:00:45.680196 /PROF/CPU3/EM/Halted 23 times
00:00:45.680201 /PROF/CPU3/EM/RAWTotal 0 times
00:00:45.680205 /PROF/CPU3/EM/REMTotal 0 times
00:00:45.680209 /PROF/CPU3/EM/Total 117340994468 ticks/call (117340994468 ticks, 1 times, max 117340994468, min 117340994468)
00:00:45.680215 /PROF/CPU3/VM/Halt/Block 4612134 ns/call ( 38824951325 ticks, 8418 times, max 39694299, min 5838)
00:00:45.680221 /PROF/CPU3/VM/Halt/BlockInsomnia 0 ns/call ( 0 ticks, 0 times, max 0, min -1)
00:00:45.680225 /PROF/CPU3/VM/Halt/BlockOnTime 0 ns/call ( 0 ticks, 0 times, max 0, min -1)
00:00:45.680230 /PROF/CPU3/VM/Halt/BlockOverslept 0 ns/call ( 0 ticks, 0 times, max 0, min -1)
00:00:45.680234 /PROF/CPU3/VM/Halt/Timers 18894 ns/call ( 166918082 ticks, 8834 times, max 15363683, min 2)
00:00:45.680239 /PROF/CPU3/VM/Halt/Yield 0 ns/call ( 0 ticks, 0 times, max 0, min -1)
00:00:45.680244 /Public/Net/E1k0/BytesReceived 0 bytes
00:00:45.680248 /Public/Net/E1k0/BytesTransmitted 0 bytes
00:00:45.680253 /Public/Net/E1k1/BytesReceived 0 bytes
00:00:45.680257 /Public/Net/E1k1/BytesTransmitted 0 bytes
00:00:45.680261 /REM/TbFlushCount 0 times
00:00:45.680265 /REM/TbPhysInvldCount 0 times
00:00:45.680269 /REM/TlbFlushCount 1 times
00:00:45.680273 /SELM/LoadHidSel/GstReadErrors 0 times
00:00:45.680277 /SELM/LoadHidSel/NoGoodGuest 0 times
00:00:45.680281 /TM/CPU/00/cNsExecuting 4554737833 ns
00:00:45.680285 /TM/CPU/00/cNsHalted 0 ns
00:00:45.680289 /TM/CPU/00/cNsOther 4815596643 ns
00:00:45.680293 /TM/CPU/00/cNsTotal 9370334476 ns
00:00:45.680298 /TM/CPU/00/cPeriodsExecuting 3906434 count
00:00:45.680301 /TM/CPU/00/cPeriodsHalted 0 count
00:00:45.680305 /TM/CPU/00/pctExecuting 0 %
00:00:45.680309 /TM/CPU/00/pctHalted 100 %
00:00:45.680313 /TM/CPU/00/pctOther 0 %
00:00:45.680317 /TM/CPU/01/cNsExecuting 0 ns
00:00:45.680321 /TM/CPU/01/cNsHalted 39005243813 ns
00:00:45.680325 /TM/CPU/01/cNsOther 106855972 ns
00:00:45.680329 /TM/CPU/01/cNsTotal 39112099785 ns
00:00:45.680333 /TM/CPU/01/cPeriodsExecuting 0 count
00:00:45.680337 /TM/CPU/01/cPeriodsHalted 15 count
00:00:45.680341 /TM/CPU/01/pctExecuting 0 %
00:00:45.680345 /TM/CPU/01/pctHalted 100 %
00:00:45.680349 /TM/CPU/01/pctOther 0 %
00:00:45.680353 /TM/CPU/02/cNsExecuting 0 ns
00:00:45.680357 /TM/CPU/02/cNsHalted 39005578394 ns
00:00:45.680361 /TM/CPU/02/cNsOther 106505667 ns
00:00:45.680365 /TM/CPU/02/cNsTotal 39112084061 ns
00:00:45.680369 /TM/CPU/02/cPeriodsExecuting 0 count
00:00:45.680373 /TM/CPU/02/cPeriodsHalted 14 count
00:00:45.680377 /TM/CPU/02/pctExecuting 0 %
00:00:45.680381 /TM/CPU/02/pctHalted 100 %
00:00:45.680385 /TM/CPU/02/pctOther 0 %
00:00:45.680389 /TM/CPU/03/cNsExecuting 0 ns
00:00:45.680395 /TM/CPU/03/cNsHalted 39004829411 ns
00:00:45.680400 /TM/CPU/03/cNsOther 107106192 ns
00:00:45.680404 /TM/CPU/03/cNsTotal 39111935603 ns
00:00:45.680408 /TM/CPU/03/cPeriodsExecuting 0 count
00:00:45.680412 /TM/CPU/03/cPeriodsHalted 23 count
00:00:45.680416 /TM/CPU/03/pctExecuting 0 %
00:00:45.680420 /TM/CPU/03/pctHalted 100 %
00:00:45.680423 /TM/CPU/03/pctOther 0 %
00:00:45.680427 /TM/CPU/pctExecuting 0 %
00:00:45.680431 /TM/CPU/pctHalted 100 %
00:00:45.680435 /TM/CPU/pctOther 0 %
00:00:45.680439 /TM/MaxHzHint 0 Hz
00:00:45.680443 /TM/R0/1nsSteps 1358 times
00:00:45.680447 /TM/R3/1nsSteps 1324 times
00:00:45.680451 /TM/TSC/offCPU0 0 ticks
00:00:45.680456 /TM/TSC/offCPU1 0 ticks
00:00:45.680460 /TM/TSC/offCPU2 0 ticks
00:00:45.680464 /TM/TSC/offCPU3 0 ticks
00:00:45.680468 /TM/VirtualSync/CurrentOffset 902432 ns
00:00:45.680472 /VUSB/0/cUrbsInPool 0 count
00:00:45.680478 ********************* End of statistics **********************
00:00:45.680578 VUSB: Detached 'HidKeyboard' from port 1
00:00:45.680702 VUSB: Detached 'HidMouse' from port 2
00:00:45.700805 NAT: zone(nm:mbuf_cluster, used:0)
00:00:45.701734 NAT: zone(nm:mbuf_packet, used:0)
00:00:45.701761 NAT: zone(nm:mbuf, used:0)
00:00:45.702023 NAT: zone(nm:mbuf_jumbo_pagesize, used:0)
00:00:45.702487 NAT: zone(nm:mbuf_jumbo_9k, used:0)
00:00:45.702743 NAT: zone(nm:mbuf_jumbo_16k, used:0)
00:00:45.702891 NAT: zone(nm:mbuf_ext_refcnt, used:0)
00:00:45.710500 Changing the VM state from 'DESTROYING' to 'TERMINATED'
00:00:45.822307 Console: Machine state changed to 'PoweredOff'
Raw
VBoxStartup.log
b4fc.b540: Log file opened: 5.0.0r101573 g_hStartupLog=0000000000000068 g_uNtVerCombined=0xa0280000
b4fc.b540: \SystemRoot\System32\ntdll.dll:
b4fc.b540: CreationTime: 2015-07-31T16:13:55.284543100Z
b4fc.b540: LastWriteTime: 2015-07-17T04:17:52.864363800Z
b4fc.b540: ChangeTime: 2015-07-31T16:44:38.894921100Z
b4fc.b540: FileAttributes: 0x20
b4fc.b540: Size: 0x1bce48
b4fc.b540: NT Headers: 0xd8
b4fc.b540: Timestamp: 0x55a864a2
b4fc.b540: Machine: 0x8664 - amd64
b4fc.b540: Timestamp: 0x55a864a2
b4fc.b540: Image Version: 10.0
b4fc.b540: SizeOfImage: 0x1c1000 (1839104)
b4fc.b540: Resource Dir: 0x15a000 LB 0x65720
b4fc.b540: ProductName: Microsoft® Windows® Operating System
b4fc.b540: ProductVersion: 10.0.10240.16392
b4fc.b540: FileVersion: 10.0.10240.16392 (th1_st1.150716-1608)
b4fc.b540: FileDescription: NT Layer DLL
b4fc.b540: \SystemRoot\System32\kernel32.dll:
b4fc.b540: CreationTime: 2015-07-10T10:59:59.699781600Z
b4fc.b540: LastWriteTime: 2015-07-10T10:59:59.699781600Z
b4fc.b540: ChangeTime: 2015-08-01T06:57:07.780407200Z
b4fc.b540: FileAttributes: 0x20
b4fc.b540: Size: 0xab830
b4fc.b540: NT Headers: 0xf0
b4fc.b540: Timestamp: 0x559f38ad
b4fc.b540: Machine: 0x8664 - amd64
b4fc.b540: Timestamp: 0x559f38ad
b4fc.b540: Image Version: 10.0
b4fc.b540: SizeOfImage: 0xad000 (708608)
b4fc.b540: Resource Dir: 0xab000 LB 0x518
b4fc.b540: ProductName: Microsoft® Windows® Operating System
b4fc.b540: ProductVersion: 10.0.10240.16384
b4fc.b540: FileVersion: 10.0.10240.16384 (th1.150709-1700)
b4fc.b540: FileDescription: Windows NT BASE API Client DLL
b4fc.b540: \SystemRoot\System32\KernelBase.dll:
b4fc.b540: CreationTime: 2015-07-10T11:00:10.325689700Z
b4fc.b540: LastWriteTime: 2015-07-10T11:00:10.325689700Z
b4fc.b540: ChangeTime: 2015-08-01T06:57:09.217910300Z
b4fc.b540: FileAttributes: 0x20
b4fc.b540: Size: 0x1dc680
b4fc.b540: NT Headers: 0x100
b4fc.b540: Timestamp: 0x559f38c3
b4fc.b540: Machine: 0x8664 - amd64
b4fc.b540: Timestamp: 0x559f38c3
b4fc.b540: Image Version: 10.0
b4fc.b540: SizeOfImage: 0x1dd000 (1953792)
b4fc.b540: Resource Dir: 0x1c7000 LB 0x530
b4fc.b540: ProductName: Microsoft® Windows® Operating System
b4fc.b540: ProductVersion: 10.0.10240.16384
b4fc.b540: FileVersion: 10.0.10240.16384 (th1.150709-1700)
b4fc.b540: FileDescription: Windows NT BASE API Client DLL
b4fc.b540: \SystemRoot\System32\apisetschema.dll:
b4fc.b540: CreationTime: 2015-07-10T11:00:04.872098600Z
b4fc.b540: LastWriteTime: 2015-07-10T11:00:04.872098600Z
b4fc.b540: ChangeTime: 2015-07-31T15:49:15.444515700Z
b4fc.b540: FileAttributes: 0x20
b4fc.b540: Size: 0x16760
b4fc.b540: NT Headers: 0xc8
b4fc.b540: Timestamp: 0x559f3e3d
b4fc.b540: Machine: 0x8664 - amd64
b4fc.b540: Timestamp: 0x559f3e3d
b4fc.b540: Image Version: 10.0
b4fc.b540: SizeOfImage: 0x17000 (94208)
b4fc.b540: Resource Dir: 0x16000 LB 0x3f0
b4fc.b540: ProductName: Microsoft® Windows® Operating System
b4fc.b540: ProductVersion: 10.0.10240.16384
b4fc.b540: FileVersion: 10.0.10240.16384 (th1.150709-1700)
b4fc.b540: FileDescription: ApiSet Schema DLL
b4fc.b540: supR3HardenedWinFindAdversaries: 0x0
b4fc.b540: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox'
b4fc.b540: Calling main()
b4fc.b540: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
b4fc.b540: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox'
b4fc.b540: SUPR3HardenedMain: Respawn #1
b4fc.b540: System32: \Device\HarddiskVolume9\Windows\System32
b4fc.b540: WinSxS: \Device\HarddiskVolume9\Windows\WinSxS
b4fc.b540: KnownDllPath: C:\Windows\system32
b4fc.b540: '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
b4fc.b540: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe)
b4fc.b540: supR3HardNtEnableThreadCreation:
b4fc.b540: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff91b11fb70 pvNtTerminateThread=00007ff91b143a20
b4fc.b540: supR3HardenedWinDoReSpawn(1): New child b50c.b544 [kernel32].
b4fc.b540: supR3HardNtChildGatherData: PebBaseAddress=00007ff77c49e000 cbPeb=0x388
b4fc.b540: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff91b0b0000 uNtDllChildAddr=00007ff91b0b0000
b4fc.b540: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff91b11fb70
b4fc.b540: supR3HardenedWinSetupChildInit: Start child.
b4fc.b540: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
b4fc.b540: supR3HardNtChildPurify: Startup delay kludge #1/0: 263 ms, 29 sleeps
b4fc.b540: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
b4fc.b540: *0000000000000000-ffffffffffe9ffff 0x0001/0x0000 0x0000000
b4fc.b540: *0000000000160000-000000000013ffff 0x0004/0x0004 0x0020000
b4fc.b540: *0000000000180000-000000000016bfff 0x0002/0x0002 0x0040000
b4fc.b540: 0000000000194000-0000000000187fff 0x0001/0x0000 0x0000000
b4fc.b540: *00000000001a0000-00000000000a3fff 0x0000/0x0004 0x0020000
b4fc.b540: 000000000029c000-0000000000298fff 0x0104/0x0004 0x0020000
b4fc.b540: 000000000029f000-000000000029dfff 0x0004/0x0004 0x0020000
b4fc.b540: *00000000002a0000-000000000029bfff 0x0002/0x0002 0x0040000
b4fc.b540: 00000000002a4000-0000000000297fff 0x0001/0x0000 0x0000000
b4fc.b540: *00000000002b0000-00000000002adfff 0x0004/0x0004 0x0020000
b4fc.b540: 00000000002b2000-ffffffff80583fff 0x0001/0x0000 0x0000000
b4fc.b540: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
b4fc.b540: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
b4fc.b540: 000000007fff0000-ffff800983b7ffff 0x0001/0x0000 0x0000000
b4fc.b540: *00007ff77c460000-00007ff77c42cfff 0x0002/0x0002 0x0040000
b4fc.b540: 00007ff77c493000-00007ff77c489fff 0x0001/0x0000 0x0000000
b4fc.b540: *00007ff77c49c000-00007ff77c499fff 0x0004/0x0004 0x0020000
b4fc.b540: *00007ff77c49e000-00007ff77c49cfff 0x0004/0x0004 0x0020000
b4fc.b540: 00007ff77c49f000-00007ff77bb1dfff 0x0001/0x0000 0x0000000
b4fc.b540: *00007ff77ce20000-00007ff77ce20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe
b4fc.b540: 00007ff77ce21000-00007ff77cea6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe
b4fc.b540: 00007ff77cea7000-00007ff77cea7fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe
b4fc.b540: 00007ff77cea8000-00007ff77cef1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe
b4fc.b540: 00007ff77cef2000-00007ff77cef2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe
b4fc.b540: 00007ff77cef3000-00007ff77cef3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe
b4fc.b540: 00007ff77cef4000-00007ff77cef5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe
b4fc.b540: 00007ff77cef6000-00007ff77cef6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe
b4fc.b540: 00007ff77cef7000-00007ff77cef7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe
b4fc.b540: 00007ff77cef8000-00007ff77cefbfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe
b4fc.b540: 00007ff77cefc000-00007ff77cf45fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe
b4fc.b540: 00007ff77cf46000-00007ff5deddbfff 0x0001/0x0000 0x0000000
b4fc.b540: *00007ff91b0b0000-00007ff91b0b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume9\Windows\System32\ntdll.dll
b4fc.b540: 00007ff91b0b1000-00007ff91b1acfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume9\Windows\System32\ntdll.dll
b4fc.b540: 00007ff91b1ad000-00007ff91b1eefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume9\Windows\System32\ntdll.dll
b4fc.b540: 00007ff91b1ef000-00007ff91b1f7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume9\Windows\System32\ntdll.dll
b4fc.b540: 00007ff91b1f8000-00007ff91b205fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume9\Windows\System32\ntdll.dll
b4fc.b540: 00007ff91b206000-00007ff91b206fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume9\Windows\System32\ntdll.dll
b4fc.b540: 00007ff91b207000-00007ff91b209fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume9\Windows\System32\ntdll.dll
b4fc.b540: 00007ff91b20a000-00007ff91b270fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume9\Windows\System32\ntdll.dll
b4fc.b540: 00007ff91b271000-00007ff236501fff 0x0001/0x0000 0x0000000
b4fc.b540: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
b4fc.b540: VirtualBox.exe: timestamp 0x559e485f (rc=VINF_SUCCESS)
b4fc.b540: '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
b4fc.b540: '\Device\HarddiskVolume9\Windows\System32\ntdll.dll' has no imports
b4fc.b540: supR3HardNtChildPurify: Done after 322 ms and 0 fixes (loop #0).
b50c.b544: Log file opened: 5.0.0r101573 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0280000
b50c.b544: supR3HardenedVmProcessInit: uNtDllAddr=00007ff91b0b0000
b4fc.b540: supR3HardNtEnableThreadCreation:
b50c.b544: ntdll.dll: timestamp 0x55a864a2 (rc=VINF_SUCCESS)
b50c.b544: New simple heap: #1 00000000003c0000 LB 0x400000 (for 1839104 allocation)
b50c.b544: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox'
b50c.b544: System32: \Device\HarddiskVolume9\Windows\System32
b50c.b544: WinSxS: \Device\HarddiskVolume9\Windows\WinSxS
b50c.b544: KnownDllPath: C:\Windows\system32
b50c.b544: supR3HardenedVmProcessInit: Opening vboxdrv stub...
b50c.b544: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
b50c.b544: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
b50c.b544: Registered Dll notification callback with NTDLL.
b50c.b544: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\kernel32.dll)
b50c.b544: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\kernel32.dll
b50c.b544: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
b50c.b544: supR3HardenedDllNotificationCallback: load 00007ff918490000 LB 0x001dd000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
b50c.b544: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\KernelBase.dll)
b50c.b544: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\KernelBase.dll
b50c.b544: supR3HardenedDllNotificationCallback: load 00007ff91af20000 LB 0x000ad000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0]
b50c.b544: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
b50c.b544: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91af20000 'C:\Windows\system32\KERNEL32.DLL'
b50c.b544: supR3HardenedDllNotificationCallback: load 00007ff77ce20000 LB 0x00126000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
b50c.b544: '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
b50c.b544: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe)
b50c.b544: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe
b50c.b544: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff91b11fb70 pvNtTerminateThread=00007ff91b143a20
b4fc.b540: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 129 ms.
b50c.b544: \SystemRoot\System32\ntdll.dll:
b50c.b544: CreationTime: 2015-07-31T16:13:55.284543100Z
b50c.b544: LastWriteTime: 2015-07-17T04:17:52.864363800Z
b50c.b544: ChangeTime: 2015-07-31T16:44:38.894921100Z
b50c.b544: FileAttributes: 0x20
b50c.b544: Size: 0x1bce48
b50c.b544: NT Headers: 0xd8
b50c.b544: Timestamp: 0x55a864a2
b50c.b544: Machine: 0x8664 - amd64
b50c.b544: Timestamp: 0x55a864a2
b50c.b544: Image Version: 10.0
b50c.b544: SizeOfImage: 0x1c1000 (1839104)
b50c.b544: Resource Dir: 0x15a000 LB 0x65720
b50c.b544: ProductName: Microsoft® Windows® Operating System
b50c.b544: ProductVersion: 10.0.10240.16392
b50c.b544: FileVersion: 10.0.10240.16392 (th1_st1.150716-1608)
b50c.b544: FileDescription: NT Layer DLL
b50c.b544: \SystemRoot\System32\kernel32.dll:
b50c.b544: CreationTime: 2015-07-10T10:59:59.699781600Z
b50c.b544: LastWriteTime: 2015-07-10T10:59:59.699781600Z
b50c.b544: ChangeTime: 2015-08-01T06:57:07.780407200Z
b50c.b544: FileAttributes: 0x20
b50c.b544: Size: 0xab830
b50c.b544: NT Headers: 0xf0
b50c.b544: Timestamp: 0x559f38ad
b50c.b544: Machine: 0x8664 - amd64
b50c.b544: Timestamp: 0x559f38ad
b50c.b544: Image Version: 10.0
b50c.b544: SizeOfImage: 0xad000 (708608)
b50c.b544: Resource Dir: 0xab000 LB 0x518
b50c.b544: ProductName: Microsoft® Windows® Operating System
b50c.b544: ProductVersion: 10.0.10240.16384
b50c.b544: FileVersion: 10.0.10240.16384 (th1.150709-1700)
b50c.b544: FileDescription: Windows NT BASE API Client DLL
b50c.b544: \SystemRoot\System32\KernelBase.dll:
b50c.b544: CreationTime: 2015-07-10T11:00:10.325689700Z
b50c.b544: LastWriteTime: 2015-07-10T11:00:10.325689700Z
b50c.b544: ChangeTime: 2015-08-01T06:57:09.217910300Z
b50c.b544: FileAttributes: 0x20
b50c.b544: Size: 0x1dc680
b50c.b544: NT Headers: 0x100
b50c.b544: Timestamp: 0x559f38c3
b50c.b544: Machine: 0x8664 - amd64
b50c.b544: Timestamp: 0x559f38c3
b50c.b544: Image Version: 10.0
b50c.b544: SizeOfImage: 0x1dd000 (1953792)
b50c.b544: Resource Dir: 0x1c7000 LB 0x530
b50c.b544: ProductName: Microsoft® Windows® Operating System
b50c.b544: ProductVersion: 10.0.10240.16384
b50c.b544: FileVersion: 10.0.10240.16384 (th1.150709-1700)
b50c.b544: FileDescription: Windows NT BASE API Client DLL
b50c.b544: \SystemRoot\System32\apisetschema.dll:
b50c.b544: CreationTime: 2015-07-10T11:00:04.872098600Z
b50c.b544: LastWriteTime: 2015-07-10T11:00:04.872098600Z
b50c.b544: ChangeTime: 2015-07-31T15:49:15.444515700Z
b50c.b544: FileAttributes: 0x20
b50c.b544: Size: 0x16760
b50c.b544: NT Headers: 0xc8
b50c.b544: Timestamp: 0x559f3e3d
b50c.b544: Machine: 0x8664 - amd64
b50c.b544: Timestamp: 0x559f3e3d
b50c.b544: Image Version: 10.0
b50c.b544: SizeOfImage: 0x17000 (94208)
b50c.b544: Resource Dir: 0x16000 LB 0x3f0
b50c.b544: ProductName: Microsoft® Windows® Operating System
b50c.b544: ProductVersion: 10.0.10240.16384
b50c.b544: FileVersion: 10.0.10240.16384 (th1.150709-1700)
b50c.b544: FileDescription: ApiSet Schema DLL
b50c.b544: supR3HardenedWinFindAdversaries: 0x0
b50c.b544: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox'
b50c.b544: Calling main()
b50c.b544: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
b50c.b544: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox'
b50c.b544: '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
b50c.b544: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe)
b50c.b544: SUPR3HardenedMain: Respawn #2
b50c.b544: supR3HardNtEnableThreadCreation:
b50c.b544: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff91b11fb70 pvNtTerminateThread=00007ff91b143a20
b50c.b544: supR3HardenedWinDoReSpawn(2): New child b538.b5a0 [kernel32].
b50c.b544: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
b50c.b544: supR3HardNtChildGatherData: PebBaseAddress=00007ff77bf38000 cbPeb=0x388
b50c.b544: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff91b0b0000 uNtDllChildAddr=00007ff91b0b0000
b50c.b544: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff91b11fb70
b50c.b544: supR3HardenedWinSetupChildInit: Start child.
b50c.b544: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
b50c.b544: supR3HardNtChildPurify: Startup delay kludge #1/0: 260 ms, 26 sleeps
b50c.b544: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
b50c.b544: *0000000000000000-ffffffffff19ffff 0x0001/0x0000 0x0000000
b50c.b544: *0000000000e60000-0000000000e3ffff 0x0004/0x0004 0x0020000
b50c.b544: *0000000000e80000-0000000000e6bfff 0x0002/0x0002 0x0040000
b50c.b544: 0000000000e94000-0000000000e87fff 0x0001/0x0000 0x0000000
b50c.b544: *0000000000ea0000-0000000000da3fff 0x0000/0x0004 0x0020000
b50c.b544: 0000000000f9c000-0000000000f98fff 0x0104/0x0004 0x0020000
b50c.b544: 0000000000f9f000-0000000000f9dfff 0x0004/0x0004 0x0020000
b50c.b544: *0000000000fa0000-0000000000f9bfff 0x0002/0x0002 0x0040000
b50c.b544: 0000000000fa4000-0000000000f97fff 0x0001/0x0000 0x0000000
b50c.b544: *0000000000fb0000-0000000000fadfff 0x0004/0x0004 0x0020000
b50c.b544: 0000000000fb2000-ffffffff81f83fff 0x0001/0x0000 0x0000000
b50c.b544: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
b50c.b544: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
b50c.b544: 000000007fff0000-ffff8009840dffff 0x0001/0x0000 0x0000000
b50c.b544: *00007ff77bf00000-00007ff77beccfff 0x0002/0x0002 0x0040000
b50c.b544: 00007ff77bf33000-00007ff77bf2dfff 0x0001/0x0000 0x0000000
b50c.b544: *00007ff77bf38000-00007ff77bf36fff 0x0004/0x0004 0x0020000
b50c.b544: 00007ff77bf39000-00007ff77bf33fff 0x0001/0x0000 0x0000000
b50c.b544: *00007ff77bf3e000-00007ff77bf3bfff 0x0004/0x0004 0x0020000
b50c.b544: 00007ff77bf40000-00007ff77b05ffff 0x0001/0x0000 0x0000000
b50c.b544: *00007ff77ce20000-00007ff77ce20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe
b50c.b544: 00007ff77ce21000-00007ff77cea6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe
b50c.b544: 00007ff77cea7000-00007ff77cea7fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe
b50c.b544: 00007ff77cea8000-00007ff77cef1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe
b50c.b544: 00007ff77cef2000-00007ff77cef2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe
b50c.b544: 00007ff77cef3000-00007ff77cef3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe
b50c.b544: 00007ff77cef4000-00007ff77cef5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe
b50c.b544: 00007ff77cef6000-00007ff77cef6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe
b50c.b544: 00007ff77cef7000-00007ff77cef7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe
b50c.b544: 00007ff77cef8000-00007ff77cefbfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe
b50c.b544: 00007ff77cefc000-00007ff77cf45fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe
b50c.b544: 00007ff77cf46000-00007ff5deddbfff 0x0001/0x0000 0x0000000
b50c.b544: *00007ff91b0b0000-00007ff91b0b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume9\Windows\System32\ntdll.dll
b50c.b544: 00007ff91b0b1000-00007ff91b1acfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume9\Windows\System32\ntdll.dll
b50c.b544: 00007ff91b1ad000-00007ff91b1eefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume9\Windows\System32\ntdll.dll
b50c.b544: 00007ff91b1ef000-00007ff91b1f7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume9\Windows\System32\ntdll.dll
b50c.b544: 00007ff91b1f8000-00007ff91b205fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume9\Windows\System32\ntdll.dll
b50c.b544: 00007ff91b206000-00007ff91b206fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume9\Windows\System32\ntdll.dll
b50c.b544: 00007ff91b207000-00007ff91b209fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume9\Windows\System32\ntdll.dll
b50c.b544: 00007ff91b20a000-00007ff91b270fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume9\Windows\System32\ntdll.dll
b50c.b544: 00007ff91b271000-00007ff236501fff 0x0001/0x0000 0x0000000
b50c.b544: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
b50c.b544: VirtualBox.exe: timestamp 0x559e485f (rc=VINF_SUCCESS)
b50c.b544: '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
b50c.b544: '\Device\HarddiskVolume9\Windows\System32\ntdll.dll' has no imports
b50c.b544: supR3HardNtChildPurify: Done after 305 ms and 0 fixes (loop #0).
b538.b5a0: Log file opened: 5.0.0r101573 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0280000
b538.b5a0: supR3HardenedVmProcessInit: uNtDllAddr=00007ff91b0b0000
b538.b5a0: ntdll.dll: timestamp 0x55a864a2 (rc=VINF_SUCCESS)
b538.b5a0: New simple heap: #1 00000000010c0000 LB 0x400000 (for 1839104 allocation)
b50c.b544: supR3HardenedEarlyCompact: Removed heap 1 (0x000000003c0000 LB 0x400000)
b50c.b544: supR3HardNtEnableThreadCreation:
b538.b5a0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox'
b538.b5a0: System32: \Device\HarddiskVolume9\Windows\System32
b538.b5a0: WinSxS: \Device\HarddiskVolume9\Windows\WinSxS
b538.b5a0: KnownDllPath: C:\Windows\system32
b538.b5a0: supR3HardenedVmProcessInit: Opening vboxdrv...
b538.b5a0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
b538.b5a0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
b538.b5a0: Registered Dll notification callback with NTDLL.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\kernel32.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\kernel32.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff918490000 LB 0x001dd000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\KernelBase.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\KernelBase.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff91af20000 LB 0x000ad000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91af20000 'C:\Windows\system32\KERNEL32.DLL'
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff77ce20000 LB 0x00126000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
b538.b5a0: '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe
b538.b5a0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff91b11fb70 pvNtTerminateThread=00007ff91b143a20
b50c.b544: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 134 ms.
b538.b5a0: \SystemRoot\System32\ntdll.dll:
b538.b5a0: CreationTime: 2015-07-31T16:13:55.284543100Z
b538.b5a0: LastWriteTime: 2015-07-17T04:17:52.864363800Z
b538.b5a0: ChangeTime: 2015-07-31T16:44:38.894921100Z
b538.b5a0: FileAttributes: 0x20
b538.b5a0: Size: 0x1bce48
b538.b5a0: NT Headers: 0xd8
b538.b5a0: Timestamp: 0x55a864a2
b538.b5a0: Machine: 0x8664 - amd64
b538.b5a0: Timestamp: 0x55a864a2
b538.b5a0: Image Version: 10.0
b538.b5a0: SizeOfImage: 0x1c1000 (1839104)
b538.b5a0: Resource Dir: 0x15a000 LB 0x65720
b538.b5a0: ProductName: Microsoft® Windows® Operating System
b538.b5a0: ProductVersion: 10.0.10240.16392
b538.b5a0: FileVersion: 10.0.10240.16392 (th1_st1.150716-1608)
b538.b5a0: FileDescription: NT Layer DLL
b538.b5a0: \SystemRoot\System32\kernel32.dll:
b538.b5a0: CreationTime: 2015-07-10T10:59:59.699781600Z
b538.b5a0: LastWriteTime: 2015-07-10T10:59:59.699781600Z
b538.b5a0: ChangeTime: 2015-08-01T06:57:07.780407200Z
b538.b5a0: FileAttributes: 0x20
b538.b5a0: Size: 0xab830
b538.b5a0: NT Headers: 0xf0
b538.b5a0: Timestamp: 0x559f38ad
b538.b5a0: Machine: 0x8664 - amd64
b538.b5a0: Timestamp: 0x559f38ad
b538.b5a0: Image Version: 10.0
b538.b5a0: SizeOfImage: 0xad000 (708608)
b538.b5a0: Resource Dir: 0xab000 LB 0x518
b538.b5a0: ProductName: Microsoft® Windows® Operating System
b538.b5a0: ProductVersion: 10.0.10240.16384
b538.b5a0: FileVersion: 10.0.10240.16384 (th1.150709-1700)
b538.b5a0: FileDescription: Windows NT BASE API Client DLL
b538.b5a0: \SystemRoot\System32\KernelBase.dll:
b538.b5a0: CreationTime: 2015-07-10T11:00:10.325689700Z
b538.b5a0: LastWriteTime: 2015-07-10T11:00:10.325689700Z
b538.b5a0: ChangeTime: 2015-08-01T06:57:09.217910300Z
b538.b5a0: FileAttributes: 0x20
b538.b5a0: Size: 0x1dc680
b538.b5a0: NT Headers: 0x100
b538.b5a0: Timestamp: 0x559f38c3
b538.b5a0: Machine: 0x8664 - amd64
b538.b5a0: Timestamp: 0x559f38c3
b538.b5a0: Image Version: 10.0
b538.b5a0: SizeOfImage: 0x1dd000 (1953792)
b538.b5a0: Resource Dir: 0x1c7000 LB 0x530
b538.b5a0: ProductName: Microsoft® Windows® Operating System
b538.b5a0: ProductVersion: 10.0.10240.16384
b538.b5a0: FileVersion: 10.0.10240.16384 (th1.150709-1700)
b538.b5a0: FileDescription: Windows NT BASE API Client DLL
b538.b5a0: \SystemRoot\System32\apisetschema.dll:
b538.b5a0: CreationTime: 2015-07-10T11:00:04.872098600Z
b538.b5a0: LastWriteTime: 2015-07-10T11:00:04.872098600Z
b538.b5a0: ChangeTime: 2015-07-31T15:49:15.444515700Z
b538.b5a0: FileAttributes: 0x20
b538.b5a0: Size: 0x16760
b538.b5a0: NT Headers: 0xc8
b538.b5a0: Timestamp: 0x559f3e3d
b538.b5a0: Machine: 0x8664 - amd64
b538.b5a0: Timestamp: 0x559f3e3d
b538.b5a0: Image Version: 10.0
b538.b5a0: SizeOfImage: 0x17000 (94208)
b538.b5a0: Resource Dir: 0x16000 LB 0x3f0
b538.b5a0: ProductName: Microsoft® Windows® Operating System
b538.b5a0: ProductVersion: 10.0.10240.16384
b538.b5a0: FileVersion: 10.0.10240.16384 (th1.150709-1700)
b538.b5a0: FileDescription: ApiSet Schema DLL
b538.b5a0: supR3HardenedWinFindAdversaries: 0x0
b538.b5a0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox'
b538.b5a0: Calling main()
b538.b5a0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
b538.b5a0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox'
b538.b5a0: '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe)
b538.b5a0: SUPR3HardenedMain: Final process, opening VBoxDrv...
b538.b5a0: supR3HardenedEarlyCompact: Removed heap 1 (0x000000010c0000 LB 0x400000)
b538.b5a0: supR3HardNtEnableThreadCreation:
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff90ed00000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ed00000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ed00000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ed00000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\wintrust.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\wintrust.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume9\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\rpcrt4.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\rpcrt4.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume9\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'msasn1.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\crypt32.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\crypt32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume9\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\msasn1.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\msasn1.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\msvcrt.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\msvcrt.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume9\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff919120000 LB 0x0009d000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff917b60000 LB 0x00011000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff9181b0000 LB 0x001c1000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff918ff0000 LB 0x00126000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff918670000 LB 0x00054000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff918670000 'C:\Windows\system32\Wintrust.dll'
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\bcrypt.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\bcrypt.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff917a10000 LB 0x00028000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917a10000 'C:\Windows\system32\bcrypt.dll'
b538.b5a0: bcrypt.dll loaded at 00007ff917a10000, BCryptOpenAlgorithmProvider at 00007ff917a14a00, preloading providers:
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\bcryptprimitives.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\bcryptprimitives.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff917900000 LB 0x0006b000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917900000 'C:\Windows\system32\bcryptprimitives.dll'
b538.b5a0: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000015ace60)
b538.b5a0: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000015ad520)
b538.b5a0: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000015ad7f0)
b538.b5a0: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000015adb50)
b538.b5a0: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000015ae670)
b538.b5a0: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000015ae980)
b538.b5a0: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000015aec90)
b538.b5a0: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000015aef60)
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff918670000 'C:\Windows\System32\WINTRUST.DLL'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff918670000 'C:\Windows\System32\WINTRUST.DLL'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff918670000 'C:\Windows\System32\WINTRUST.DLL'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff918670000 'C:\Windows\System32\WINTRUST.DLL'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff918670000 'C:\Windows\System32\WINTRUST.DLL'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff918670000 'C:\Windows\System32\WINTRUST.DLL'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff918670000 'C:\Windows\System32\WINTRUST.DLL'
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\cryptsp.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\cryptsp.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff917350000 LB 0x00017000 C:\Windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\rsaenh.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\rsaenh.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume9\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume9\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff916fa0000 LB 0x00033000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\cryptbase.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\cryptbase.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff9174c0000 LB 0x0000b000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume9\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91af20000 'C:\Windows\system32\kernel32.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff918670000 'C:\Windows\System32\WINTRUST.DLL'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\CRYPT32.dll'
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff91b090000 LB 0x0001c000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\imagehlp.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\imagehlp.dll
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff918dc0000 LB 0x0005b000 C:\Windows\system32\sechost.dll [fFlags=0x0]
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\sechost.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\sechost.dll
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\gpapi.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\gpapi.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff916a00000 LB 0x00023000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff917b40000 LB 0x00013000 C:\Windows\system32\profapi.dll [fFlags=0x0]
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\profapi.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\profapi.dll
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'wldap32.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume9\Windows\System32\cryptnet.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\cryptnet.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume9\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume9\Windows\System32\Wldap32.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\Wldap32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume9\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume9\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume9\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff91ad60000 LB 0x0005b000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff9161a0000 LB 0x0002f000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9161a0000 'C:\Windows\system32\cryptnet.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9161a0000 'C:\Windows\system32\cryptnet.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9161a0000 'C:\Windows\system32\cryptnet.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9161a0000 'C:\Windows\system32\cryptnet.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9161a0000 'C:\Windows\system32\cryptnet.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9161a0000 'C:\Windows\system32\cryptnet.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9161a0000 'C:\Windows\system32\cryptnet.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9161a0000 'C:\Windows\system32\cryptnet.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9161a0000 'C:\Windows\system32\cryptnet.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9161a0000 'C:\Windows\system32\cryptnet.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9161a0000 'C:\Windows\system32\cryptnet.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9161a0000 'C:\Windows\system32\cryptnet.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9161a0000 'C:\Windows\System32\cryptnet.dll'
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff918990000 LB 0x000a6000 C:\Windows\system32\advapi32.dll [fFlags=0x0]
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\advapi32.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\advapi32.dll
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume9\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume9\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\sechost.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5734F979EEA27A0958314B80A86A923CC0D89398
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff918ff0000 'C:\Windows\system32\rpcrt4.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff918670000 'C:\Windows\System32\WINTRUST.DLL'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff918670000 'C:\Windows\System32\WINTRUST.DLL'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff918670000 'C:\Windows\System32\WINTRUST.DLL'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff918670000 'C:\Windows\System32\WINTRUST.DLL'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff918670000 'C:\Windows\System32\WINTRUST.DLL'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff918670000 'C:\Windows\System32\WINTRUST.DLL'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff918670000 'C:\Windows\System32\WINTRUST.DLL'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_349_for_KB3074683~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\SystemRoot\System32\ntdll.dll'
b538.b5a0: g_pfnWinVerifyTrust=00007ff918678890
b538.b5a0: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\crypt32.dll'
b538.b5a0: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\crypt32.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\wintrust.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\advapi32.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000380 pwszName=\Device\HarddiskVolume9\Windows\System32\Wldap32.dll
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3E30C00BB3189B639214835B4F4C320DEC5BFA77
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-ds-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume9\Windows\System32\Wldap32.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\Wldap32.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000037c pwszName=\Device\HarddiskVolume9\Windows\System32\cryptnet.dll
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5997BB270A09A76A71A9EE8A7ADB154F3D75EEF3
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-ds-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume9\Windows\System32\cryptnet.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\cryptnet.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\profapi.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\gpapi.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\sechost.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\imagehlp.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\crypt32.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\cryptbase.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\cryptsp.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\bcryptprimitives.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\bcrypt.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\msasn1.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\rpcrt4.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.exe'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\KernelBase.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\kernel32.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
b538.b5a0: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
b538.b5a0: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
b538.b5a0: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
b538.b5a0: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
b538.b5a0: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
b538.b5a0: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
b538.b5a0: supR3HardenedWinIsDesiredRootCA: Adding 0x70991926dd42e500 CN=DESKTOP-HIAT2AJ
b538.b5a0: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
b538.b5a0: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
b538.b5a0: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
b538.b5a0: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
b538.b5a0: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
b538.b5a0: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
b538.b5a0: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
b538.b5a0: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
b538.b5a0: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
b538.b5a0: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
b538.b5a0: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
b538.b5a0: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
b538.b5a0: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
b538.b5a0: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
b538.b5a0: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
b538.b5a0: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
b538.b5a0: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
b538.b5a0: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
b538.b5a0: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
b538.b5a0: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
b538.b5a0: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
b538.b5a0: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
b538.b5a0: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=30
b538.b5a0: SUPR3HardenedMain: Load Runtime...
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxRT.dll)WinVerifyTrust
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxRT.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume9\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\rpcrt4.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume9\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'nsi.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\ws2_32.dll)WinVerifyTrust
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\ws2_32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume9\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\rpcrt4.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume9\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
b538.b5a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\nsi.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\nsi.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\nsi.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcp100.dll)WinVerifyTrust
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcp100.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
b538.b5a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcr100.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcr100.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcr100.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcr100.dll)WinVerifyTrust
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxRT.dll
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcp100.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 000000005e650000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
b538.b5a0: supR3HardenedDllNotificationCallback: load 000000005e730000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcp100.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff918940000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff918780000 LB 0x00069000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\ws2_32.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff8e9630000 LB 0x00543000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxRT.dll
b538.b5a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcr100.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
b538.b5a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\nsi.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume9\Windows\System32\nsi.dll' [rescheduled]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxRT.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9630000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxRT.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9630000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxRT.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9630000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxRT.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9630000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxRT.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9630000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxRT.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9630000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9630000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9630000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9630000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9630000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9630000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9630000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9630000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxRT.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9630000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9630000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9630000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9630000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9630000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9630000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9630000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9630000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9630000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9630000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9630000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9630000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9630000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9630000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9630000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9630000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxRT.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9630000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9630000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9630000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9630000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff918670000 'C:\Windows\system32\Wintrust.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\rsaenh.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: SUPR3HardenedMain: Load TrustedMain...
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.dll)WinVerifyTrust
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume9\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'user32.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\winmm.dll)WinVerifyTrust
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\winmm.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume9\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000444 pwszName=\Device\HarddiskVolume9\Windows\System32\comdlg32.dll
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=857477BEC0F0F69A9C4898B3680E207E94733C3F
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume9\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\user32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\user32.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\user32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\msvcrt.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume9\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
b538.b5a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\winmmbase.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'devobj.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\winmmbase.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\winmmbase.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume9\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
b538.b5a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\devobj.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'cfgmgr32.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\devobj.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\devobj.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume9\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\gdi32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\gdi32.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\gdi32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume9\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\user32.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume9\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\cfgmgr32.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\cfgmgr32.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\cfgmgr32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\crypt32.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_207_for_KB3074683~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\Device\HarddiskVolume9\Windows\System32\comdlg32.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'user32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'shlwapi.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'gdi32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'comctl32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'shell32.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\comdlg32.dll)WinVerifyTrust
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\comdlg32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume9\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume9\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\shell32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #64 'user32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #66 'gdi32.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\shell32.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\shell32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume9\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
b538.b5a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\comctl32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\comctl32.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\comctl32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume9\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume9\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
b538.b5a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\shlwapi.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'gdi32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\shlwapi.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\shlwapi.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume9\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\user32.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume9\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\user32.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume9\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume9\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\user32.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume9\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume9\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\advapi32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume9\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume9\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\user32.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\oleaut32.dll)WinVerifyTrust
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\oleaut32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume9\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume9\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\rpcrt4.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume9\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
b538.b5a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\combase.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\combase.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\combase.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume9\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'gdi32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'user32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'combase.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\ole32.dll)WinVerifyTrust
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\ole32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume9\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\shell32.dll [redoing WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume9\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\combase.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume9\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\user32.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume9\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume9\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\msvcrt.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\shell32.dll'
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume9\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\advapi32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume9\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\gdi32.dll'
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume9\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\user32.dll [redoing WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\user32.dll'
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll)WinVerifyTrust
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
b538.b5a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
b538.b5a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume9\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\user32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume9\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\gdi32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume9\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume9\Windows\System32\opengl32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume9\Windows\System32\opengl32.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\opengl32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume9\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume9\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
b538.b5a0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume9\Windows\System32\ddraw.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'user32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'gdi32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'dciman32.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume9\Windows\System32\ddraw.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\ddraw.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume9\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume9\Windows\System32\glu32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume9\Windows\System32\glu32.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\glu32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume9\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\gdi32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume9\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\advapi32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcp100.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume9\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\shell32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume9\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\advapi32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume9\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume9\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\ole32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume9\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
b538.b5a0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume9\Windows\System32\winspool.drv'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'bcrypt.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume9\Windows\System32\winspool.drv)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\winspool.drv
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume9\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\winmm.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume9\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\imm32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'msctf.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\imm32.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\imm32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume9\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\oleaut32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume9\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\comdlg32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume9\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcp100.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume9\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\ws2_32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume9\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\advapi32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume9\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\ole32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume9\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume9\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
b538.b5a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\msctf.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'imm32.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\msctf.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\msctf.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume9\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume9\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\bcrypt.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume9\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume9\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume9\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume9\Windows\System32\dciman32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume9\Windows\System32\dciman32.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\dciman32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume9\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume9\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume9\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume9\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume9\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\imm32.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume9\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume9\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\user32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll)WinVerifyTrust
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [redoing WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume9\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\ws2_32.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [redoing WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcr100.dll'
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcp100.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume9\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000041c pwszName=\Device\HarddiskVolume9\Windows\System32\opengl32.dll
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5F0CC8DA0E67C8C01864C0783FA867C4BDCE0AAA
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume9\Windows\System32\opengl32.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
b538.b5a0: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\opengl32.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.dll
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\opengl32.dll
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\winmm.dll
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff9187f0000 LB 0x0014e000 C:\Windows\system32\USER32.dll [fFlags=0x0]
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff9195f0000 LB 0x00186000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff90ec90000 LB 0x00008000 C:\Windows\SYSTEM32\DCIMAN32.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff8ea470000 LB 0x000f6000 C:\Windows\SYSTEM32\DDRAW.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff8ed940000 LB 0x0002e000 C:\Windows\SYSTEM32\GLU32.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff8eebe0000 LB 0x00128000 C:\Windows\SYSTEM32\OPENGL32.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\opengl32.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff9191c0000 LB 0x0027c000 C:\Windows\system32\combase.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\combase.dll [avoiding WinVerifyTrust]
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff9194a0000 LB 0x00141000 C:\Windows\system32\ole32.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\ole32.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 000000005ced0000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff918380000 LB 0x000b3000 C:\Windows\system32\shcore.dll [fFlags=0x0]
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'combase.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\SHCore.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\SHCore.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff918a50000 LB 0x00051000 C:\Windows\system32\shlwapi.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff9139c0000 LB 0x000aa000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\COMCTL32.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll [avoiding WinVerifyTrust]
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff917b30000 LB 0x0000f000 C:\Windows\system32\kernel.appcore.dll [fFlags=0x0]
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\kernel.appcore.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\kernel.appcore.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff917ae0000 LB 0x0004a000 C:\Windows\system32\powrprof.dll [fFlags=0x0]
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\powrprof.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\powrprof.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff917b80000 LB 0x00629000 C:\Windows\system32\windows.storage.dll [fFlags=0x0]
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #58 'combase.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #64 'profapi.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\windows.storage.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\windows.storage.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff919780000 LB 0x01522000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\shell32.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff91ae30000 LB 0x000d7000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\comdlg32.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff91afd0000 LB 0x000be000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\oleaut32.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff918ab0000 LB 0x0015c000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\msctf.dll [avoiding WinVerifyTrust]
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff918950000 LB 0x00036000 C:\Windows\system32\IMM32.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff918440000 LB 0x00044000 C:\Windows\system32\cfgmgr32.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff916390000 LB 0x00027000 C:\Windows\SYSTEM32\DEVOBJ.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff913c20000 LB 0x0002c000 C:\Windows\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff913d20000 LB 0x00023000 C:\Windows\SYSTEM32\WINMM.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\winmm.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff9138c0000 LB 0x00084000 C:\Windows\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
b538.b5a0: supR3HardenedDllNotificationCallback: load 000000005c560000 LB 0x0096c000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 000000005e540000 LB 0x00105000 C:\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 000000005c480000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff8e85a0000 LB 0x00ab0000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VirtualBox.dll
b538.b5a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\windows.storage.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume9\Windows\System32\windows.storage.dll' [rescheduled]
b538.b5a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\powrprof.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume9\Windows\System32\powrprof.dll' [rescheduled]
b538.b5a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\kernel.appcore.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume9\Windows\System32\kernel.appcore.dll' [rescheduled]
b538.b5a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\SHCore.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume9\Windows\System32\SHCore.dll' [rescheduled]
b538.b5a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume9\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll' [rescheduled]
b538.b5a0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume9\Windows\System32\dciman32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume9\Windows\System32\dciman32.dll' [rescheduled]
b538.b5a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\msctf.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume9\Windows\System32\msctf.dll' [rescheduled]
b538.b5a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\imm32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume9\Windows\System32\imm32.dll' [rescheduled]
b538.b5a0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume9\Windows\System32\winspool.drv'.
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume9\Windows\System32\winspool.drv' [rescheduled]
b538.b5a0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume9\Windows\System32\glu32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume9\Windows\System32\glu32.dll' [rescheduled]
b538.b5a0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume9\Windows\System32\ddraw.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume9\Windows\System32\ddraw.dll' [rescheduled]
b538.b5a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\combase.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume9\Windows\System32\combase.dll' [rescheduled]
b538.b5a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\shlwapi.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume9\Windows\System32\shlwapi.dll' [rescheduled]
b538.b5a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\comctl32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume9\Windows\System32\comctl32.dll' [rescheduled]
b538.b5a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\cfgmgr32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume9\Windows\System32\cfgmgr32.dll' [rescheduled]
b538.b5a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\devobj.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume9\Windows\System32\devobj.dll' [rescheduled]
b538.b5a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\winmmbase.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume9\Windows\System32\winmmbase.dll' [rescheduled]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\imm32.dll [redoing WinVerifyTrust]
b538.b5a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\imm32.dll'.
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume9\Windows\System32\imm32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume9\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\profapi.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume9\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\combase.dll [redoing WinVerifyTrust]
b538.b5a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\combase.dll'.
b538.b5a0: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume9\Windows\System32\combase.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume9\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume9\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume9\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume9\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\combase.dll [redoing WinVerifyTrust]
b538.b5a0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\combase.dll'.
b538.b5a0: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume9\Windows\System32\combase.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume9\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume9\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume9\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\advapi32.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff918950000 'C:\Windows\system32\imm32.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e85a0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
b538.b5a0: SUPR3HardenedMain: Calling TrustedMain (00007ff8e85a1770)...
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\winmm.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff913d20000 'C:\Windows\system32\winmm.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000650 pwszName=\Device\HarddiskVolume9\Windows\System32\uxtheme.dll
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3717D376EF95470D8C03AD02F97C4DCBCE269CF8
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_205_for_KB3074683~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\Device\HarddiskVolume9\Windows\System32\uxtheme.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'user32.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\uxtheme.dll)WinVerifyTrust
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\uxtheme.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume9\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume9\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\uxtheme.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff9163c0000 LB 0x00096000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\uxtheme.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9163c0000 'C:\Windows\system32\uxtheme.dll'
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'user32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'gdi32.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume9\Windows\System32\dwmapi.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\dwmapi.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff915a20000 LB 0x00022000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000670 pwszName=\Device\HarddiskVolume9\Windows\System32\dwmapi.dll
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=71451274041047D99462EA805D3FAD1A9E10F86D
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume9\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\gdi32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume9\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_42_for_KB3074683~31bf3856ad364e35~amd64~~10.0.1.0.cat'; file='\Device\HarddiskVolume9\Windows\System32\dwmapi.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\dwmapi.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\shell32.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff919780000 'C:\Windows\system32\shell32.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\kernel32.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91af20000 'C:\Windows\system32\kernel32.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\uxtheme.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9163c0000 'C:\Windows\system32\uxtheme.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\uxtheme.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9163c0000 'C:\Windows\system32\uxtheme.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9187f0000 'C:\Windows\system32\user32.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\uxtheme.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9163c0000 'C:\Windows\system32\uxtheme.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9187f0000 'C:\Windows\system32\user32.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\advapi32.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff918990000 'C:\Windows\system32\advapi32.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'profapi.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\userenv.dll)WinVerifyTrust
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\userenv.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume9\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\profapi.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume9\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\userenv.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff9170d0000 LB 0x0001f000 C:\Windows\system32\userenv.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\userenv.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9170d0000 'C:\Windows\system32\userenv.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\kernel32.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91af20000 'C:\Windows\system32\kernel32.dll'
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff91acb0000 LB 0x000a5000 C:\Windows\system32\clbcatq.dll [fFlags=0x0]
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\clbcatq.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\clbcatq.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume9\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\clbcatq.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b078: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b078: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
b538.b078: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
b538.b078: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'psapi.dll'.
b538.b078: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
b538.b078: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
b538.b078: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'version.dll'.
b538.b078: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
b538.b078: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
b538.b078: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
b538.b078: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxC.dll)WinVerifyTrust
b538.b078: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxC.dll
b538.b078: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
b538.b078: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume9\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
b538.b078: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\oleaut32.dll
b538.b078: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
b538.b078: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume9\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
b538.b078: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\ole32.dll
b538.b078: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
b538.b078: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume9\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
b538.b078: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\ws2_32.dll
b538.b078: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
b538.b078: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume9\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
b538.b078: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b078: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b078: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b078: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\version.dll)WinVerifyTrust
b538.b078: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\version.dll
b538.b078: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
b538.b078: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume9\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
b538.b078: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\advapi32.dll
b538.b078: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
b538.b078: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
b538.b078: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
b538.b078: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume9\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
b538.b078: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b078: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b078: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b078: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b078: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\psapi.dll)WinVerifyTrust
b538.b078: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\psapi.dll
b538.b078: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
b538.b078: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
b538.b078: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcp100.dll
b538.b078: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
b538.b078: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
b538.b078: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcr100.dll
b538.b078: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
b538.b078: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxC.dll
b538.b078: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\version.dll
b538.b078: supR3HardenedDllNotificationCallback: load 00007ff91af10000 LB 0x00008000 C:\Windows\system32\PSAPI.DLL [fFlags=0x0]
b538.b078: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\psapi.dll
b538.b078: supR3HardenedDllNotificationCallback: load 00007ff9153e0000 LB 0x0000a000 C:\Windows\SYSTEM32\VERSION.dll [fFlags=0x0]
b538.b078: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\version.dll
b538.b078: supR3HardenedDllNotificationCallback: load 00007ff8e9050000 LB 0x005d5000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
b538.b078: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxC.dll
b538.b078: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9050000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
b538.b078: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\oleaut32.dll
b538.b078: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
b538.b078: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91afd0000 'C:\Windows\System32\oleaut32.dll'
b538.b078: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\sxs.dll)
b538.b078: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\sxs.dll
b538.b078: supR3HardenedDllNotificationCallback: load 00007ff917970000 LB 0x00098000 C:\Windows\SYSTEM32\sxs.dll [fFlags=0x0]
b538.b078: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\sxs.dll [avoiding WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\sxs.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\oleaut32.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91afd0000 'C:\Windows\system32\OLEAUT32.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9195f0000 'C:\Windows\system32\gdi32.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9187f0000 'C:\Windows\system32\user32.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\shell32.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff919780000 'C:\Windows\system32\shell32.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a18 pwszName=\Device\HarddiskVolume9\Windows\System32\DataExchange.dll
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=030BB80F5AC7982FF01AB351589D64E6D4167B3E
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-AppRuntime-shell-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume9\Windows\System32\DataExchange.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shcore.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'combase.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'd2d1.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'd3d11.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'dcomp.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\DataExchange.dll)WinVerifyTrust
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\DataExchange.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dcomp.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dcomp.dll' -> '\Device\HarddiskVolume9\Windows\System32\dcomp.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\dcomp.dll)WinVerifyTrust
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\dcomp.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd3d11.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'd3d11.dll' -> '\Device\HarddiskVolume9\Windows\System32\d3d11.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\msvcrt.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'dxgi.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\d3d11.dll)WinVerifyTrust
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\d3d11.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'd2d1.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'd2d1.dll' -> '\Device\HarddiskVolume9\Windows\System32\d2d1.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b64 pwszName=\Device\HarddiskVolume9\Windows\System32\d2d1.dll
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CA1A7323788F698339FF353F1BA100EF7C556D74
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dxgi.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dxgi.dll' -> '\Device\HarddiskVolume9\Windows\System32\dxgi.dll' [rcNtRedir=0xc0150008]
b538.b5a0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\dxgi.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\dxgi.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\dxgi.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume9\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-Graphics-DirectX-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume9\Windows\System32\d2d1.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\d2d1.dll)WinVerifyTrust
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\d2d1.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume9\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\combase.dll [redoing WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\combase.dll'
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shcore.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shcore.dll' -> '\Device\HarddiskVolume9\Windows\System32\shcore.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\SHCore.dll [redoing WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\SHCore.dll'
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dataexchange.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\DataExchange.dll
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\d2d1.dll
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\d3d11.dll
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\dcomp.dll
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff90fad0000 LB 0x00545000 C:\Windows\system32\d2d1.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\d2d1.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff915630000 LB 0x0009c000 C:\Windows\system32\dxgi.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\dxgi.dll [avoiding WinVerifyTrust]
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff915710000 LB 0x002a3000 C:\Windows\system32\d3d11.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\d3d11.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff915d70000 LB 0x000d1000 C:\Windows\system32\dcomp.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\dcomp.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff906040000 LB 0x00046000 C:\Windows\system32\dataexchange.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\DataExchange.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff906040000 'C:\Windows\system32\dataexchange.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\dxgi.dll'
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'userenv.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'bcrypt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #39 'combase.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\twinapi.appcore.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\twinapi.appcore.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff916480000 LB 0x000ee000 C:\Windows\system32\twinapi.appcore.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\twinapi.appcore.dll [avoiding WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume9\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\combase.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume9\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\rpcrt4.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume9\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\bcrypt.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume9\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\userenv.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\twinapi.appcore.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\shell32.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff919780000 'C:\Windows\system32\shell32.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\shell32.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff919780000 'C:\Windows\system32\shell32.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\ole32.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9194a0000 'C:\Windows\system32\ole32.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\oleaut32.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91afd0000 'C:\Windows\system32\OLEAUT32.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bb4 pwszName=\Device\HarddiskVolume9\Windows\System32\wbem\wbemprox.dll
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AA7BAB6C49E4A06208A6E0EE146D0A4385100231
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\rsaenh.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume9\Windows\System32\wbem\wbemprox.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\wbem\wbemprox.dll)WinVerifyTrust
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\wbem\wbemprox.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume9\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ba4 pwszName=\Device\HarddiskVolume9\Windows\System32\wbemcomn.dll
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8589CB867869E61D2D0DD902D9F24828D41B3FB4
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume9\Windows\System32\wbemcomn.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'bcrypt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'ws2_32.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\wbemcomn.dll)WinVerifyTrust
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\wbemcomn.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume9\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\ws2_32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume9\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\ws2_32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume9\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\bcrypt.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\wbem\wbemprox.dll
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\wbemcomn.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff90ef30000 LB 0x0007f000 C:\Windows\SYSTEM32\wbemcomn.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\wbemcomn.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff90d0d0000 LB 0x00011000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\wbem\wbemprox.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff918490000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90d0d0000 'C:\Windows\system32\wbem\wbemprox.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b20 pwszName=\Device\HarddiskVolume9\Windows\System32\wbem\wbemsvc.dll
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F55A40FEDA5AB0854F7A2A7AE88B827B3F76303B
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume9\Windows\System32\wbem\wbemsvc.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\wbem\wbemsvc.dll)WinVerifyTrust
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\wbem\wbemsvc.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume9\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\wbem\wbemsvc.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff90b7d0000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\wbem\wbemsvc.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b7d0000 'C:\Windows\system32\wbem\wbemsvc.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff918490000 'api-ms-win-core-localization-l1-2-0.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff918490000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c30 pwszName=\Device\HarddiskVolume9\Windows\System32\wbem\fastprox.dll
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E360AD530F1A62ACF9003C6FE3BA6BBD7638D488
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-WinMgmt-admin-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume9\Windows\System32\wbem\fastprox.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\wbem\fastprox.dll)WinVerifyTrust
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\wbem\fastprox.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume9\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\wbemcomn.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\wbem\fastprox.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff90b8e0000 LB 0x000f8000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\wbem\fastprox.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90b8e0000 'C:\Windows\system32\wbem\fastprox.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\winmm.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\SYSTEM32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff913d20000 'C:\Windows\SYSTEM32\WINMM.dll'
b538.a3f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.a3f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
b538.a3f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
b538.a3f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
b538.a3f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxVMM.dll)WinVerifyTrust
b538.a3f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxVMM.dll
b538.a3f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
b538.a3f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
b538.a3f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
b538.a3f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
b538.a3f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.a3f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
b538.a3f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
b538.a3f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
b538.a3f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxREM.dll)WinVerifyTrust
b538.a3f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxREM.dll
b538.a3f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
b538.a3f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
b538.a3f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.a3f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.a3f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
b538.a3f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
b538.a3f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxVMM.dll
b538.a3f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
b538.a3f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
b538.a3f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.a3f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxVMM.dll
b538.a3f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxREM.dll
b538.a3f8: supR3HardenedDllNotificationCallback: load 000000005c370000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
b538.a3f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxREM.dll
b538.a3f8: supR3HardenedDllNotificationCallback: load 00007ff8e9e70000 LB 0x00291000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
b538.a3f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxVMM.dll
b538.a3f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9e70000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ndis.sys'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ntoskrnl.exe'.
b538.b0f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\drivers\VBoxNetAdp6.sys)
b538.b0f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\drivers\VBoxNetAdp6.sys
b538.b0f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\drivers\VBoxNetAdp6.sys [avoiding WinVerifyTrust]
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
b538.b0f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\drivers\VBoxNetLwf.sys)
b538.b0f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\drivers\VBoxNetLwf.sys
b538.b0f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\drivers\VBoxNetLwf.sys [avoiding WinVerifyTrust]
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
b538.b0f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\drivers\VBoxUSBMon.sys)
b538.b0f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\drivers\VBoxUSBMon.sys
b538.b0f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\drivers\VBoxUSBMon.sys [avoiding WinVerifyTrust]
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
b538.b0f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\drivers\VBoxDrv.sys)
b538.b0f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\drivers\VBoxDrv.sys
b538.b0f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\drivers\VBoxDrv.sys [avoiding WinVerifyTrust]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume9\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
b538.b0f0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\ntoskrnl.exe'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ext-ms-win-ntos-werkernel-l1-1-0.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ext-ms-win-ntos-tm-l1-1-0.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'hal.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'pshed.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'bootvid.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'kdcom.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ext-ms-win-ntos-kcminitcfg-l1-1-0.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ext-ms-win-ntos-ksr-l1-1-0.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ext-ms-win-ntos-ksecurity-l1-1-1.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ext-ms-win-ntos-ksigningpolicy-l1-1-0.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'ext-ms-win-ntos-ucode-l1-1-0.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ext-ms-win-fs-clfs-l1-1-0.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ext-ms-win-ntos-ium-l1-1-0.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ci.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'msrpc.sys'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'ext-ms-win-ntos-clipsp-l1-1-0.dll'.
b538.b0f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\ntoskrnl.exe)
b538.b0f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\ntoskrnl.exe
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume9\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume9\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
b538.b0f0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\drivers\netio.sys'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msrpc.sys'.
b538.b0f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\drivers\netio.sys)
b538.b0f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\drivers\netio.sys
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume9\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
b538.b0f0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\drivers\ndis.sys'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'wpprecorder.sys'.
b538.b0f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\drivers\ndis.sys)
b538.b0f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\drivers\ndis.sys
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume9\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume9\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume9\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\drivers\ndis.sys [lacks WinVerifyTrust]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wpprecorder.sys'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wpprecorder.sys' -> '\Device\HarddiskVolume9\Windows\System32\drivers\wpprecorder.sys' [rcNtRedir=0xc0150008]
b538.b0f0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\drivers\WppRecorder.sys'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
b538.b0f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\drivers\WppRecorder.sys)
b538.b0f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\drivers\WppRecorder.sys
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume9\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\drivers\netio.sys [lacks WinVerifyTrust]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume9\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
b538.b0f0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\hal.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'kdcom.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'pshed.dll'.
b538.b0f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\hal.dll)
b538.b0f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\hal.dll
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume9\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msrpc.sys' -> '\Device\HarddiskVolume9\Windows\System32\drivers\msrpc.sys' [rcNtRedir=0xc0150008]
b538.b0f0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\drivers\msrpc.sys'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
b538.b0f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\drivers\msrpc.sys)
b538.b0f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\drivers\msrpc.sys
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume9\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\drivers\ndis.sys [lacks WinVerifyTrust]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume9\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ext-ms-win-ntos-clipsp-l1-1-0.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'ext-ms-win-ntos-clipsp-l1-1-0.dll'
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'msrpc.sys'
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ci.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ci.dll' -> '\Device\HarddiskVolume9\Windows\System32\ci.dll' [rcNtRedir=0xc0150008]
b538.b0f0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\ci.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ext-ms-win-ntos-ksigningpolicy-l1-1-0.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ext-ms-win-ci-xbox-l1-1-0.dll'.
b538.b0f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\ci.dll)
b538.b0f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\ci.dll
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ext-ms-win-ntos-ium-l1-1-0.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'ext-ms-win-ntos-ium-l1-1-0.dll'
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ext-ms-win-fs-clfs-l1-1-0.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'ext-ms-win-fs-clfs-l1-1-0.dll'
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ext-ms-win-ntos-ucode-l1-1-0.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'ext-ms-win-ntos-ucode-l1-1-0.dll'
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ext-ms-win-ntos-ksigningpolicy-l1-1-0.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'ext-ms-win-ntos-ksigningpolicy-l1-1-0.dll'
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ext-ms-win-ntos-ksecurity-l1-1-1.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'ext-ms-win-ntos-ksecurity-l1-1-1.dll'
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ext-ms-win-ntos-ksr-l1-1-0.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'ext-ms-win-ntos-ksr-l1-1-0.dll'
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ext-ms-win-ntos-kcminitcfg-l1-1-0.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'ext-ms-win-ntos-kcminitcfg-l1-1-0.dll'
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume9\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
b538.b0f0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\kdcom.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
b538.b0f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\kdcom.dll)
b538.b0f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\kdcom.dll
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bootvid.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bootvid.dll' -> '\Device\HarddiskVolume9\Windows\System32\bootvid.dll' [rcNtRedir=0xc0150008]
b538.b0f0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\BOOTVID.DLL'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
b538.b0f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\BOOTVID.DLL)
b538.b0f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\BOOTVID.DLL
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume9\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
b538.b0f0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\PSHED.DLL'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
b538.b0f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\PSHED.DLL)
b538.b0f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\PSHED.DLL
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume9\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\hal.dll [lacks WinVerifyTrust]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ext-ms-win-ntos-tm-l1-1-0.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'ext-ms-win-ntos-tm-l1-1-0.dll'
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ext-ms-win-ntos-werkernel-l1-1-0.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'ext-ms-win-ntos-werkernel-l1-1-0.dll'
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume9\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\hal.dll [lacks WinVerifyTrust]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume9\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume9\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume9\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\hal.dll [lacks WinVerifyTrust]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume9\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ext-ms-win-ci-xbox-l1-1-0.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'ext-ms-win-ci-xbox-l1-1-0.dll'
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ext-ms-win-ntos-ksigningpolicy-l1-1-0.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'ext-ms-win-ntos-ksigningpolicy-l1-1-0.dll'
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume9\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\hal.dll [lacks WinVerifyTrust]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume9\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume9\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume9\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\PSHED.DLL [lacks WinVerifyTrust]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume9\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\kdcom.dll [lacks WinVerifyTrust]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume9\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume9\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\ntoskrnl.exe [lacks WinVerifyTrust]
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b0f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\drivers\VBoxDrv.sys'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b0f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\drivers\VBoxUSBMon.sys'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b0f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\drivers\VBoxNetLwf.sys'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b0f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\drivers\VBoxNetAdp6.sys'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b0f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\PSHED.DLL'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b0f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\BOOTVID.DLL'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b0f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\kdcom.dll'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b0f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\ci.dll'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b0f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\drivers\msrpc.sys'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b0f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\hal.dll'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b0f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\crypt32.dll
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b0f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\drivers\WppRecorder.sys'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b0f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\drivers\ndis.sys'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b0f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\drivers\netio.sys'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b0f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\ntoskrnl.exe'
b538.b0f0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000dd8 pwszName=\Device\HarddiskVolume9\Windows\System32\NetSetupShim.dll
b538.b0f0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e6590
b538.b0f0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e6590
b538.b0f0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=86054D6AB0E572DB561C276891C0A6F6B769C6BA
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b0f0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-net~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume9\Windows\System32\NetSetupShim.dll'
b538.b0f0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'ws2_32.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'netsetupapi.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'setupapi.dll'.
b538.b0f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\NetSetupShim.dll)WinVerifyTrust
b538.b0f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\NetSetupShim.dll
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume9\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'cfgmgr32.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
b538.b0f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\setupapi.dll)WinVerifyTrust
b538.b0f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\setupapi.dll
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netsetupapi.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'netsetupapi.dll' -> '\Device\HarddiskVolume9\Windows\System32\netsetupapi.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume9\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume9\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
b538.b0f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\NetSetupApi.dll)WinVerifyTrust
b538.b0f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\NetSetupApi.dll
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume9\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\ws2_32.dll
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume9\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume9\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\NetSetupShim.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
b538.b0f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\NetSetupShim.dll
b538.b0f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\NetSetupApi.dll
b538.b0f0: supR3HardenedDllNotificationCallback: load 00007ff90da60000 LB 0x0001d000 C:\Windows\System32\NetSetupApi.dll [fFlags=0x0]
b538.b0f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\NetSetupApi.dll
b538.b0f0: supR3HardenedDllNotificationCallback: load 00007ff918e20000 LB 0x001c5000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
b538.b0f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\setupapi.dll
b538.b0f0: supR3HardenedDllNotificationCallback: load 00007ff8eed10000 LB 0x00064000 C:\Windows\System32\NetSetupShim.dll [fFlags=0x0]
b538.b0f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\NetSetupShim.dll
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8eed10000 'C:\Windows\System32\NetSetupShim.dll'
b538.b508: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
b538.b508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
b538.b508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
b538.b508: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
b538.b508: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll)WinVerifyTrust
b538.b508: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
b538.b508: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
b538.b508: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume9\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
b538.b508: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
b538.b508: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
b538.b508: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
b538.b508: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
b538.b508: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxVMM.dll
b538.b508: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
b538.b508: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
b538.b508: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b508: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
b538.b508: supR3HardenedDllNotificationCallback: load 00007ff90ec80000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
b538.b508: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
b538.b508: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90ec80000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
b538.9758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.9758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
b538.9758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
b538.9758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
b538.9758: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll)WinVerifyTrust
b538.9758: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
b538.9758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
b538.9758: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
b538.9758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
b538.9758: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
b538.9758: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcp100.dll
b538.9758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
b538.9758: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
b538.9758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.9758: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
b538.9758: supR3HardenedDllNotificationCallback: load 00007ff9093f0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
b538.9758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
b538.9758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9093f0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
b538.a9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.a9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
b538.a9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
b538.a9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
b538.a9c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll)WinVerifyTrust
b538.a9c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
b538.a9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
b538.a9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
b538.a9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
b538.a9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
b538.a9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcp100.dll
b538.a9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
b538.a9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
b538.a9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.a9c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
b538.a9c8: supR3HardenedDllNotificationCallback: load 00007ff9062f0000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
b538.a9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
b538.a9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9062f0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
b538.a44c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.a44c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
b538.a44c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
b538.a44c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
b538.a44c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll)WinVerifyTrust
b538.a44c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
b538.a44c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
b538.a44c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
b538.a44c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
b538.a44c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
b538.a44c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
b538.a44c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
b538.a44c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.a44c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
b538.a44c: supR3HardenedDllNotificationCallback: load 00007ff9062e0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
b538.a44c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
b538.a44c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9062e0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
b538.b0f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\shell32.dll
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff919780000 'C:\Windows\system32/Shell32.dll'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'dsound.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxddu.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'vboxdd2.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'setupapi.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ws2_32.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'ole32.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'iphlpapi.dll'.
b538.b0f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxDD.dll)WinVerifyTrust
b538.b0f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxDD.dll
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume9\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winnsi.dll'.
b538.b0f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\IPHLPAPI.DLL)WinVerifyTrust
b538.b0f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\IPHLPAPI.DLL
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume9\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\ole32.dll
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume9\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\ws2_32.dll
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume9\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\setupapi.dll
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume9\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume9\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
b538.b0f0: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\winnsi.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
b538.b0f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\winnsi.dll)
b538.b0f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\winnsi.dll
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume9\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\nsi.dll [lacks WinVerifyTrust]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume9\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\nsi.dll [lacks WinVerifyTrust]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume9\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
b538.b0f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxDD2.dll)WinVerifyTrust
b538.b0f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxDD2.dll
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxVMM.dll
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
b538.b0f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxDDU.dll)WinVerifyTrust
b538.b0f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxDDU.dll
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxVMM.dll
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dsound.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dsound.dll' -> '\Device\HarddiskVolume9\Windows\System32\dsound.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f78 pwszName=\Device\HarddiskVolume9\Windows\System32\dsound.dll
b538.b0f0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e6590
b538.b0f0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e6590
b538.b0f0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7FF2119E435E404AD007FD65DA8D286C1635ACA6
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume9\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume9\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
b538.b0f0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume9\Windows\System32\newdev.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'uxtheme.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'cfgmgr32.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'setupapi.dll'.
b538.b0f0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume9\Windows\System32\newdev.dll)
b538.b0f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\newdev.dll
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume9\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\setupapi.dll
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume9\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume9\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\setupapi.dll
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume9\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume9\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\uxtheme.dll
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume9\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume9\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b0f0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore-noindeo-Group-avcore-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume9\Windows\System32\dsound.dll'
b538.b0f0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'advapi32.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'winmm.dll'.
b538.b0f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\dsound.dll)WinVerifyTrust
b538.b0f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\dsound.dll
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcr100.dll
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume9\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\winmm.dll
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume9\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume9\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b0f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxDD.dll
b538.b0f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\dsound.dll
b538.b0f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxDDU.dll
b538.b0f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxDD2.dll
b538.b0f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\IPHLPAPI.DLL
b538.b0f0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\newdev.dll [avoiding WinVerifyTrust]
b538.b0f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b0f0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume9\Windows\System32\devrtl.dll)
b538.b0f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\devrtl.dll
b538.b0f0: supR3HardenedDllNotificationCallback: load 00007ff8fcaa0000 LB 0x0009c000 C:\Windows\SYSTEM32\DSOUND.dll [fFlags=0x0]
b538.b0f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\dsound.dll
b538.b0f0: supR3HardenedDllNotificationCallback: load 00007ff911240000 LB 0x00013000 C:\Windows\SYSTEM32\devrtl.DLL [fFlags=0x0]
b538.b0f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
b538.b0f0: supR3HardenedDllNotificationCallback: load 00007ff8ecf60000 LB 0x00058000 C:\Windows\SYSTEM32\newdev.dll [fFlags=0x0]
b538.b0f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\newdev.dll [avoiding WinVerifyTrust]
b538.b0f0: supR3HardenedDllNotificationCallback: load 00007ff8eed80000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
b538.b0f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxDDU.dll
b538.b0f0: supR3HardenedDllNotificationCallback: load 00007ff8ed900000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
b538.b0f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxDD2.dll
b538.b0f0: supR3HardenedDllNotificationCallback: load 00007ff914500000 LB 0x0000b000 C:\Windows\SYSTEM32\WINNSI.DLL [fFlags=0x0]
b538.b0f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
b538.b0f0: supR3HardenedDllNotificationCallback: load 00007ff915460000 LB 0x00038000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
b538.b0f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\IPHLPAPI.DLL
b538.b0f0: supR3HardenedDllNotificationCallback: load 00007ff8e7cc0000 LB 0x008d8000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
b538.b0f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxDD.dll
b538.b0f0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume9\Windows\System32\devrtl.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume9\Windows\System32\devrtl.dll' [rescheduled]
b538.b0f0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume9\Windows\System32\newdev.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume9\Windows\System32\newdev.dll' [rescheduled]
b538.b0f0: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume9\Windows\System32\winnsi.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume9\Windows\System32\winnsi.dll' [rescheduled]
b538.b0f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\dsound.dll
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\SYSTEM32\DSOUND.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fcaa0000 'C:\Windows\SYSTEM32\DSOUND.dll'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e7cc0000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b0f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxC.dll
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8e9050000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b0f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxDD2.dll
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ed900000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.ac68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.ac68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
b538.ac68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
b538.ac68: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
b538.ac68: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll)WinVerifyTrust
b538.ac68: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
b538.ac68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
b538.ac68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
b538.ac68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
b538.ac68: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
b538.ac68: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxVMM.dll
b538.ac68: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
b538.ac68: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
b538.ac68: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.ac68: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
b538.ac68: supR3HardenedDllNotificationCallback: load 00007ff9061d0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
b538.ac68: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
b538.ac68: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9061d0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
b538.b0f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\IPHLPAPI.DLL
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff915460000 'C:\Windows\system32/Iphlpapi.dll'
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
b538.b0f0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume9\Windows\System32\dhcpcsvc6.dll)
b538.b0f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\dhcpcsvc6.dll
b538.b0f0: supR3HardenedDllNotificationCallback: load 00007ff9145b0000 LB 0x00016000 C:\Windows\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
b538.b0f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
b538.b0f0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume9\Windows\System32\dhcpcsvc.dll)
b538.b0f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\dhcpcsvc.dll
b538.b0f0: supR3HardenedDllNotificationCallback: load 00007ff914590000 LB 0x0001a000 C:\Windows\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
b538.b0f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
b538.b0f0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fa4 pwszName=\Device\HarddiskVolume9\Windows\System32\dhcpcsvc.dll
b538.b0f0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e6590
b538.b0f0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e6590
b538.b0f0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EC5F23FF9BE9DCF8E5234FF8C5B6EBE9459DC35E
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume9\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\nsi.dll [lacks WinVerifyTrust]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume9\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume9\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume9\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume9\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b0f0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-minio-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume9\Windows\System32\dhcpcsvc.dll'
b538.b0f0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
b538.b0f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\dhcpcsvc.dll'
b538.b0f0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f7c pwszName=\Device\HarddiskVolume9\Windows\System32\dhcpcsvc6.dll
b538.b0f0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e6590
b538.b0f0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e6590
b538.b0f0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7F2C6FCDABC75F6CF26C6E8145FC3426AD15DAAC
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b0f0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-minio-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume9\Windows\System32\dhcpcsvc6.dll'
b538.b0f0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
b538.b0f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\dhcpcsvc6.dll'
b538.b0f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\kernel32.dll
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91af20000 'C:\Windows\system32/kernel32.dll'
b538.b0f0: \Device\HarddiskVolume9\Windows\System32\PrxerDrv.dll: Owner is administrators group.
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
b538.b0f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\PrxerDrv.dll)WinVerifyTrust
b538.b0f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\PrxerDrv.dll
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume9\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume9\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume9\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\PrxerDrv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b0f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\PrxerDrv.dll
b538.b0f0: supR3HardenedDllNotificationCallback: load 00007ff9168c0000 LB 0x00016000 C:\Windows\system32\PrxerDrv.dll [fFlags=0x0]
b538.b0f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\PrxerDrv.dll
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9168c0000 'C:\Windows\system32\PrxerDrv.dll'
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
b538.b0f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\mswsock.dll)
b538.b0f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\mswsock.dll
b538.b0f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\mswsock.dll [avoiding WinVerifyTrust]
b538.b0f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\mswsock.dll [avoiding WinVerifyTrust]
b538.b0f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\mswsock.dll [avoiding WinVerifyTrust]
b538.b0f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\mswsock.dll [avoiding WinVerifyTrust]
b538.b0f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\mswsock.dll [avoiding WinVerifyTrust]
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b0f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ws2_32.dll'.
b538.b0f0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume9\Windows\System32\wshqos.dll)
b538.b0f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\wshqos.dll
b538.b0f0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\wshqos.dll [avoiding WinVerifyTrust]
b538.b0f0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\wshqos.dll [avoiding WinVerifyTrust]
b538.b0f0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\wshqos.dll [avoiding WinVerifyTrust]
b538.b0f0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011cc pwszName=\Device\HarddiskVolume9\Windows\System32\wshqos.dll
b538.b0f0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e6590
b538.b0f0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e6590
b538.b0f0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EBA63D2E605C613FD6AB1B27E94ECE638C2B3803
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume9\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume9\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
b538.b0f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume9\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b0f0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Network-QoS-Core-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume9\Windows\System32\wshqos.dll'
b538.b0f0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
b538.b0f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\wshqos.dll'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b0f0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\mswsock.dll'
b538.b0f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\mswsock.dll
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b0f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\mswsock.dll
b538.b0f0: supR3HardenedDllNotificationCallback: load 00007ff9172f0000 LB 0x0005d000 C:\Windows\system32\mswsock.dll [fFlags=0x0]
b538.b0f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\mswsock.dll
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9172f0000 'C:\Windows\system32\mswsock.dll'
b538.b0f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9172f0000 'C:\Windows\system32\mswsock.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\msctf.dll [redoing WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\msctf.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff918ab0000 'C:\Windows\system32\MSCTF.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\ole32.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9194a0000 'C:\Windows\system32\ole32.dll'
b538.b5a0: \Device\HarddiskVolume9\Windows\System32\baiducnTSF.dll: Owner is administrators group.
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'shlwapi.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'version.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\baiducnTSF.dll)WinVerifyTrust
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\baiducnTSF.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume9\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\version.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume9\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\imm32.dll [redoing WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\imm32.dll'
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume9\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\shlwapi.dll [redoing WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\shlwapi.dll'
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume9\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\oleaut32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume9\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\ole32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume9\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume9\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume9\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume9\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\baiducnTSF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\baiducnTSF.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff90a250000 LB 0x000a1000 C:\Windows\system32\baiducnTSF.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\baiducnTSF.dll
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\kernel32.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91af20000 'C:\Windows\system32\kernel32.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff919780000 'C:\Windows\system32\shell32.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff90a250000 'C:\Windows\system32\baiducnTSF.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\bdxlogx64.dll': 0 (NtPath=\??\C:\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\bdxlogx64.dll; Input=C:\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\bdxlogx64.dll; rcNtGetDll=0x0
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\bdxlogx64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\bdxlogx64.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\msctf.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msctf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff918ab0000 'C:\Windows\system32\msctf.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\msctf.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\msctf.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff918ab0000 'C:\Windows\System32\msctf.dll'
b538.b5a0: \Device\HarddiskVolume9\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\UIPFullx64.dll: Owner is administrators group.
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleacc.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shlwapi.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdiplus.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'imm32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'winmm.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msimg32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'version.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'imefreetypex64.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'imepngx64.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'imezlibx64.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\UIPFullx64.dll)WinVerifyTrust
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\UIPFullx64.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imezlibx64.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'imezlibx64.dll' -> '\Device\HarddiskVolume9\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\imezlibx64.dll' [rcNtRedir=0xc0150008]
b538.b5a0: \Device\HarddiskVolume9\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\imezlibx64.dll: Owner is administrators group.
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\imezlibx64.dll)WinVerifyTrust
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\imezlibx64.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imepngx64.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'imepngx64.dll' -> '\Device\HarddiskVolume9\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\imepngx64.dll' [rcNtRedir=0xc0150008]
b538.b5a0: \Device\HarddiskVolume9\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\imepngx64.dll: Owner is administrators group.
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'imezlibx64.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\imepngx64.dll)WinVerifyTrust
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\imepngx64.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imefreetypex64.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'imefreetypex64.dll' -> '\Device\HarddiskVolume9\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\imefreetypex64.dll' [rcNtRedir=0xc0150008]
b538.b5a0: \Device\HarddiskVolume9\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\IMEFREETYPEx64.dll: Owner is administrators group.
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imezlibx64.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'imezlibx64.dll' -> '\Device\HarddiskVolume9\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\imezlibx64.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\imezlibx64.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\IMEFREETYPEx64.dll)WinVerifyTrust
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\IMEFREETYPEx64.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume9\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\version.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msimg32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msimg32.dll' -> '\Device\HarddiskVolume9\Windows\System32\msimg32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001224 pwszName=\Device\HarddiskVolume9\Windows\System32\msimg32.dll
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A4CD94AB18AD559A6DFD73723FA49C90EDE59D65
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume9\Windows\System32\msimg32.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\msimg32.dll)WinVerifyTrust
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\msimg32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume9\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\winmm.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume9\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\imm32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdiplus.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdiplus.dll' -> '\Device\HarddiskVolume9\Windows\System32\gdiplus.dll' [rcNtRedir=0x0]
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001218 pwszName=\Device\HarddiskVolume9\Windows\System32\GdiPlus.dll
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=981AABC9636B31B305F33D6B2B0782E016B4A483
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume9\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume9\Windows\System32\GdiPlus.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'user32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'gdi32.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\GdiPlus.dll)WinVerifyTrust
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\GdiPlus.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume9\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\shlwapi.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleacc.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleacc.dll' -> '\Device\HarddiskVolume9\Windows\System32\oleacc.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000123c pwszName=\Device\HarddiskVolume9\Windows\System32\oleacc.dll
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BBAC4B5CEB1A5E84F1CCA9956760A35BA150F909
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume9\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume9\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\user32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume9\Windows\System32\oleacc.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'user32.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\oleacc.dll)WinVerifyTrust
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\oleacc.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume9\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\oleaut32.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume9\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume9\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume9\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume9\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume9\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume9\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume9\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\UIPFullx64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\UIPFullx64.dll
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\oleacc.dll
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'user32.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'gdi32.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume9\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_89a94c179af51f83\GdiPlus.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_89a94c179af51f83\GdiPlus.dll
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\msimg32.dll
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\IMEFREETYPEx64.dll
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\imepngx64.dll
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\imezlibx64.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff913950000 LB 0x00069000 C:\Windows\SYSTEM32\OLEACC.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\oleacc.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff913a70000 LB 0x001a9000 C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_89a94c179af51f83\gdiplus.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_89a94c179af51f83\GdiPlus.dll [avoiding WinVerifyTrust]
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff913c50000 LB 0x00007000 C:\Windows\SYSTEM32\MSIMG32.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\msimg32.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff909780000 LB 0x000ef000 C:\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\imefreetypex64.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\IMEFREETYPEx64.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff909cb0000 LB 0x0003a000 C:\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\imezlibx64.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\imezlibx64.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff909720000 LB 0x00059000 C:\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\imepngx64.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\imepngx64.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff9048d0000 LB 0x002fe000 C:\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\UIPFullx64.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\UIPFullx64.dll
b538.b5a0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume9\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_89a94c179af51f83\GdiPlus.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume9\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_89a94c179af51f83\GdiPlus.dll' [rescheduled]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume9\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume9\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9187f0000 'C:\Windows\system32\user32.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\kernel32.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91af20000 'C:\Windows\system32\kernel32.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff919780000 'C:\Windows\system32\shell32.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9048d0000 'C:\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\UIPFullx64.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\bdxlogx64.dll': 0 (NtPath=\??\C:\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\bdxlogx64.dll; Input=C:\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\bdxlogx64.dll; rcNtGetDll=0x0
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\bdxlogx64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\bdxlogx64.dll'
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\sspicli.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\sspicli.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff917700000 LB 0x0002c000 C:\Windows\SYSTEM32\SspiCli.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\sspicli.dll [avoiding WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume9\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\sspicli.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\sspicli.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\sspicli.dll (Input=sspicli.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff917700000 'C:\Windows\system32\sspicli.dll'
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\ntmarta.dll)
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\ntmarta.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff916e20000 LB 0x00032000 C:\Windows\SYSTEM32\ntmarta.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\ntmarta.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001194 pwszName=\Device\HarddiskVolume9\Windows\System32\twinapi.dll
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6F6AF68902379C657662A39D0010B5F9B5BF78FA
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-shell~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume9\Windows\System32\twinapi.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
b538.b5a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'user32.dll'.
b538.b5a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume9\Windows\System32\twinapi.dll)WinVerifyTrust
b538.b5a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\twinapi.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume9\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume9\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\combase.dll
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
b538.b5a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume9\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\twinapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
b538.b5a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\twinapi.dll
b538.b5a0: supR3HardenedDllNotificationCallback: load 00007ff909420000 LB 0x000ba000 C:\Windows\System32\twinapi.dll [fFlags=0x0]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\twinapi.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff909420000 'C:\Windows\System32\twinapi.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9187f0000 'C:\Windows\system32\user32.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_89a94c179af51f83\GdiPlus.dll [redoing WinVerifyTrust]
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000122c pwszName=\Device\HarddiskVolume9\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_89a94c179af51f83\GdiPlus.dll
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e6590
b538.b5d0: '\Device\HarddiskVolume9\Windows\System32\tzres.dll' has no imports
b538.b5d0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume9\Windows\System32\tzres.dll)
b538.b5d0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume9\Windows\System32\tzres.dll
b538.b5d0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume9\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=981AABC9636B31B305F33D6B2B0782E016B4A483
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package-AutoMerged-windows~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume9\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_89a94c179af51f83\GdiPlus.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_89a94c179af51f83\GdiPlus.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_89a94c179af51f83\gdiplus.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff913a70000 'C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.10240.16384_none_89a94c179af51f83\gdiplus.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001310 pwszName=\Device\HarddiskVolume9\Windows\System32\tzres.dll
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000015e6590
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=70B49B85D2F7BA5E6F42836FF363155E8051A249
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-base-Package~31bf3856ad364e35~amd64~~10.0.10240.16384.cat'; file='\Device\HarddiskVolume9\Windows\System32\tzres.dll'
b538.b5a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
b538.b5a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\System32\tzres.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\msctf.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msctf.dll (Input=msctf.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff918ab0000 'C:\Windows\system32\msctf.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll' [redir]
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll [redoing WinVerifyTrust]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff916fa0000 'C:\Windows\system32\rsaenh.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9181b0000 'C:\Windows\system32\crypt32.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume9\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9139c0000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_0212ec7eba871e86\comctl32.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff91afd0000 'C:\Windows\system32\OLEAUT32.DLL'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff919780000 'C:\Windows\system32\shell32.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff919780000 'C:\Windows\system32\shell32.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff919780000 'C:\Windows\system32\shell32.dll'
b538.b5a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume9\Windows\System32\shell32.dll
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff919780000 'C:\Windows\system32\shell32.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff919780000 'C:\Windows\system32\shell32.dll'
b538.b5a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff919780000 'C:\Windows\system32\shell32.dll'
b538.ac68: supR3HardenedDllNotificationCallback: Unload 00007ff9061d0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
b538.a44c: supR3HardenedDllNotificationCallback: Unload 00007ff9062e0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
b538.a9c8: supR3HardenedDllNotificationCallback: Unload 00007ff9062f0000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
b538.9758: supR3HardenedDllNotificationCallback: Unload 00007ff9093f0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
b538.b508: supR3HardenedDllNotificationCallback: Unload 00007ff90ec80000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
b538.b0f0: supR3HardenedDllNotificationCallback: Unload 00007ff9168c0000 LB 0x00016000 C:\Windows\system32\PrxerDrv.dll [flags=0x0]
b538.b0f0: supR3HardenedDllNotificationCallback: Unload 00007ff8e7cc0000 LB 0x008d8000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
b538.b0f0: supR3HardenedDllNotificationCallback: Unload 00007ff8eed80000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
b538.b0f0: supR3HardenedDllNotificationCallback: Unload 00007ff8ecf60000 LB 0x00058000 C:\Windows\SYSTEM32\newdev.dll [flags=0x0]
b538.b0f0: supR3HardenedDllNotificationCallback: Unload 00007ff911240000 LB 0x00013000 C:\Windows\SYSTEM32\devrtl.DLL [flags=0x0]
b538.b0f0: supR3HardenedDllNotificationCallback: Unload 00007ff8ed900000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
b538.b5a0: supR3HardenedDllNotificationCallback: Unload 00007ff9048d0000 LB 0x002fe000 C:\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\UIPFullx64.dll [flags=0x0]
b538.b5a0: supR3HardenedDllNotificationCallback: Unload 00007ff913950000 LB 0x00069000 C:\Windows\SYSTEM32\OLEACC.dll [flags=0x0]
b538.b5a0: supR3HardenedDllNotificationCallback: Unload 00007ff913c50000 LB 0x00007000 C:\Windows\SYSTEM32\MSIMG32.dll [flags=0x0]
b538.b5a0: supR3HardenedDllNotificationCallback: Unload 00007ff909780000 LB 0x000ef000 C:\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\imefreetypex64.dll [flags=0x0]
b538.b5a0: supR3HardenedDllNotificationCallback: Unload 00007ff909720000 LB 0x00059000 C:\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\imepngx64.dll [flags=0x0]
b538.b5a0: supR3HardenedDllNotificationCallback: Unload 00007ff909cb0000 LB 0x0003a000 C:\Program Files (x86)\Baidu\BaiduPinyin\3.1.2.239\imezlibx64.dll [flags=0x0]
b538.b5a0: supR3HardenedDllNotificationCallback: Unload 00007ff909420000 LB 0x000ba000 C:\Windows\System32\twinapi.dll [flags=0x0]
b538.b5a0: supR3HardenedDllNotificationCallback: Unload 00007ff90a250000 LB 0x000a1000 C:\Windows\system32\baiducnTSF.dll [flags=0x0]
b538.b5a0: supR3HardenedDllNotificationCallback: Unload 00007ff90b7d0000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [flags=0x0]
b538.b5a0: supR3HardenedDllNotificationCallback: Unload 00007ff90d0d0000 LB 0x00011000 C:\Windows\system32\wbem\wbemprox.dll [flags=0x0]
b538.b5a0: supR3HardenedDllNotificationCallback: Unload 00007ff906040000 LB 0x00046000 C:\Windows\system32\dataexchange.dll [flags=0x0]
b538.b5a0: supR3HardenedDllNotificationCallback: Unload 00007ff90fad0000 LB 0x00545000 C:\Windows\system32\d2d1.dll [flags=0x0]
b538.b5a0: supR3HardenedDllNotificationCallback: Unload 00007ff915710000 LB 0x002a3000 C:\Windows\system32\d3d11.dll [flags=0x0]
b538.b5a0: supR3HardenedDllNotificationCallback: Unload 00007ff915630000 LB 0x0009c000 C:\Windows\system32\dxgi.dll [flags=0x0]
b538.b5a0: supR3HardenedDllNotificationCallback: Unload 00007ff915d70000 LB 0x000d1000 C:\Windows\system32\dcomp.dll [flags=0x0]
b538.b5a0: supR3HardenedDllNotificationCallback: Unload 00007ff916480000 LB 0x000ee000 C:\Windows\system32\twinapi.appcore.dll [flags=0x0]
b538.b5a0: supR3HardenedDllNotificationCallback: Unload 00007ff8e9050000 LB 0x005d5000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
b538.b5a0: supR3HardenedDllNotificationCallback: Unload 00007ff91af10000 LB 0x00008000 C:\Windows\system32\PSAPI.DLL [flags=0x0]
b538.b5a0: supR3HardenedDllNotificationCallback: Unload 00007ff9153e0000 LB 0x0000a000 C:\Windows\SYSTEM32\VERSION.dll [flags=0x0]
b538.b5a0: supR3HardenedDllNotificationCallback: Unload 00007ff8eed10000 LB 0x00064000 C:\Windows\System32\NetSetupShim.dll [flags=0x0]
b538.b5a0: supR3HardenedDllNotificationCallback: Unload 00007ff90da60000 LB 0x0001d000 C:\Windows\System32\NetSetupApi.dll [flags=0x0]
b538.b5a0: supR3HardenedDllNotificationCallback: Unload 00007ff918e20000 LB 0x001c5000 C:\Windows\system32\SETUPAPI.dll [flags=0x0]
b538.b5a0: supR3HardenedDllNotificationCallback: Unload 00007ff90b8e0000 LB 0x000f8000 C:\Windows\system32\wbem\fastprox.dll [flags=0x0]
b538.b5a0: supR3HardenedDllNotificationCallback: Unload 00007ff90ef30000 LB 0x0007f000 C:\Windows\SYSTEM32\wbemcomn.dll [flags=0x0]
b538.b5a0: Terminating the normal way: rcExit=0
b50c.b544: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 47062 ms, the end);
b4fc.b540: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 47530 ms, the end);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment