VirtualBox

Ticket #16645: VBoxHardening.log

File VBoxHardening.log, 190.4 KB (added by David Popple, 7 years ago)
Line 
11174.9fc: Log file opened: 5.1.18r114002 g_hStartupLog=0000000000000078 g_uNtVerCombined=0xa0383900
21174.9fc: \SystemRoot\System32\ntdll.dll:
31174.9fc: CreationTime: 2016-12-11T13:52:06.135396300Z
41174.9fc: LastWriteTime: 2016-11-11T10:13:03.409595100Z
51174.9fc: ChangeTime: 2017-03-16T19:37:12.370136600Z
61174.9fc: FileAttributes: 0x20
71174.9fc: Size: 0x1cc888
81174.9fc: NT Headers: 0xd8
91174.9fc: Timestamp: 0x5825887f
101174.9fc: Machine: 0x8664 - amd64
111174.9fc: Timestamp: 0x5825887f
121174.9fc: Image Version: 10.0
131174.9fc: SizeOfImage: 0x1d1000 (1904640)
141174.9fc: Resource Dir: 0x168000 LB 0x67988
151174.9fc: ProductName: Microsoft® Windows® Operating System
161174.9fc: ProductVersion: 10.0.14393.479
171174.9fc: FileVersion: 10.0.14393.479 (rs1_release.161110-2025)
181174.9fc: FileDescription: NT Layer DLL
191174.9fc: \SystemRoot\System32\kernel32.dll:
201174.9fc: CreationTime: 2016-07-16T11:42:16.155721400Z
211174.9fc: LastWriteTime: 2016-07-16T11:42:16.155721400Z
221174.9fc: ChangeTime: 2016-10-03T04:12:48.135182400Z
231174.9fc: FileAttributes: 0x20
241174.9fc: Size: 0xaade8
251174.9fc: NT Headers: 0xf0
261174.9fc: Timestamp: 0x57899a29
271174.9fc: Machine: 0x8664 - amd64
281174.9fc: Timestamp: 0x57899a29
291174.9fc: Image Version: 10.0
301174.9fc: SizeOfImage: 0xab000 (700416)
311174.9fc: Resource Dir: 0xa9000 LB 0x528
321174.9fc: ProductName: Microsoft® Windows® Operating System
331174.9fc: ProductVersion: 10.0.14393.0
341174.9fc: FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
351174.9fc: FileDescription: Windows NT BASE API Client DLL
361174.9fc: \SystemRoot\System32\KernelBase.dll:
371174.9fc: CreationTime: 2017-03-16T17:09:41.395525000Z
381174.9fc: LastWriteTime: 2017-03-04T07:22:41.598640500Z
391174.9fc: ChangeTime: 2017-03-17T16:24:12.435795600Z
401174.9fc: FileAttributes: 0x20
411174.9fc: Size: 0x21c780
421174.9fc: NT Headers: 0xf8
431174.9fc: Timestamp: 0x58ba59e1
441174.9fc: Machine: 0x8664 - amd64
451174.9fc: Timestamp: 0x58ba59e1
461174.9fc: Image Version: 10.0
471174.9fc: SizeOfImage: 0x21d000 (2215936)
481174.9fc: Resource Dir: 0x201000 LB 0x560
491174.9fc: ProductName: Microsoft® Windows® Operating System
501174.9fc: ProductVersion: 10.0.14393.953
511174.9fc: FileVersion: 10.0.14393.953 (rs1_release_inmarket.170303-1614)
521174.9fc: FileDescription: Windows NT BASE API Client DLL
531174.9fc: \SystemRoot\System32\apisetschema.dll:
541174.9fc: CreationTime: 2016-07-16T11:42:21.577586000Z
551174.9fc: LastWriteTime: 2016-07-16T11:42:21.577586000Z
561174.9fc: ChangeTime: 2016-10-03T04:12:39.289161000Z
571174.9fc: FileAttributes: 0x20
581174.9fc: Size: 0x18960
591174.9fc: NT Headers: 0xc8
601174.9fc: Timestamp: 0x57899bd2
611174.9fc: Machine: 0x8664 - amd64
621174.9fc: Timestamp: 0x57899bd2
631174.9fc: Image Version: 10.0
641174.9fc: SizeOfImage: 0x19000 (102400)
651174.9fc: Resource Dir: 0x18000 LB 0x400
661174.9fc: ProductName: Microsoft® Windows® Operating System
671174.9fc: ProductVersion: 10.0.14393.0
681174.9fc: FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
691174.9fc: FileDescription: ApiSet Schema DLL
701174.9fc: Found driver klkbdflt (0x40)
711174.9fc: Found driver klmouflt (0x40)
721174.9fc: Found driver KLIM6 (0x40)
731174.9fc: Found driver kl1 (0x40)
741174.9fc: Found driver kneps (0x40)
751174.9fc: Found driver klflt (0x40)
761174.9fc: supR3HardenedWinFindAdversaries: 0x40
771174.9fc: \SystemRoot\System32\drivers\kl1.sys:
781174.9fc: CreationTime: 2016-06-02T01:43:38.000000000Z
791174.9fc: LastWriteTime: 2016-06-02T01:43:38.000000000Z
801174.9fc: ChangeTime: 2016-10-02T18:53:54.949086000Z
811174.9fc: FileAttributes: 0x2020
821174.9fc: Size: 0x875b0
831174.9fc: NT Headers: 0xe8
841174.9fc: Timestamp: 0x56fe83ac
851174.9fc: Machine: 0x8664 - amd64
861174.9fc: Timestamp: 0x56fe83ac
871174.9fc: Image Version: 0.0
881174.9fc: SizeOfImage: 0x709000 (7376896)
891174.9fc: Resource Dir: 0x707000 LB 0x448
901174.9fc: ProductName: Kaspersky Anti-Virus
911174.9fc: ProductVersion: 6.0.1.990
921174.9fc: FileVersion: 6.8.0.67
931174.9fc: FileDescription: Kaspersky Unified Driver
941174.9fc: \SystemRoot\System32\drivers\klflt.sys:
951174.9fc: CreationTime: 2016-03-05T12:00:06.164930400Z
961174.9fc: LastWriteTime: 2017-03-13T18:26:52.914703000Z
971174.9fc: ChangeTime: 2017-03-13T18:26:52.914703000Z
981174.9fc: FileAttributes: 0x20
991174.9fc: Size: 0x2ff18
1001174.9fc: NT Headers: 0x100
1011174.9fc: Timestamp: 0x5864f2cf
1021174.9fc: Machine: 0x8664 - amd64
1031174.9fc: Timestamp: 0x5864f2cf
1041174.9fc: Image Version: 6.2
1051174.9fc: SizeOfImage: 0x3d000 (249856)
1061174.9fc: Resource Dir: 0x3b000 LB 0x418
1071174.9fc: ProductName: System Interceptors PDK
1081174.9fc: ProductVersion: 12.0.31.0
1091174.9fc: FileVersion: 12.0.31.0
1101174.9fc: FileDescription: Filter Core [fre_win8_x64]
1111174.9fc: \SystemRoot\System32\drivers\klif.sys:
1121174.9fc: CreationTime: 2016-03-05T12:00:06.149304400Z
1131174.9fc: LastWriteTime: 2017-03-13T18:26:53.055339400Z
1141174.9fc: ChangeTime: 2017-03-13T18:26:53.055339400Z
1151174.9fc: FileAttributes: 0x20
1161174.9fc: Size: 0xf8718
1171174.9fc: NT Headers: 0x118
1181174.9fc: Timestamp: 0x58adaa67
1191174.9fc: Machine: 0x8664 - amd64
1201174.9fc: Timestamp: 0x58adaa67
1211174.9fc: Image Version: 6.2
1221174.9fc: SizeOfImage: 0xfe000 (1040384)
1231174.9fc: Resource Dir: 0xfb000 LB 0x1fe8
1241174.9fc: ProductName: System Interceptors PDK
1251174.9fc: ProductVersion: 12.0.208.0
1261174.9fc: FileVersion: 12.0.208.0
1271174.9fc: FileDescription: Core System Interceptors [fre_win8_x64]
1281174.9fc: \SystemRoot\System32\drivers\klim6.sys:
1291174.9fc: CreationTime: 2016-06-20T21:41:10.000000000Z
1301174.9fc: LastWriteTime: 2016-12-06T18:40:00.259326400Z
1311174.9fc: ChangeTime: 2016-12-06T18:40:00.259326400Z
1321174.9fc: FileAttributes: 0x20
1331174.9fc: Size: 0xe050
1341174.9fc: NT Headers: 0x108
1351174.9fc: Timestamp: 0x57ee6a18
1361174.9fc: Machine: 0x8664 - amd64
1371174.9fc: Timestamp: 0x57ee6a18
1381174.9fc: Image Version: 6.2
1391174.9fc: SizeOfImage: 0xc000 (49152)
1401174.9fc: Resource Dir: 0xa000 LB 0x430
1411174.9fc: ProductName: System Interceptors PDK
1421174.9fc: ProductVersion: 13.0.0.8
1431174.9fc: FileVersion: 13.0.0.8
1441174.9fc: FileDescription: Packet Network Filter [fre_win8_x64]
1451174.9fc: \SystemRoot\System32\drivers\klkbdflt.sys:
1461174.9fc: CreationTime: 2015-06-06T07:31:42.000000000Z
1471174.9fc: LastWriteTime: 2016-05-18T22:57:36.000000000Z
1481174.9fc: ChangeTime: 2016-12-06T18:40:40.417540300Z
1491174.9fc: FileAttributes: 0x20
1501174.9fc: Size: 0xcba8
1511174.9fc: NT Headers: 0x100
1521174.9fc: Timestamp: 0x5736349d
1531174.9fc: Machine: 0x8664 - amd64
1541174.9fc: Timestamp: 0x5736349d
1551174.9fc: Image Version: 6.2
1561174.9fc: SizeOfImage: 0xc000 (49152)
1571174.9fc: Resource Dir: 0xa000 LB 0x438
1581174.9fc: ProductName: System Interceptors PDK
1591174.9fc: ProductVersion: 12.0.0.1
1601174.9fc: FileVersion: 12.0.0.1
1611174.9fc: FileDescription: Keyboard Device Filter [fre_win8_x64]
1621174.9fc: \SystemRoot\System32\drivers\klmouflt.sys:
1631174.9fc: CreationTime: 2015-06-07T00:52:56.000000000Z
1641174.9fc: LastWriteTime: 2015-06-06T23:52:56.000000000Z
1651174.9fc: ChangeTime: 2016-12-06T18:40:40.823804700Z
1661174.9fc: FileAttributes: 0x20
1671174.9fc: Size: 0xa2b8
1681174.9fc: NT Headers: 0xe8
1691174.9fc: Timestamp: 0x556da33c
1701174.9fc: Machine: 0x8664 - amd64
1711174.9fc: Timestamp: 0x556da33c
1721174.9fc: Image Version: 6.2
1731174.9fc: SizeOfImage: 0xc000 (49152)
1741174.9fc: Resource Dir: 0xa000 LB 0x438
1751174.9fc: ProductName: System Interceptors PDK
1761174.9fc: ProductVersion: 10.0.0.11
1771174.9fc: FileVersion: 10.0.0.11
1781174.9fc: FileDescription: Mouse Device Filter [fre_win8_x64]
1791174.9fc: \SystemRoot\System32\drivers\kneps.sys:
1801174.9fc: CreationTime: 2015-06-23T17:30:50.000000000Z
1811174.9fc: LastWriteTime: 2017-03-13T18:26:53.149089400Z
1821174.9fc: ChangeTime: 2017-03-13T18:26:53.149089400Z
1831174.9fc: FileAttributes: 0x20
1841174.9fc: Size: 0x30ae0
1851174.9fc: NT Headers: 0x108
1861174.9fc: Timestamp: 0x5853b0e1
1871174.9fc: Machine: 0x8664 - amd64
1881174.9fc: Timestamp: 0x5853b0e1
1891174.9fc: Image Version: 5.2
1901174.9fc: SizeOfImage: 0x2d000 (184320)
1911174.9fc: Resource Dir: 0x2b000 LB 0x428
1921174.9fc: ProductName: System Interceptors PDK
1931174.9fc: ProductVersion: 12.0.0.22
1941174.9fc: FileVersion: 12.0.0.22
1951174.9fc: FileDescription: Network Processor [fre_wnet_x64]
1961174.9fc: \SystemRoot\System32\klfphc.dll:
1971174.9fc: CreationTime: 2016-03-05T12:00:43.860065400Z
1981174.9fc: LastWriteTime: 2013-05-06T06:13:26.000000000Z
1991174.9fc: ChangeTime: 2016-09-27T09:21:55.687462100Z
2001174.9fc: FileAttributes: 0x20
2011174.9fc: Size: 0x1ae60
2021174.9fc: NT Headers: 0xe8
2031174.9fc: Timestamp: 0x51873bf2
2041174.9fc: Machine: 0x8664 - amd64
2051174.9fc: Timestamp: 0x51873bf2
2061174.9fc: Image Version: 0.0
2071174.9fc: SizeOfImage: 0x1d000 (118784)
2081174.9fc: Resource Dir: 0x18000 LB 0x3c80
2091174.9fc: ProductName: Kaspersky™ Anti-Virus ®
2101174.9fc: ProductVersion: 1.0.0.12
2111174.9fc: FileVersion: 1.0.0.12
2121174.9fc: FileDescription: Filtering Platform Helper Class
2131174.9fc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2141174.9fc: Calling main()
2151174.9fc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
2161174.9fc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2171174.9fc: SUPR3HardenedMain: Respawn #1
2181174.9fc: System32: \Device\HarddiskVolume2\Windows\System32
2191174.9fc: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
2201174.9fc: KnownDllPath: C:\WINDOWS\System32
2211174.9fc: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2221174.9fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2231174.9fc: supR3HardNtEnableThreadCreation:
2241174.9fc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8c64b9fa0 pvNtTerminateThread=00007ff8c64e6b20
2251174.9fc: supR3HardenedWinDoReSpawn(1): New child 1458.232c [kernel32].
2261174.9fc: supR3HardNtChildGatherData: PebBaseAddress=0000000001118000 cbPeb=0x388
2271174.9fc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff8c6440000 uNtDllChildAddr=00007ff8c6440000
2281174.9fc: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff8c64b9fa0
2291174.9fc: supR3HardenedWinSetupChildInit: Start child.
2301174.9fc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2311174.9fc: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 33 sleeps
2321174.9fc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2331174.9fc: *0000000000000000-ffffffffff0cffff 0x0001/0x0000 0x0000000
2341174.9fc: *0000000000f30000-0000000000f0ffff 0x0004/0x0004 0x0020000
2351174.9fc: *0000000000f50000-0000000000f39fff 0x0002/0x0002 0x0040000
2361174.9fc: 0000000000f66000-0000000000f5bfff 0x0001/0x0000 0x0000000
2371174.9fc: *0000000000f70000-0000000000f6bfff 0x0002/0x0002 0x0040000
2381174.9fc: 0000000000f74000-0000000000f67fff 0x0001/0x0000 0x0000000
2391174.9fc: *0000000000f80000-0000000000f7dfff 0x0004/0x0004 0x0020000
2401174.9fc: 0000000000f82000-0000000000f03fff 0x0001/0x0000 0x0000000
2411174.9fc: *0000000001000000-0000000000ee7fff 0x0000/0x0004 0x0020000
2421174.9fc: 0000000001118000-0000000001114fff 0x0004/0x0004 0x0020000
2431174.9fc: 000000000111b000-0000000001035fff 0x0000/0x0004 0x0020000
2441174.9fc: *0000000001200000-0000000001104fff 0x0000/0x0004 0x0020000
2451174.9fc: 00000000012fb000-00000000012f7fff 0x0104/0x0004 0x0020000
2461174.9fc: 00000000012fe000-00000000012fbfff 0x0004/0x0004 0x0020000
2471174.9fc: 0000000001300000-000000000062ffff 0x0001/0x0000 0x0000000
2481174.9fc: *0000000001fd0000-0000000001fcefff 0x0002/0x0002 0x0020000
2491174.9fc: 0000000001fd1000-0000000001fc1fff 0x0001/0x0000 0x0000000
2501174.9fc: *0000000001fe0000-0000000001fdefff 0x0010/0x0010 0x0020000 !!
2511174.9fc: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000001fe0000 (LB 0x1000, 0000000001fe0000 LB 0x1000)
2521174.9fc: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000001fe0000/0000000001fe0000 LB 0/0x1000]
2531174.9fc: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000001fe0000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
2541174.9fc: 0000000001fe1000-0000000001fd1fff 0x0001/0x0000 0x0000000
2551174.9fc: *0000000001ff0000-0000000001feefff 0x0004/0x0004 0x0020000
2561174.9fc: 0000000001ff1000-ffffffff84001fff 0x0001/0x0000 0x0000000
2571174.9fc: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
2581174.9fc: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
2591174.9fc: 000000007fff0000-ffff800a5e54ffff 0x0001/0x0000 0x0000000
2601174.9fc: *00007ff6a1a90000-00007ff6a1a6cfff 0x0002/0x0002 0x0040000
2611174.9fc: 00007ff6a1ab3000-00007ff6a1575fff 0x0001/0x0000 0x0000000
2621174.9fc: *00007ff6a1ff0000-00007ff6a1ff0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2631174.9fc: 00007ff6a1ff1000-00007ff6a205ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2641174.9fc: 00007ff6a2060000-00007ff6a2060fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2651174.9fc: 00007ff6a2061000-00007ff6a20a5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2661174.9fc: 00007ff6a20a6000-00007ff6a20a6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2671174.9fc: 00007ff6a20a7000-00007ff6a20a7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2681174.9fc: 00007ff6a20a8000-00007ff6a20acfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2691174.9fc: 00007ff6a20ad000-00007ff6a20adfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2701174.9fc: 00007ff6a20ae000-00007ff6a20aefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2711174.9fc: 00007ff6a20af000-00007ff6a20b2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2721174.9fc: 00007ff6a20b3000-00007ff6a20fafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2731174.9fc: 00007ff6a20fb000-00007ff47ddb5fff 0x0001/0x0000 0x0000000
2741174.9fc: *00007ff8c6440000-00007ff8c6440fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2751174.9fc: 00007ff8c6441000-00007ff8c6547fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2761174.9fc: 00007ff8c6548000-00007ff8c658bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2771174.9fc: 00007ff8c658c000-00007ff8c6594fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2781174.9fc: 00007ff8c6595000-00007ff8c65a2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2791174.9fc: 00007ff8c65a3000-00007ff8c65a3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2801174.9fc: 00007ff8c65a4000-00007ff8c65a6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2811174.9fc: 00007ff8c65a7000-00007ff8c6610fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2821174.9fc: 00007ff8c6611000-00007ff18cc41fff 0x0001/0x0000 0x0000000
2831174.9fc: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
2841174.9fc: VirtualBox.exe: timestamp 0x58c95b24 (rc=VINF_SUCCESS)
2851174.9fc: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2861174.9fc: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
2871174.9fc: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x40
2881174.9fc: supR3HardNtChildPurify: Startup delay kludge #1/1: 515 ms, 33 sleeps
2891174.9fc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2901174.9fc: *0000000000000000-ffffffffff0cffff 0x0001/0x0000 0x0000000
2911174.9fc: *0000000000f30000-0000000000f0ffff 0x0004/0x0004 0x0020000
2921174.9fc: *0000000000f50000-0000000000f39fff 0x0002/0x0002 0x0040000
2931174.9fc: 0000000000f66000-0000000000f5bfff 0x0001/0x0000 0x0000000
2941174.9fc: *0000000000f70000-0000000000f6bfff 0x0002/0x0002 0x0040000
2951174.9fc: 0000000000f74000-0000000000f67fff 0x0001/0x0000 0x0000000
2961174.9fc: *0000000000f80000-0000000000f7dfff 0x0004/0x0004 0x0020000
2971174.9fc: 0000000000f82000-0000000000f03fff 0x0001/0x0000 0x0000000
2981174.9fc: *0000000001000000-0000000000ee7fff 0x0000/0x0004 0x0020000
2991174.9fc: 0000000001118000-0000000001114fff 0x0004/0x0004 0x0020000
3001174.9fc: 000000000111b000-0000000001035fff 0x0000/0x0004 0x0020000
3011174.9fc: *0000000001200000-0000000001104fff 0x0000/0x0004 0x0020000
3021174.9fc: 00000000012fb000-00000000012f7fff 0x0104/0x0004 0x0020000
3031174.9fc: 00000000012fe000-00000000012fbfff 0x0004/0x0004 0x0020000
3041174.9fc: 0000000001300000-000000000062ffff 0x0001/0x0000 0x0000000
3051174.9fc: *0000000001fd0000-0000000001fcefff 0x0002/0x0002 0x0020000
3061174.9fc: 0000000001fd1000-0000000001fb1fff 0x0001/0x0000 0x0000000
3071174.9fc: *0000000001ff0000-0000000001feefff 0x0004/0x0004 0x0020000
3081174.9fc: 0000000001ff1000-ffffffff84001fff 0x0001/0x0000 0x0000000
3091174.9fc: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
3101174.9fc: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
3111174.9fc: 000000007fff0000-ffff800a5e54ffff 0x0001/0x0000 0x0000000
3121174.9fc: *00007ff6a1a90000-00007ff6a1a6cfff 0x0002/0x0002 0x0040000
3131174.9fc: 00007ff6a1ab3000-00007ff6a1575fff 0x0001/0x0000 0x0000000
3141174.9fc: *00007ff6a1ff0000-00007ff6a1ff0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3151174.9fc: 00007ff6a1ff1000-00007ff6a205ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3161174.9fc: 00007ff6a2060000-00007ff6a2060fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3171174.9fc: 00007ff6a2061000-00007ff6a20a5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3181174.9fc: 00007ff6a20a6000-00007ff6a20b2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3191174.9fc: 00007ff6a20b3000-00007ff6a20fafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3201174.9fc: 00007ff6a20fb000-00007ff47ddb5fff 0x0001/0x0000 0x0000000
3211174.9fc: *00007ff8c6440000-00007ff8c6440fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3221174.9fc: 00007ff8c6441000-00007ff8c6547fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3231174.9fc: 00007ff8c6548000-00007ff8c658bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3241174.9fc: 00007ff8c658c000-00007ff8c658ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3251174.9fc: 00007ff8c6590000-00007ff8c6594fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3261174.9fc: 00007ff8c6595000-00007ff8c65a2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3271174.9fc: 00007ff8c65a3000-00007ff8c65a3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3281174.9fc: 00007ff8c65a4000-00007ff8c65a6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3291174.9fc: 00007ff8c65a7000-00007ff8c6610fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3301174.9fc: 00007ff8c6611000-00007ff18cc41fff 0x0001/0x0000 0x0000000
3311174.9fc: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
3321174.9fc: supR3HardNtChildPurify: Done after 1345 ms and 1 fixes (loop #1).
3331458.232c: Log file opened: 5.1.18r114002 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0383900
3341458.232c: supR3HardenedVmProcessInit: uNtDllAddr=00007ff8c6440000 g_uNtVerCombined=0xa0383900
3351458.232c: ntdll.dll: timestamp 0x5825887f (rc=VINF_SUCCESS)
3361458.232c: New simple heap: #1 0000000001400000 LB 0x400000 (for 1904640 allocation)
3371174.9fc: supR3HardNtEnableThreadCreation:
3381458.232c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3391458.232c: System32: \Device\HarddiskVolume2\Windows\System32
3401458.232c: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
3411458.232c: KnownDllPath: C:\WINDOWS\System32
3421458.232c: supR3HardenedVmProcessInit: Opening vboxdrv stub...
3431458.232c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3441458.232c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3451458.232c: Registered Dll notification callback with NTDLL.
3461458.232c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
3471458.232c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
3481458.232c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
3491458.232c: supR3HardenedDllNotificationCallback: load 00007ff8c31c0000 LB 0x0021d000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
3501458.232c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
3511458.232c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
3521458.232c: supR3HardenedDllNotificationCallback: load 00007ff8c4f80000 LB 0x000ab000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
3531458.232c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3541458.232c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c4f80000 'C:\WINDOWS\System32\KERNEL32.DLL'
3551458.232c: supR3HardenedDllNotificationCallback: load 00007ff6a1ff0000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
3561458.232c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3571458.232c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
3581458.232c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3591458.232c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8c64b9fa0 pvNtTerminateThread=00007ff8c64e6b20
3601174.9fc: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 76 ms.
3611458.232c: \SystemRoot\System32\ntdll.dll:
3621458.232c: CreationTime: 2016-12-11T13:52:06.135396300Z
3631458.232c: LastWriteTime: 2016-11-11T10:13:03.409595100Z
3641458.232c: ChangeTime: 2017-03-16T19:37:12.370136600Z
3651458.232c: FileAttributes: 0x20
3661458.232c: Size: 0x1cc888
3671458.232c: NT Headers: 0xd8
3681458.232c: Timestamp: 0x5825887f
3691458.232c: Machine: 0x8664 - amd64
3701458.232c: Timestamp: 0x5825887f
3711458.232c: Image Version: 10.0
3721458.232c: SizeOfImage: 0x1d1000 (1904640)
3731458.232c: Resource Dir: 0x168000 LB 0x67988
3741458.232c: ProductName: Microsoft® Windows® Operating System
3751458.232c: ProductVersion: 10.0.14393.479
3761458.232c: FileVersion: 10.0.14393.479 (rs1_release.161110-2025)
3771458.232c: FileDescription: NT Layer DLL
3781458.232c: \SystemRoot\System32\kernel32.dll:
3791458.232c: CreationTime: 2016-07-16T11:42:16.155721400Z
3801458.232c: LastWriteTime: 2016-07-16T11:42:16.155721400Z
3811458.232c: ChangeTime: 2016-10-03T04:12:48.135182400Z
3821458.232c: FileAttributes: 0x20
3831458.232c: Size: 0xaade8
3841458.232c: NT Headers: 0xf0
3851458.232c: Timestamp: 0x57899a29
3861458.232c: Machine: 0x8664 - amd64
3871458.232c: Timestamp: 0x57899a29
3881458.232c: Image Version: 10.0
3891458.232c: SizeOfImage: 0xab000 (700416)
3901458.232c: Resource Dir: 0xa9000 LB 0x528
3911458.232c: ProductName: Microsoft® Windows® Operating System
3921458.232c: ProductVersion: 10.0.14393.0
3931458.232c: FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
3941458.232c: FileDescription: Windows NT BASE API Client DLL
3951458.232c: \SystemRoot\System32\KernelBase.dll:
3961458.232c: CreationTime: 2017-03-16T17:09:41.395525000Z
3971458.232c: LastWriteTime: 2017-03-04T07:22:41.598640500Z
3981458.232c: ChangeTime: 2017-03-17T16:24:12.435795600Z
3991458.232c: FileAttributes: 0x20
4001458.232c: Size: 0x21c780
4011458.232c: NT Headers: 0xf8
4021458.232c: Timestamp: 0x58ba59e1
4031458.232c: Machine: 0x8664 - amd64
4041458.232c: Timestamp: 0x58ba59e1
4051458.232c: Image Version: 10.0
4061458.232c: SizeOfImage: 0x21d000 (2215936)
4071458.232c: Resource Dir: 0x201000 LB 0x560
4081458.232c: ProductName: Microsoft® Windows® Operating System
4091458.232c: ProductVersion: 10.0.14393.953
4101458.232c: FileVersion: 10.0.14393.953 (rs1_release_inmarket.170303-1614)
4111458.232c: FileDescription: Windows NT BASE API Client DLL
4121458.232c: \SystemRoot\System32\apisetschema.dll:
4131458.232c: CreationTime: 2016-07-16T11:42:21.577586000Z
4141458.232c: LastWriteTime: 2016-07-16T11:42:21.577586000Z
4151458.232c: ChangeTime: 2016-10-03T04:12:39.289161000Z
4161458.232c: FileAttributes: 0x20
4171458.232c: Size: 0x18960
4181458.232c: NT Headers: 0xc8
4191458.232c: Timestamp: 0x57899bd2
4201458.232c: Machine: 0x8664 - amd64
4211458.232c: Timestamp: 0x57899bd2
4221458.232c: Image Version: 10.0
4231458.232c: SizeOfImage: 0x19000 (102400)
4241458.232c: Resource Dir: 0x18000 LB 0x400
4251458.232c: ProductName: Microsoft® Windows® Operating System
4261458.232c: ProductVersion: 10.0.14393.0
4271458.232c: FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
4281458.232c: FileDescription: ApiSet Schema DLL
4291458.232c: Found driver klkbdflt (0x40)
4301458.232c: Found driver klmouflt (0x40)
4311458.232c: Found driver KLIM6 (0x40)
4321458.232c: Found driver kl1 (0x40)
4331458.232c: Found driver kneps (0x40)
4341458.232c: Found driver klflt (0x40)
4351458.232c: supR3HardenedWinFindAdversaries: 0x40
4361458.232c: \SystemRoot\System32\drivers\kl1.sys:
4371458.232c: CreationTime: 2016-06-02T01:43:38.000000000Z
4381458.232c: LastWriteTime: 2016-06-02T01:43:38.000000000Z
4391458.232c: ChangeTime: 2016-10-02T18:53:54.949086000Z
4401458.232c: FileAttributes: 0x2020
4411458.232c: Size: 0x875b0
4421458.232c: NT Headers: 0xe8
4431458.232c: Timestamp: 0x56fe83ac
4441458.232c: Machine: 0x8664 - amd64
4451458.232c: Timestamp: 0x56fe83ac
4461458.232c: Image Version: 0.0
4471458.232c: SizeOfImage: 0x709000 (7376896)
4481458.232c: Resource Dir: 0x707000 LB 0x448
4491458.232c: ProductName: Kaspersky Anti-Virus
4501458.232c: ProductVersion: 6.0.1.990
4511458.232c: FileVersion: 6.8.0.67
4521458.232c: FileDescription: Kaspersky Unified Driver
4531458.232c: \SystemRoot\System32\drivers\klflt.sys:
4541458.232c: CreationTime: 2016-03-05T12:00:06.164930400Z
4551458.232c: LastWriteTime: 2017-03-13T18:26:52.914703000Z
4561458.232c: ChangeTime: 2017-03-13T18:26:52.914703000Z
4571458.232c: FileAttributes: 0x20
4581458.232c: Size: 0x2ff18
4591458.232c: NT Headers: 0x100
4601458.232c: Timestamp: 0x5864f2cf
4611458.232c: Machine: 0x8664 - amd64
4621458.232c: Timestamp: 0x5864f2cf
4631458.232c: Image Version: 6.2
4641458.232c: SizeOfImage: 0x3d000 (249856)
4651458.232c: Resource Dir: 0x3b000 LB 0x418
4661458.232c: ProductName: System Interceptors PDK
4671458.232c: ProductVersion: 12.0.31.0
4681458.232c: FileVersion: 12.0.31.0
4691458.232c: FileDescription: Filter Core [fre_win8_x64]
4701458.232c: \SystemRoot\System32\drivers\klif.sys:
4711458.232c: CreationTime: 2016-03-05T12:00:06.149304400Z
4721458.232c: LastWriteTime: 2017-03-13T18:26:53.055339400Z
4731458.232c: ChangeTime: 2017-03-13T18:26:53.055339400Z
4741458.232c: FileAttributes: 0x20
4751458.232c: Size: 0xf8718
4761458.232c: NT Headers: 0x118
4771458.232c: Timestamp: 0x58adaa67
4781458.232c: Machine: 0x8664 - amd64
4791458.232c: Timestamp: 0x58adaa67
4801458.232c: Image Version: 6.2
4811458.232c: SizeOfImage: 0xfe000 (1040384)
4821458.232c: Resource Dir: 0xfb000 LB 0x1fe8
4831458.232c: ProductName: System Interceptors PDK
4841458.232c: ProductVersion: 12.0.208.0
4851458.232c: FileVersion: 12.0.208.0
4861458.232c: FileDescription: Core System Interceptors [fre_win8_x64]
4871458.232c: \SystemRoot\System32\drivers\klim6.sys:
4881458.232c: CreationTime: 2016-06-20T21:41:10.000000000Z
4891458.232c: LastWriteTime: 2016-12-06T18:40:00.259326400Z
4901458.232c: ChangeTime: 2016-12-06T18:40:00.259326400Z
4911458.232c: FileAttributes: 0x20
4921458.232c: Size: 0xe050
4931458.232c: NT Headers: 0x108
4941458.232c: Timestamp: 0x57ee6a18
4951458.232c: Machine: 0x8664 - amd64
4961458.232c: Timestamp: 0x57ee6a18
4971458.232c: Image Version: 6.2
4981458.232c: SizeOfImage: 0xc000 (49152)
4991458.232c: Resource Dir: 0xa000 LB 0x430
5001458.232c: ProductName: System Interceptors PDK
5011458.232c: ProductVersion: 13.0.0.8
5021458.232c: FileVersion: 13.0.0.8
5031458.232c: FileDescription: Packet Network Filter [fre_win8_x64]
5041458.232c: \SystemRoot\System32\drivers\klkbdflt.sys:
5051458.232c: CreationTime: 2015-06-06T07:31:42.000000000Z
5061458.232c: LastWriteTime: 2016-05-18T22:57:36.000000000Z
5071458.232c: ChangeTime: 2016-12-06T18:40:40.417540300Z
5081458.232c: FileAttributes: 0x20
5091458.232c: Size: 0xcba8
5101458.232c: NT Headers: 0x100
5111458.232c: Timestamp: 0x5736349d
5121458.232c: Machine: 0x8664 - amd64
5131458.232c: Timestamp: 0x5736349d
5141458.232c: Image Version: 6.2
5151458.232c: SizeOfImage: 0xc000 (49152)
5161458.232c: Resource Dir: 0xa000 LB 0x438
5171458.232c: ProductName: System Interceptors PDK
5181458.232c: ProductVersion: 12.0.0.1
5191458.232c: FileVersion: 12.0.0.1
5201458.232c: FileDescription: Keyboard Device Filter [fre_win8_x64]
5211458.232c: \SystemRoot\System32\drivers\klmouflt.sys:
5221458.232c: CreationTime: 2015-06-07T00:52:56.000000000Z
5231458.232c: LastWriteTime: 2015-06-06T23:52:56.000000000Z
5241458.232c: ChangeTime: 2016-12-06T18:40:40.823804700Z
5251458.232c: FileAttributes: 0x20
5261458.232c: Size: 0xa2b8
5271458.232c: NT Headers: 0xe8
5281458.232c: Timestamp: 0x556da33c
5291458.232c: Machine: 0x8664 - amd64
5301458.232c: Timestamp: 0x556da33c
5311458.232c: Image Version: 6.2
5321458.232c: SizeOfImage: 0xc000 (49152)
5331458.232c: Resource Dir: 0xa000 LB 0x438
5341458.232c: ProductName: System Interceptors PDK
5351458.232c: ProductVersion: 10.0.0.11
5361458.232c: FileVersion: 10.0.0.11
5371458.232c: FileDescription: Mouse Device Filter [fre_win8_x64]
5381458.232c: \SystemRoot\System32\drivers\kneps.sys:
5391458.232c: CreationTime: 2015-06-23T17:30:50.000000000Z
5401458.232c: LastWriteTime: 2017-03-13T18:26:53.149089400Z
5411458.232c: ChangeTime: 2017-03-13T18:26:53.149089400Z
5421458.232c: FileAttributes: 0x20
5431458.232c: Size: 0x30ae0
5441458.232c: NT Headers: 0x108
5451458.232c: Timestamp: 0x5853b0e1
5461458.232c: Machine: 0x8664 - amd64
5471458.232c: Timestamp: 0x5853b0e1
5481458.232c: Image Version: 5.2
5491458.232c: SizeOfImage: 0x2d000 (184320)
5501458.232c: Resource Dir: 0x2b000 LB 0x428
5511458.232c: ProductName: System Interceptors PDK
5521458.232c: ProductVersion: 12.0.0.22
5531458.232c: FileVersion: 12.0.0.22
5541458.232c: FileDescription: Network Processor [fre_wnet_x64]
5551458.232c: \SystemRoot\System32\klfphc.dll:
5561458.232c: CreationTime: 2016-03-05T12:00:43.860065400Z
5571458.232c: LastWriteTime: 2013-05-06T06:13:26.000000000Z
5581458.232c: ChangeTime: 2016-09-27T09:21:55.687462100Z
5591458.232c: FileAttributes: 0x20
5601458.232c: Size: 0x1ae60
5611458.232c: NT Headers: 0xe8
5621458.232c: Timestamp: 0x51873bf2
5631458.232c: Machine: 0x8664 - amd64
5641458.232c: Timestamp: 0x51873bf2
5651458.232c: Image Version: 0.0
5661458.232c: SizeOfImage: 0x1d000 (118784)
5671458.232c: Resource Dir: 0x18000 LB 0x3c80
5681458.232c: ProductName: Kaspersky™ Anti-Virus ®
5691458.232c: ProductVersion: 1.0.0.12
5701458.232c: FileVersion: 1.0.0.12
5711458.232c: FileDescription: Filtering Platform Helper Class
5721458.232c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
5731458.232c: Calling main()
5741458.232c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
5751458.232c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
5761458.232c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
5771458.232c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
5781458.232c: SUPR3HardenedMain: Respawn #2
5791458.232c: supR3HardNtEnableThreadCreation:
5801458.232c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
5811458.232c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
5821458.232c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
5831458.232c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
5841458.232c: supR3HardenedDllNotificationCallback: load 00007ff8c0e40000 LB 0x0007a000 C:\WINDOWS\system32\apphelp.dll [fFlags=0x0]
5851458.232c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
5861458.232c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c0e40000 'C:\WINDOWS\system32\apphelp.dll'
5871458.232c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8c64b9fa0 pvNtTerminateThread=00007ff8c64e6b20
5881458.232c: supR3HardenedWinDoReSpawn(2): New child 24d0.229c [kernel32].
5891458.232c: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
5901458.232c: supR3HardNtChildGatherData: PebBaseAddress=0000000000712000 cbPeb=0x388
5911458.232c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff8c6440000 uNtDllChildAddr=00007ff8c6440000
5921458.232c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff8c64b9fa0
5931458.232c: supR3HardenedWinSetupChildInit: Start child.
5941458.232c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
5951458.232c: supR3HardNtChildPurify: Startup delay kludge #1/0: 522 ms, 52 sleeps
5961458.232c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
5971458.232c: *0000000000000000-ffffffffffa8ffff 0x0001/0x0000 0x0000000
5981458.232c: *0000000000570000-000000000054ffff 0x0004/0x0004 0x0020000
5991458.232c: *0000000000590000-0000000000579fff 0x0002/0x0002 0x0040000
6001458.232c: 00000000005a6000-000000000059bfff 0x0001/0x0000 0x0000000
6011458.232c: *00000000005b0000-00000000005abfff 0x0002/0x0002 0x0040000
6021458.232c: 00000000005b4000-00000000005a7fff 0x0001/0x0000 0x0000000
6031458.232c: *00000000005c0000-00000000005bdfff 0x0004/0x0004 0x0020000
6041458.232c: 00000000005c2000-0000000000583fff 0x0001/0x0000 0x0000000
6051458.232c: *0000000000600000-00000000004edfff 0x0000/0x0004 0x0020000
6061458.232c: 0000000000712000-000000000070efff 0x0004/0x0004 0x0020000
6071458.232c: 0000000000715000-0000000000629fff 0x0000/0x0004 0x0020000
6081458.232c: *0000000000800000-0000000000704fff 0x0000/0x0004 0x0020000
6091458.232c: 00000000008fb000-00000000008f7fff 0x0104/0x0004 0x0020000
6101458.232c: 00000000008fe000-00000000008fbfff 0x0004/0x0004 0x0020000
6111458.232c: 0000000000900000-ffffffffff22ffff 0x0001/0x0000 0x0000000
6121458.232c: *0000000001fd0000-0000000001fcefff 0x0002/0x0002 0x0020000
6131458.232c: 0000000001fd1000-0000000001fc1fff 0x0001/0x0000 0x0000000
6141458.232c: *0000000001fe0000-0000000001fdefff 0x0010/0x0010 0x0020000 !!
6151458.232c: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000001fe0000 (LB 0x1000, 0000000001fe0000 LB 0x1000)
6161458.232c: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000001fe0000/0000000001fe0000 LB 0/0x1000]
6171458.232c: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000001fe0000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
6181458.232c: 0000000001fe1000-0000000001fd1fff 0x0001/0x0000 0x0000000
6191458.232c: *0000000001ff0000-0000000001feefff 0x0004/0x0004 0x0020000
6201458.232c: 0000000001ff1000-ffffffff84001fff 0x0001/0x0000 0x0000000
6211458.232c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
6221458.232c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
6231458.232c: 000000007fff0000-ffff800a5eeeffff 0x0001/0x0000 0x0000000
6241458.232c: *00007ff6a10f0000-00007ff6a10ccfff 0x0002/0x0002 0x0040000
6251458.232c: 00007ff6a1113000-00007ff6a0235fff 0x0001/0x0000 0x0000000
6261458.232c: *00007ff6a1ff0000-00007ff6a1ff0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
6271458.232c: 00007ff6a1ff1000-00007ff6a205ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
6281458.232c: 00007ff6a2060000-00007ff6a2060fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
6291458.232c: 00007ff6a2061000-00007ff6a20a5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
6301458.232c: 00007ff6a20a6000-00007ff6a20a6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
6311458.232c: 00007ff6a20a7000-00007ff6a20a7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
6321458.232c: 00007ff6a20a8000-00007ff6a20acfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
6331458.232c: 00007ff6a20ad000-00007ff6a20adfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
6341458.232c: 00007ff6a20ae000-00007ff6a20aefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
6351458.232c: 00007ff6a20af000-00007ff6a20b2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
6361458.232c: 00007ff6a20b3000-00007ff6a20fafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
6371458.232c: 00007ff6a20fb000-00007ff47ddb5fff 0x0001/0x0000 0x0000000
6381458.232c: *00007ff8c6440000-00007ff8c6440fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
6391458.232c: 00007ff8c6441000-00007ff8c6547fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
6401458.232c: 00007ff8c6548000-00007ff8c658bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
6411458.232c: 00007ff8c658c000-00007ff8c6594fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
6421458.232c: 00007ff8c6595000-00007ff8c65a2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
6431458.232c: 00007ff8c65a3000-00007ff8c65a3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
6441458.232c: 00007ff8c65a4000-00007ff8c65a6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
6451458.232c: 00007ff8c65a7000-00007ff8c6610fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
6461458.232c: 00007ff8c6611000-00007ff18cc41fff 0x0001/0x0000 0x0000000
6471458.232c: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
6481458.232c: VirtualBox.exe: timestamp 0x58c95b24 (rc=VINF_SUCCESS)
6491458.232c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
6501458.232c: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
6511458.232c: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x40
6521458.232c: supR3HardNtChildPurify: Startup delay kludge #1/1: 515 ms, 33 sleeps
6531458.232c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
6541458.232c: *0000000000000000-ffffffffffa8ffff 0x0001/0x0000 0x0000000
6551458.232c: *0000000000570000-000000000054ffff 0x0004/0x0004 0x0020000
6561458.232c: *0000000000590000-0000000000579fff 0x0002/0x0002 0x0040000
6571458.232c: 00000000005a6000-000000000059bfff 0x0001/0x0000 0x0000000
6581458.232c: *00000000005b0000-00000000005abfff 0x0002/0x0002 0x0040000
6591458.232c: 00000000005b4000-00000000005a7fff 0x0001/0x0000 0x0000000
6601458.232c: *00000000005c0000-00000000005bdfff 0x0004/0x0004 0x0020000
6611458.232c: 00000000005c2000-0000000000583fff 0x0001/0x0000 0x0000000
6621458.232c: *0000000000600000-00000000004edfff 0x0000/0x0004 0x0020000
6631458.232c: 0000000000712000-000000000070efff 0x0004/0x0004 0x0020000
6641458.232c: 0000000000715000-0000000000629fff 0x0000/0x0004 0x0020000
6651458.232c: *0000000000800000-0000000000704fff 0x0000/0x0004 0x0020000
6661458.232c: 00000000008fb000-00000000008f7fff 0x0104/0x0004 0x0020000
6671458.232c: 00000000008fe000-00000000008fbfff 0x0004/0x0004 0x0020000
6681458.232c: 0000000000900000-ffffffffff22ffff 0x0001/0x0000 0x0000000
6691458.232c: *0000000001fd0000-0000000001fcefff 0x0002/0x0002 0x0020000
6701458.232c: 0000000001fd1000-0000000001fb1fff 0x0001/0x0000 0x0000000
6711458.232c: *0000000001ff0000-0000000001feefff 0x0004/0x0004 0x0020000
6721458.232c: 0000000001ff1000-ffffffff84001fff 0x0001/0x0000 0x0000000
6731458.232c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
6741458.232c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
6751458.232c: 000000007fff0000-ffff800a5eeeffff 0x0001/0x0000 0x0000000
6761458.232c: *00007ff6a10f0000-00007ff6a10ccfff 0x0002/0x0002 0x0040000
6771458.232c: 00007ff6a1113000-00007ff6a0235fff 0x0001/0x0000 0x0000000
6781458.232c: *00007ff6a1ff0000-00007ff6a1ff0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
6791458.232c: 00007ff6a1ff1000-00007ff6a205ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
6801458.232c: 00007ff6a2060000-00007ff6a2060fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
6811458.232c: 00007ff6a2061000-00007ff6a20a5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
6821458.232c: 00007ff6a20a6000-00007ff6a20b2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
6831458.232c: 00007ff6a20b3000-00007ff6a20fafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
6841458.232c: 00007ff6a20fb000-00007ff47ddb5fff 0x0001/0x0000 0x0000000
6851458.232c: *00007ff8c6440000-00007ff8c6440fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
6861458.232c: 00007ff8c6441000-00007ff8c6547fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
6871458.232c: 00007ff8c6548000-00007ff8c658bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
6881458.232c: 00007ff8c658c000-00007ff8c658ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
6891458.232c: 00007ff8c6590000-00007ff8c6594fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
6901458.232c: 00007ff8c6595000-00007ff8c65a2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
6911458.232c: 00007ff8c65a3000-00007ff8c65a3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
6921458.232c: 00007ff8c65a4000-00007ff8c65a6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
6931458.232c: 00007ff8c65a7000-00007ff8c6610fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
6941458.232c: 00007ff8c6611000-00007ff18cc41fff 0x0001/0x0000 0x0000000
6951458.232c: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
6961458.232c: supR3HardNtChildPurify: Done after 1287 ms and 1 fixes (loop #1).
69724d0.229c: Log file opened: 5.1.18r114002 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0383900
69824d0.229c: supR3HardenedVmProcessInit: uNtDllAddr=00007ff8c6440000 g_uNtVerCombined=0xa0383900
69924d0.229c: ntdll.dll: timestamp 0x5825887f (rc=VINF_SUCCESS)
70024d0.229c: New simple heap: #1 0000000000a00000 LB 0x400000 (for 1904640 allocation)
7011458.232c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001400000 LB 0x400000)
7021458.232c: supR3HardNtEnableThreadCreation:
70324d0.229c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
70424d0.229c: System32: \Device\HarddiskVolume2\Windows\System32
70524d0.229c: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
70624d0.229c: KnownDllPath: C:\WINDOWS\System32
70724d0.229c: supR3HardenedVmProcessInit: Opening vboxdrv...
70824d0.229c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
70924d0.229c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
71024d0.229c: Registered Dll notification callback with NTDLL.
71124d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
71224d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
71324d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
71424d0.229c: supR3HardenedDllNotificationCallback: load 00007ff8c31c0000 LB 0x0021d000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
71524d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
71624d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
71724d0.229c: supR3HardenedDllNotificationCallback: load 00007ff8c4f80000 LB 0x000ab000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
71824d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
71924d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c4f80000 'C:\WINDOWS\System32\KERNEL32.DLL'
72024d0.229c: supR3HardenedDllNotificationCallback: load 00007ff6a1ff0000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
72124d0.229c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
72224d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
72324d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
72424d0.229c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8c64b9fa0 pvNtTerminateThread=00007ff8c64e6b20
7251458.232c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 78 ms.
72624d0.229c: \SystemRoot\System32\ntdll.dll:
72724d0.229c: CreationTime: 2016-12-11T13:52:06.135396300Z
72824d0.229c: LastWriteTime: 2016-11-11T10:13:03.409595100Z
72924d0.229c: ChangeTime: 2017-03-16T19:37:12.370136600Z
73024d0.229c: FileAttributes: 0x20
73124d0.229c: Size: 0x1cc888
73224d0.229c: NT Headers: 0xd8
73324d0.229c: Timestamp: 0x5825887f
73424d0.229c: Machine: 0x8664 - amd64
73524d0.229c: Timestamp: 0x5825887f
73624d0.229c: Image Version: 10.0
73724d0.229c: SizeOfImage: 0x1d1000 (1904640)
73824d0.229c: Resource Dir: 0x168000 LB 0x67988
73924d0.229c: ProductName: Microsoft® Windows® Operating System
74024d0.229c: ProductVersion: 10.0.14393.479
74124d0.229c: FileVersion: 10.0.14393.479 (rs1_release.161110-2025)
74224d0.229c: FileDescription: NT Layer DLL
74324d0.229c: \SystemRoot\System32\kernel32.dll:
74424d0.229c: CreationTime: 2016-07-16T11:42:16.155721400Z
74524d0.229c: LastWriteTime: 2016-07-16T11:42:16.155721400Z
74624d0.229c: ChangeTime: 2016-10-03T04:12:48.135182400Z
74724d0.229c: FileAttributes: 0x20
74824d0.229c: Size: 0xaade8
74924d0.229c: NT Headers: 0xf0
75024d0.229c: Timestamp: 0x57899a29
75124d0.229c: Machine: 0x8664 - amd64
75224d0.229c: Timestamp: 0x57899a29
75324d0.229c: Image Version: 10.0
75424d0.229c: SizeOfImage: 0xab000 (700416)
75524d0.229c: Resource Dir: 0xa9000 LB 0x528
75624d0.229c: ProductName: Microsoft® Windows® Operating System
75724d0.229c: ProductVersion: 10.0.14393.0
75824d0.229c: FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
75924d0.229c: FileDescription: Windows NT BASE API Client DLL
76024d0.229c: \SystemRoot\System32\KernelBase.dll:
76124d0.229c: CreationTime: 2017-03-16T17:09:41.395525000Z
76224d0.229c: LastWriteTime: 2017-03-04T07:22:41.598640500Z
76324d0.229c: ChangeTime: 2017-03-17T16:24:12.435795600Z
76424d0.229c: FileAttributes: 0x20
76524d0.229c: Size: 0x21c780
76624d0.229c: NT Headers: 0xf8
76724d0.229c: Timestamp: 0x58ba59e1
76824d0.229c: Machine: 0x8664 - amd64
76924d0.229c: Timestamp: 0x58ba59e1
77024d0.229c: Image Version: 10.0
77124d0.229c: SizeOfImage: 0x21d000 (2215936)
77224d0.229c: Resource Dir: 0x201000 LB 0x560
77324d0.229c: ProductName: Microsoft® Windows® Operating System
77424d0.229c: ProductVersion: 10.0.14393.953
77524d0.229c: FileVersion: 10.0.14393.953 (rs1_release_inmarket.170303-1614)
77624d0.229c: FileDescription: Windows NT BASE API Client DLL
77724d0.229c: \SystemRoot\System32\apisetschema.dll:
77824d0.229c: CreationTime: 2016-07-16T11:42:21.577586000Z
77924d0.229c: LastWriteTime: 2016-07-16T11:42:21.577586000Z
78024d0.229c: ChangeTime: 2016-10-03T04:12:39.289161000Z
78124d0.229c: FileAttributes: 0x20
78224d0.229c: Size: 0x18960
78324d0.229c: NT Headers: 0xc8
78424d0.229c: Timestamp: 0x57899bd2
78524d0.229c: Machine: 0x8664 - amd64
78624d0.229c: Timestamp: 0x57899bd2
78724d0.229c: Image Version: 10.0
78824d0.229c: SizeOfImage: 0x19000 (102400)
78924d0.229c: Resource Dir: 0x18000 LB 0x400
79024d0.229c: ProductName: Microsoft® Windows® Operating System
79124d0.229c: ProductVersion: 10.0.14393.0
79224d0.229c: FileVersion: 10.0.14393.0 (rs1_release.160715-1616)
79324d0.229c: FileDescription: ApiSet Schema DLL
79424d0.229c: Found driver klkbdflt (0x40)
79524d0.229c: Found driver klmouflt (0x40)
79624d0.229c: Found driver KLIM6 (0x40)
79724d0.229c: Found driver kl1 (0x40)
79824d0.229c: Found driver kneps (0x40)
79924d0.229c: Found driver klflt (0x40)
80024d0.229c: supR3HardenedWinFindAdversaries: 0x40
80124d0.229c: \SystemRoot\System32\drivers\kl1.sys:
80224d0.229c: CreationTime: 2016-06-02T01:43:38.000000000Z
80324d0.229c: LastWriteTime: 2016-06-02T01:43:38.000000000Z
80424d0.229c: ChangeTime: 2016-10-02T18:53:54.949086000Z
80524d0.229c: FileAttributes: 0x2020
80624d0.229c: Size: 0x875b0
80724d0.229c: NT Headers: 0xe8
80824d0.229c: Timestamp: 0x56fe83ac
80924d0.229c: Machine: 0x8664 - amd64
81024d0.229c: Timestamp: 0x56fe83ac
81124d0.229c: Image Version: 0.0
81224d0.229c: SizeOfImage: 0x709000 (7376896)
81324d0.229c: Resource Dir: 0x707000 LB 0x448
81424d0.229c: ProductName: Kaspersky Anti-Virus
81524d0.229c: ProductVersion: 6.0.1.990
81624d0.229c: FileVersion: 6.8.0.67
81724d0.229c: FileDescription: Kaspersky Unified Driver
81824d0.229c: \SystemRoot\System32\drivers\klflt.sys:
81924d0.229c: CreationTime: 2016-03-05T12:00:06.164930400Z
82024d0.229c: LastWriteTime: 2017-03-13T18:26:52.914703000Z
82124d0.229c: ChangeTime: 2017-03-13T18:26:52.914703000Z
82224d0.229c: FileAttributes: 0x20
82324d0.229c: Size: 0x2ff18
82424d0.229c: NT Headers: 0x100
82524d0.229c: Timestamp: 0x5864f2cf
82624d0.229c: Machine: 0x8664 - amd64
82724d0.229c: Timestamp: 0x5864f2cf
82824d0.229c: Image Version: 6.2
82924d0.229c: SizeOfImage: 0x3d000 (249856)
83024d0.229c: Resource Dir: 0x3b000 LB 0x418
83124d0.229c: ProductName: System Interceptors PDK
83224d0.229c: ProductVersion: 12.0.31.0
83324d0.229c: FileVersion: 12.0.31.0
83424d0.229c: FileDescription: Filter Core [fre_win8_x64]
83524d0.229c: \SystemRoot\System32\drivers\klif.sys:
83624d0.229c: CreationTime: 2016-03-05T12:00:06.149304400Z
83724d0.229c: LastWriteTime: 2017-03-13T18:26:53.055339400Z
83824d0.229c: ChangeTime: 2017-03-13T18:26:53.055339400Z
83924d0.229c: FileAttributes: 0x20
84024d0.229c: Size: 0xf8718
84124d0.229c: NT Headers: 0x118
84224d0.229c: Timestamp: 0x58adaa67
84324d0.229c: Machine: 0x8664 - amd64
84424d0.229c: Timestamp: 0x58adaa67
84524d0.229c: Image Version: 6.2
84624d0.229c: SizeOfImage: 0xfe000 (1040384)
84724d0.229c: Resource Dir: 0xfb000 LB 0x1fe8
84824d0.229c: ProductName: System Interceptors PDK
84924d0.229c: ProductVersion: 12.0.208.0
85024d0.229c: FileVersion: 12.0.208.0
85124d0.229c: FileDescription: Core System Interceptors [fre_win8_x64]
85224d0.229c: \SystemRoot\System32\drivers\klim6.sys:
85324d0.229c: CreationTime: 2016-06-20T21:41:10.000000000Z
85424d0.229c: LastWriteTime: 2016-12-06T18:40:00.259326400Z
85524d0.229c: ChangeTime: 2016-12-06T18:40:00.259326400Z
85624d0.229c: FileAttributes: 0x20
85724d0.229c: Size: 0xe050
85824d0.229c: NT Headers: 0x108
85924d0.229c: Timestamp: 0x57ee6a18
86024d0.229c: Machine: 0x8664 - amd64
86124d0.229c: Timestamp: 0x57ee6a18
86224d0.229c: Image Version: 6.2
86324d0.229c: SizeOfImage: 0xc000 (49152)
86424d0.229c: Resource Dir: 0xa000 LB 0x430
86524d0.229c: ProductName: System Interceptors PDK
86624d0.229c: ProductVersion: 13.0.0.8
86724d0.229c: FileVersion: 13.0.0.8
86824d0.229c: FileDescription: Packet Network Filter [fre_win8_x64]
86924d0.229c: \SystemRoot\System32\drivers\klkbdflt.sys:
87024d0.229c: CreationTime: 2015-06-06T07:31:42.000000000Z
87124d0.229c: LastWriteTime: 2016-05-18T22:57:36.000000000Z
87224d0.229c: ChangeTime: 2016-12-06T18:40:40.417540300Z
87324d0.229c: FileAttributes: 0x20
87424d0.229c: Size: 0xcba8
87524d0.229c: NT Headers: 0x100
87624d0.229c: Timestamp: 0x5736349d
87724d0.229c: Machine: 0x8664 - amd64
87824d0.229c: Timestamp: 0x5736349d
87924d0.229c: Image Version: 6.2
88024d0.229c: SizeOfImage: 0xc000 (49152)
88124d0.229c: Resource Dir: 0xa000 LB 0x438
88224d0.229c: ProductName: System Interceptors PDK
88324d0.229c: ProductVersion: 12.0.0.1
88424d0.229c: FileVersion: 12.0.0.1
88524d0.229c: FileDescription: Keyboard Device Filter [fre_win8_x64]
88624d0.229c: \SystemRoot\System32\drivers\klmouflt.sys:
88724d0.229c: CreationTime: 2015-06-07T00:52:56.000000000Z
88824d0.229c: LastWriteTime: 2015-06-06T23:52:56.000000000Z
88924d0.229c: ChangeTime: 2016-12-06T18:40:40.823804700Z
89024d0.229c: FileAttributes: 0x20
89124d0.229c: Size: 0xa2b8
89224d0.229c: NT Headers: 0xe8
89324d0.229c: Timestamp: 0x556da33c
89424d0.229c: Machine: 0x8664 - amd64
89524d0.229c: Timestamp: 0x556da33c
89624d0.229c: Image Version: 6.2
89724d0.229c: SizeOfImage: 0xc000 (49152)
89824d0.229c: Resource Dir: 0xa000 LB 0x438
89924d0.229c: ProductName: System Interceptors PDK
90024d0.229c: ProductVersion: 10.0.0.11
90124d0.229c: FileVersion: 10.0.0.11
90224d0.229c: FileDescription: Mouse Device Filter [fre_win8_x64]
90324d0.229c: \SystemRoot\System32\drivers\kneps.sys:
90424d0.229c: CreationTime: 2015-06-23T17:30:50.000000000Z
90524d0.229c: LastWriteTime: 2017-03-13T18:26:53.149089400Z
90624d0.229c: ChangeTime: 2017-03-13T18:26:53.149089400Z
90724d0.229c: FileAttributes: 0x20
90824d0.229c: Size: 0x30ae0
90924d0.229c: NT Headers: 0x108
91024d0.229c: Timestamp: 0x5853b0e1
91124d0.229c: Machine: 0x8664 - amd64
91224d0.229c: Timestamp: 0x5853b0e1
91324d0.229c: Image Version: 5.2
91424d0.229c: SizeOfImage: 0x2d000 (184320)
91524d0.229c: Resource Dir: 0x2b000 LB 0x428
91624d0.229c: ProductName: System Interceptors PDK
91724d0.229c: ProductVersion: 12.0.0.22
91824d0.229c: FileVersion: 12.0.0.22
91924d0.229c: FileDescription: Network Processor [fre_wnet_x64]
92024d0.229c: \SystemRoot\System32\klfphc.dll:
92124d0.229c: CreationTime: 2016-03-05T12:00:43.860065400Z
92224d0.229c: LastWriteTime: 2013-05-06T06:13:26.000000000Z
92324d0.229c: ChangeTime: 2016-09-27T09:21:55.687462100Z
92424d0.229c: FileAttributes: 0x20
92524d0.229c: Size: 0x1ae60
92624d0.229c: NT Headers: 0xe8
92724d0.229c: Timestamp: 0x51873bf2
92824d0.229c: Machine: 0x8664 - amd64
92924d0.229c: Timestamp: 0x51873bf2
93024d0.229c: Image Version: 0.0
93124d0.229c: SizeOfImage: 0x1d000 (118784)
93224d0.229c: Resource Dir: 0x18000 LB 0x3c80
93324d0.229c: ProductName: Kaspersky™ Anti-Virus ®
93424d0.229c: ProductVersion: 1.0.0.12
93524d0.229c: FileVersion: 1.0.0.12
93624d0.229c: FileDescription: Filtering Platform Helper Class
93724d0.229c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
93824d0.229c: Calling main()
93924d0.229c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
94024d0.229c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
94124d0.229c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
94224d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
94324d0.229c: SUPR3HardenedMain: Final process, opening VBoxDrv...
94424d0.229c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000a00000 LB 0x400000)
94524d0.229c: supR3HardNtEnableThreadCreation:
94624d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
94724d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
94824d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
94924d0.229c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
95024d0.229c: supR3HardenedDllNotificationCallback: load 00007ff893de0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
95124d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
95224d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
95324d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
95424d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff893de0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
95524d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
95624d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
95724d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff893de0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
95824d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff893de0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
95924d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
96024d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
96124d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
96224d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
96324d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
96424d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
96524d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
96624d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
96724d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
96824d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
96924d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
97024d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
97124d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'msasn1.dll'.
97224d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
97324d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
97424d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
97524d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
97624d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
97724d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
97824d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
97924d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
98024d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
98124d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
98224d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
98324d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
98424d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
98524d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
98624d0.229c: supR3HardenedDllNotificationCallback: load 00007ff8c5920000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
98724d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
98824d0.229c: supR3HardenedDllNotificationCallback: load 00007ff8c2920000 LB 0x00010000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
98924d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
99024d0.229c: supR3HardenedDllNotificationCallback: load 00007ff8c2930000 LB 0x000f5000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
99124d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll)
99224d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ucrtbase.dll
99324d0.229c: supR3HardenedDllNotificationCallback: load 00007ff8c3730000 LB 0x001c9000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
99424d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
99524d0.229c: supR3HardenedDllNotificationCallback: load 00007ff8c5030000 LB 0x00121000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
99624d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
99724d0.229c: supR3HardenedDllNotificationCallback: load 00007ff8c33e0000 LB 0x00055000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
99824d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
99924d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
100024d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c31c0000 'api-ms-win-core-synch-l1-2-0'
100124d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
100224d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c31c0000 'api-ms-win-core-fibers-l1-1-1'
100324d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
100424d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c31c0000 'api-ms-win-core-fibers-l1-1-1'
100524d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
100624d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c31c0000 'api-ms-win-core-synch-l1-2-0'
100724d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
100824d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c31c0000 'api-ms-win-core-localization-l1-2-1'
100924d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c33e0000 'C:\WINDOWS\system32\Wintrust.dll'
101024d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
101124d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
101224d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
101324d0.229c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
101424d0.229c: supR3HardenedDllNotificationCallback: load 00007ff8c2480000 LB 0x0002b000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
101524d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
101624d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c2480000 'C:\WINDOWS\system32\bcrypt.dll'
101724d0.229c: bcrypt.dll loaded at 00007ff8c2480000, BCryptOpenAlgorithmProvider at 00007ff8c2484260, preloading providers:
101824d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
101924d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
102024d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
102124d0.229c: supR3HardenedDllNotificationCallback: load 00007ff8c3530000 LB 0x0006a000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
102224d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
102324d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3530000 'C:\WINDOWS\system32\bcryptprimitives.dll'
102424d0.229c: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000f2d690)
102524d0.229c: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000f2ecc0)
102624d0.229c: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000f2ef90)
102724d0.229c: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000f2f260)
102824d0.229c: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000f2f530)
102924d0.229c: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000f30010)
103024d0.229c: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000f302e0)
103124d0.229c: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000f305b0)
103224d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
103324d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
103424d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c33e0000 'C:\Windows\System32\WINTRUST.DLL'
103524d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
103624d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
103724d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c33e0000 'C:\Windows\System32\WINTRUST.DLL'
103824d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
103924d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
104024d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c33e0000 'C:\Windows\System32\WINTRUST.DLL'
104124d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
104224d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
104324d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c33e0000 'C:\Windows\System32\WINTRUST.DLL'
104424d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
104524d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
104624d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c33e0000 'C:\Windows\System32\WINTRUST.DLL'
104724d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
104824d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
104924d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c33e0000 'C:\Windows\System32\WINTRUST.DLL'
105024d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
105124d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
105224d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c33e0000 'C:\Windows\System32\WINTRUST.DLL'
105324d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
105424d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
105524d0.229c: supR3HardenedDllNotificationCallback: load 00007ff8c2370000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
105624d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
105724d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
105824d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
105924d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
106024d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
106124d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
106224d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
106324d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
106424d0.229c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
106524d0.229c: supR3HardenedDllNotificationCallback: load 00007ff8c1dd0000 LB 0x00033000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
106624d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
106724d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
106824d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
106924d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
107024d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
107124d0.229c: supR3HardenedDllNotificationCallback: load 00007ff8c2390000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
107224d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
107324d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
107424d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
107524d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
107624d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
107724d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
107824d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c4f80000 'C:\WINDOWS\System32\kernel32.dll'
107924d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
108024d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c33e0000 'C:\Windows\System32\WINTRUST.DLL'
108124d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
108224d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
108324d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\CRYPT32.dll'
108424d0.229c: supR3HardenedDllNotificationCallback: load 00007ff8c6280000 LB 0x0001c000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
108524d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
108624d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
108724d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
108824d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
108924d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
109024d0.229c: supR3HardenedDllNotificationCallback: load 00007ff8c39d0000 LB 0x00059000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
109124d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
109224d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
109324d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
109424d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
109524d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
109624d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
109724d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
109824d0.229c: supR3HardenedDllNotificationCallback: load 00007ff8c1790000 LB 0x00023000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
109924d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
110024d0.229c: supR3HardenedDllNotificationCallback: load 00007ff8c28a0000 LB 0x00014000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
110124d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
110224d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
110324d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
110424d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
110524d0.229c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
110624d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
110724d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
110824d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
110924d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
111024d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
111124d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
111224d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
111324d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
111424d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
111524d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
111624d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
111724d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
111824d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
111924d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
112024d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
112124d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
112224d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
112324d0.229c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
112424d0.229c: supR3HardenedDllNotificationCallback: load 00007ff8bf0b0000 LB 0x0002f000 C:\WINDOWS\System32\cryptnet.dll [fFlags=0x0]
112524d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
112624d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
112724d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
112824d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bf0b0000 'C:\WINDOWS\System32\cryptnet.dll'
112924d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
113024d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
113124d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bf0b0000 'C:\WINDOWS\System32\cryptnet.dll'
113224d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
113324d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
113424d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bf0b0000 'C:\WINDOWS\System32\cryptnet.dll'
113524d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
113624d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
113724d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bf0b0000 'C:\WINDOWS\System32\cryptnet.dll'
113824d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
113924d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
114024d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bf0b0000 'C:\WINDOWS\System32\cryptnet.dll'
114124d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
114224d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
114324d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bf0b0000 'C:\WINDOWS\System32\cryptnet.dll'
114424d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
114524d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bf0b0000 'C:\WINDOWS\System32\cryptnet.dll'
114624d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
114724d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bf0b0000 'C:\WINDOWS\System32\cryptnet.dll'
114824d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
114924d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bf0b0000 'C:\WINDOWS\System32\cryptnet.dll'
115024d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
115124d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bf0b0000 'C:\WINDOWS\System32\cryptnet.dll'
115224d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
115324d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bf0b0000 'C:\WINDOWS\System32\cryptnet.dll'
115424d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bf0b0000 'C:\WINDOWS\System32\cryptnet.dll'
115524d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
115624d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8bf0b0000 'C:\Windows\System32\cryptnet.dll'
115724d0.229c: supR3HardenedDllNotificationCallback: load 00007ff8c59c0000 LB 0x000a2000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0]
115824d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
115924d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
116024d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
116124d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
116224d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
116324d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
116424d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
116524d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
116624d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
116724d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
116824d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
116924d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
117024d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
117124d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
117224d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
117324d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
117424d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
117524d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
117624d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
117724d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
117824d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
117924d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000f81600
118024d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f81600
118124d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F0CC1880DEF521CFB586B70171713A785823BD2
118224d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
118324d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
118424d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c5030000 'C:\WINDOWS\System32\rpcrt4.dll'
118524d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
118624d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c33e0000 'C:\Windows\System32\WINTRUST.DLL'
118724d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
118824d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c33e0000 'C:\Windows\System32\WINTRUST.DLL'
118924d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
119024d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c33e0000 'C:\Windows\System32\WINTRUST.DLL'
119124d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
119224d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c33e0000 'C:\Windows\System32\WINTRUST.DLL'
119324d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
119424d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c33e0000 'C:\Windows\System32\WINTRUST.DLL'
119524d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
119624d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c33e0000 'C:\Windows\System32\WINTRUST.DLL'
119724d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
119824d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
119924d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c33e0000 'C:\Windows\System32\WINTRUST.DLL'
120024d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
120124d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
120224d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
120324d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
120424d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
120524d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
120624d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5086_for_KB4013429~31bf3856ad364e35~amd64~~10.0.1.2.cat'; file='\SystemRoot\System32\ntdll.dll'
120724d0.229c: g_pfnWinVerifyTrust=00007ff8c33e7ff0
120824d0.229c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
120924d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
121024d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
121124d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
121224d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
121324d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
121424d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
121524d0.229c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
121624d0.229c: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
121724d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
121824d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
121924d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
122024d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
122124d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
122224d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
122324d0.229c: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
122424d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
122524d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
122624d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
122724d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
122824d0.229c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
122924d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000378 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
123024d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f81600
123124d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f81600
123224d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2887B283709E29E7E5AD7830D0E43D33DF9C9C9B
123324d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
123424d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000f819c0
123524d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f819c0
123624d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2887B283709E29E7E5AD7830D0E43D33DF9C9C9B
123724d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
123824d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000f81780
123924d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f81780
124024d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=756BD43CD7BE727BAF0D37385B7D736DD0C38FDA2DF745AE921BD797373FC8FC
124124d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
124224d0.229c: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
124324d0.229c: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
124424d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
124524d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
124624d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
124724d0.229c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
124824d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
124924d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
125024d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
125124d0.229c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
125224d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
125324d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
125424d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
125524d0.229c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
125624d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
125724d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
125824d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
125924d0.229c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
126024d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
126124d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
126224d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
126324d0.229c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
126424d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
126524d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
126624d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
126724d0.229c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
126824d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
126924d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
127024d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
127124d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
127224d0.229c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
127324d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
127424d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
127524d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
127624d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
127724d0.229c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
127824d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
127924d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
128024d0.229c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
128124d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
128224d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
128324d0.229c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll'
128424d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
128524d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
128624d0.229c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
128724d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
128824d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
128924d0.229c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
129024d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
129124d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
129224d0.229c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
129324d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
129424d0.229c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
129524d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
129624d0.229c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe'
129724d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
129824d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
129924d0.229c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
130024d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
130124d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
130224d0.229c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
130324d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\system32\crypt32.dll'
130424d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
130524d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
130624d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0xb37530991cc6e000 O=Kaspersky Lab ZAO, CN=Kaspersky Anti-Virus Personal Root Certificate
130724d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
130824d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
130924d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
131024d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0x3ab0f0b15eb2df00 C=KY, ST=GrandCayman, L=GeorgeTown, O=GoldenFrog-Inc, CN=GoldenFrog-Inc CA, Email=admin@goldenfrog.com
131124d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
131224d0.229c: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=BZ, ST=Belize, L=Belize City, O=DT Soft Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, CN=DT Soft Ltd
131324d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0xed95002720deac00 O=AO Kaspersky Lab, CN=Kaspersky Anti-Virus Personal Root Certificate
131424d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
131524d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0x1aac54d7189cc00 O=Kaspersky Lab ZAO, CN=Kaspersky Anti-Virus Personal Root Certificate
131624d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
131724d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0x1db1913cc935aa00 O=Kaspersky Lab ZAO, CN=Kaspersky Anti-Virus Personal Root Certificate
131824d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
131924d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0x378260bce8ada300 O=Kaspersky Lab ZAO, CN=Kaspersky Anti-Virus Personal Root Certificate
132024d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
132124d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
132224d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
132324d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
132424d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
132524d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
132624d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
132724d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
132824d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
132924d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0x1591b8ac8dcabd00 C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign
133024d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
133124d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
133224d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
133324d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
133424d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
133524d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
133624d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0x3178d37f87f1c400 C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2
133724d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
133824d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
133924d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
134024d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
134124d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
134224d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
134324d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
134424d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
134524d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
134624d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
134724d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
134824d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
134924d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
135024d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
135124d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
135224d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
135324d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
135424d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
135524d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
135624d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
135724d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0xa7f9b4b9d484dd00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 1 Public Primary Certification Authority - G3
135824d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
135924d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
136024d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
136124d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
136224d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
136324d0.229c: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
136424d0.229c: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=59
136524d0.229c: SUPR3HardenedMain: Load Runtime...
136624d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
136724d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
136824d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
136924d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
137024d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
137124d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
137224d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
137324d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
137424d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
137524d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
137624d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
137724d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
137824d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
137924d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
138024d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
138124d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
138224d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
138324d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
138424d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
138524d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
138624d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
138724d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
138824d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
138924d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
139024d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
139124d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
139224d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
139324d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
139424d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
139524d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
139624d0.229c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
139724d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll)
139824d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
139924d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
140024d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
140124d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
140224d0.229c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
140324d0.229c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
140424d0.229c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
140524d0.229c: supR3HardenedDllNotificationCallback: load 0000000075fb0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
140624d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
140724d0.229c: supR3HardenedDllNotificationCallback: load 0000000075f10000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
140824d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
140924d0.229c: supR3HardenedDllNotificationCallback: load 00007ff8c61a0000 LB 0x0006a000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
141024d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
141124d0.229c: supR3HardenedDllNotificationCallback: load 00007ff88f200000 LB 0x0053c000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
141224d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
141324d0.229c: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'.
141424d0.229c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
141524d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
141624d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
141724d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88f200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
141824d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
141924d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
142024d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88f200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
142124d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
142224d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
142324d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88f200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
142424d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
142524d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
142624d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88f200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
142724d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
142824d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
142924d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88f200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
143024d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
143124d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
143224d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88f200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
143324d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88f200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
143424d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88f200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
143524d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88f200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
143624d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88f200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
143724d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88f200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
143824d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88f200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
143924d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88f200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
144024d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
144124d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
144224d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88f200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
144324d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88f200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
144424d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88f200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
144524d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88f200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
144624d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88f200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
144724d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88f200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
144824d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88f200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
144924d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88f200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
145024d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88f200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
145124d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88f200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
145224d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88f200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
145324d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88f200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
145424d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88f200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
145524d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88f200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
145624d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88f200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
145724d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88f200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
145824d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
145924d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
146024d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88f200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
146124d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88f200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
146224d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88f200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
146324d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff88f200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
146424d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c33e0000 'C:\WINDOWS\system32\Wintrust.dll'
146524d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
146624d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
146724d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
146824d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
146924d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\system32\crypt32.dll'
147024d0.229c: SUPR3HardenedMain: Load TrustedMain...
147124d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
147224d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
147324d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
147424d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
147524d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
147624d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
147724d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
147824d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
147924d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
148024d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
148124d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
148224d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
148324d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
148424d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
148524d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
148624d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
148724d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
148824d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
148924d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
149024d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
149124d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
149224d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
149324d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
149424d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
149524d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
149624d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
149724d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
149824d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
149924d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
150024d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
150124d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
150224d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
150324d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
150424d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
150524d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
150624d0.229c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'.
150724d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
150824d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmmbase.dll)
150924d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmmbase.dll
151024d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
151124d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
151224d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
151324d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
151424d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
151524d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
151624d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
151724d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'rpcrt4.dll'.
151824d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
151924d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
152024d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
152124d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
152224d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
152324d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
152424d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
152524d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
152624d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
152724d0.229c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\combase.dll'.
152824d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
152924d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'bcryptprimitives.dll'.
153024d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll)
153124d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll
153224d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
153324d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
153424d0.229c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'.
153524d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll)
153624d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcp_win.dll
153724d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
153824d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
153924d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
154024d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
154124d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
154224d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
154324d0.229c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
154424d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
154524d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
154624d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
154724d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
154824d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
154924d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'combase.dll'.
155024d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
155124d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
155224d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
155324d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
155424d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
155524d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
155624d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
155724d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
155824d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
155924d0.229c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\user32.dll'.
156024d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
156124d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'gdi32.dll'.
156224d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
156324d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
156424d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
156524d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
156624d0.229c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'.
156724d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
156824d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
156924d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
157024d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
157124d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
157224d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
157324d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
157424d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
157524d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume2\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
157624d0.229c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\win32u.dll'.
157724d0.229c: '\Device\HarddiskVolume2\Windows\System32\win32u.dll' has no imports
157824d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\win32u.dll)
157924d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\win32u.dll
158024d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
158124d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
158224d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
158324d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #66 'user32.dll'.
158424d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #68 'gdi32.dll'.
158524d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
158624d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
158724d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
158824d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
158924d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
159024d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
159124d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
159224d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [redoing WinVerifyTrust]
159324d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
159424d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
159524d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
159624d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
159724d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
159824d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
159924d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
160024d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
160124d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
160224d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
160324d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
160424d0.229c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
160524d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
160624d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
160724d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
160824d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
160924d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
161024d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
161124d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
161224d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
161324d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
161424d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
161524d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
161624d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
161724d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
161824d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
161924d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
162024d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
162124d0.229c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
162224d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
162324d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
162424d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
162524d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
162624d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
162724d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
162824d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
162924d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
163024d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
163124d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
163224d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
163324d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
163424d0.229c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
163524d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
163624d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
163724d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
163824d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
163924d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
164024d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
164124d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
164224d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
164324d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
164424d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
164524d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
164624d0.229c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
164724d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
164824d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
164924d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
165024d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
165124d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
165224d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
165324d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
165424d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
165524d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
165624d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
165724d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
165824d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
165924d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
166024d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
166124d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
166224d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
166324d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
166424d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
166524d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
166624d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
166724d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
166824d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
166924d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
167024d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
167124d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
167224d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
167324d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
167424d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
167524d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
167624d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
167724d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
167824d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
167924d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
168024d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
168124d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
168224d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
168324d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
168424d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
168524d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
168624d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
168724d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
168824d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
168924d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
169024d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
169124d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
169224d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
169324d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
169424d0.229c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'.
169524d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
169624d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
169724d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
169824d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
169924d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
170024d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
170124d0.229c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll)
170224d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
170324d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
170424d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
170524d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
170624d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
170724d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
170824d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
170924d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
171024d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
171124d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
171224d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
171324d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
171424d0.229c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\mpr.dll'.
171524d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll)
171624d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
171724d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
171824d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
171924d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
172024d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
172124d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
172224d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
172324d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
172424d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
172524d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
172624d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
172724d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
172824d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
172924d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
173024d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
173124d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
173224d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
173324d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
173424d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
173524d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
173624d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
173724d0.229c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\ddraw.dll'.
173824d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
173924d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'user32.dll'.
174024d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'gdi32.dll'.
174124d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'dciman32.dll'.
174224d0.229c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll)
174324d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
174424d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
174524d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
174624d0.229c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\glu32.dll'.
174724d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
174824d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
174924d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
175024d0.229c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\glu32.dll)
175124d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
175224d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
175324d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
175424d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
175524d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
175624d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
175724d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
175824d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
175924d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
176024d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
176124d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
176224d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
176324d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
176424d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
176524d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
176624d0.229c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
176724d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
176824d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
176924d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
177024d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
177124d0.229c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\dciman32.dll'.
177224d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
177324d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
177424d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
177524d0.229c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll)
177624d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
177724d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
177824d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
177924d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
178024d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
178124d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
178224d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
178324d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
178424d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
178524d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
178624d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
178724d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
178824d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
178924d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
179024d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
179124d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
179224d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
179324d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
179424d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
179524d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
179624d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
179724d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
179824d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
179924d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
180024d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
180124d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
180224d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
180324d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
180424d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
180524d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
180624d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
180724d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
180824d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
180924d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
181024d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
181124d0.229c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'.
181224d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
181324d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'user32.dll'.
181424d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'shlwapi.dll'.
181524d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'gdi32.dll'.
181624d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'comctl32.dll'.
181724d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'shell32.dll'.
181824d0.229c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll)
181924d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
182024d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
182124d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
182224d0.229c: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\winspool.drv'.
182324d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
182424d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'bcrypt.dll'.
182524d0.229c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)
182624d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
182724d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
182824d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
182924d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
183024d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
183124d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
183224d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
183324d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
183424d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
183524d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
183624d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
183724d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
183824d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
183924d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
184024d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
184124d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
184224d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
184324d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
184424d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
184524d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
184624d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
184724d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
184824d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
184924d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
185024d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
185124d0.229c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'.
185224d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
185324d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
185424d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
185524d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll)
185624d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
185724d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
185824d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
185924d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
186024d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
186124d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
186224d0.229c: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'.
186324d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
186424d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'gdi32.dll'.
186524d0.229c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #43 'user32.dll'.
186624d0.229c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
186724d0.229c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
186824d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
186924d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
187024d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
187124d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
187224d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
187324d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
187424d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
187524d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
187624d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
187724d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
187824d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
187924d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
188024d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
188124d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
188224d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
188324d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
188424d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
188524d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
188624d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
188724d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
188824d0.229c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
188924d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
189024d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
189124d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
189224d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
189324d0.229c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
189424d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
189524d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
189624d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
189724d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
189824d0.229c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
189924d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
190024d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
190124d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
190224d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
190324d0.229c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll'
190424d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
190524d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
190624d0.229c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
190724d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
190824d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
190924d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
191024d0.229c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
191124d0.229c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
191224d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000044c pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
191324d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f819c0
191424d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f819c0
191524d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3ABE9A0F560416C701B358C7A044A7ADA2496E52
191624d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
191724d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000f81cc0
191824d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f81cc0
191924d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3ABE9A0F560416C701B358C7A044A7ADA2496E52
192024d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
192124d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f81780
192224d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f81780
192324d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=B959F00677BE42B2F6ED0A79282DD5604391DB01DA1AA8E53ACC5DAAD975DA2E
192424d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
192524d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000f819c0
192624d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f819c0
192724d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=B959F00677BE42B2F6ED0A79282DD5604391DB01DA1AA8E53ACC5DAAD975DA2E
192824d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
192924d0.229c: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
193024d0.229c: supR3HardenedScreenImage/Imports: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
193124d0.229c: Error (rc=0):
193224d0.229c: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume2\Windows\System32\opengl32.dll
193324d0.229c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
193424d0.229c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
193524d0.229c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
193624d0.229c: Error (rc=0):
193724d0.229c: supR3HardenedScreenImage/NtCreateSection: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x10 fAccess=0xf cHits=3 \Device\HarddiskVolume2\Windows\System32\opengl32.dll
193824d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
193924d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
194024d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
194124d0.229c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
194224d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
194324d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
194424d0.229c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
194524d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000480 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
194624d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f81cc0
194724d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f81cc0
194824d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A4DF9C8720883A91EB625C51E2F1DD6C5B7FD390
194924d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
195024d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
195124d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2686_for_KB4015438~31bf3856ad364e35~amd64~~10.0.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
195224d0.229c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
195324d0.229c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winspool.drv'
195424d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000434 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
195524d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f81cc0
195624d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f81cc0
195724d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2A6847C3EE33DCB5629DEE09F13E580342D716B2
195824d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
195924d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
196024d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2787_for_KB4015438~31bf3856ad364e35~amd64~~10.0.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
196124d0.229c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
196224d0.229c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
196324d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000404 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
196424d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f81cc0
196524d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f81cc0
196624d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E4A53C9800BCD573D0D304FE08D7DA6E919EDE7F
196724d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
196824d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
196924d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2838_for_KB4015438~31bf3856ad364e35~amd64~~10.0.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
197024d0.229c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
197124d0.229c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
197224d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000474 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
197324d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f81cc0
197424d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f81cc0
197524d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5D74F399702A52F8744C020307EFFBC3CA2A7BFE
197624d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
197724d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000f81e40
197824d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f81e40
197924d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5D74F399702A52F8744C020307EFFBC3CA2A7BFE
198024d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
198124d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f819c0
198224d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f819c0
198324d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=8AC2DF9AE24D35B8F77AE95AAFB8FE39DC9A8F92ECD5DD79702A8A178B365974
198424d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
198524d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000f81fc0
198624d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f81fc0
198724d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=8AC2DF9AE24D35B8F77AE95AAFB8FE39DC9A8F92ECD5DD79702A8A178B365974
198824d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
198924d0.229c: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
199024d0.229c: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\glu32.dll'
199124d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000042c pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
199224d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000f81e40
199324d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000f81e40
199424d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=71DDF6E91ED3E6D890C355BFA0F19C4DDCC10FC5
199524d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
199624d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
199724d0.229c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2841_for_KB4015438~31bf3856ad364e35~amd64~~10.0.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
199824d0.229c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
199924d0.229c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
200024d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
200124d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
200224d0.229c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\mpr.dll'
200324d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
200424d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
200524d0.229c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\win32u.dll'
200624d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
200724d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
200824d0.229c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
200924d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
201024d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
201124d0.229c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcp_win.dll'
201224d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
201324d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
201424d0.229c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\combase.dll'
201524d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c1dd0000 'C:\WINDOWS\system32\rsaenh.dll'
201624d0.229c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8c3730000 'C:\WINDOWS\System32\crypt32.dll'
201724d0.229c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'
201824d0.229c: Fatal error:
201924d0.229c: supR3HardenedMainGetTrustedMain: LoadLibrary "C:\Program Files\Oracle\VirtualBox/VirtualBox.dll" failed, rc=1790
20201458.232c: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1343 ms, the end);
20211174.9fc: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2731 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy